crypto-slides-19-zk.1x1

crypto-slides-19-zk.1x1 - Zero Knowledge Protocols c...

Info iconThis preview shows pages 1–8. Sign up to view the full content.

View Full Document Right Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: Zero Knowledge Protocols c circlecopyrt Eli Biham - December 27, 2010 529 Zero Knowledge Protocols (19) †• A Mathematical Proof When referring to a proof in logic we usually mean: 1. A sequence of statements. 2. Based on axioms. 3. Each statement is derived via the derivation rules. 4. The proof is fixed, i.e, in any time, anyone can read it, and get convinced. c circlecopyrt Eli Biham - December 27, 2010 530 Zero Knowledge Protocols (19) Other Kinds of “Proofs” However, in many situations, we “prove” a statement by convincing someone. For example, in court the prosecutor tries to convince the judge that the de- fendant is guilty. The prosecutor challenges the defendant. In case he fails to answer in a consistent manner, we say that the prosecutor proved his point. This kind of “proof” has an interactive nature. c circlecopyrt Eli Biham - December 27, 2010 531 Zero Knowledge Protocols (19) Interactive Proof System An interactive proof for the decision problem Π, is a the following verification protocol: 1. There are two participants, a prover and a verifier . 2. The proof consists of a specified number of rounds. 3. In the beginning of the proof both participants get the same input. 4. In each round, the verifier challenges the prover, and the prover responds to the challenge. 5. Both the verifier and the prover can perform some private computation (they are both modeled as a randomized Turing machine). 6. At the end, the verifier states whether he was convinced or not. c circlecopyrt Eli Biham - December 27, 2010 532 Zero Knowledge Protocols (19) Interactive Proof System (cont.) Let L be some language and let π ( x ) be the decision problem whether x ∈ L . An interactive proof system for π ( x ) must have the following properties: 1. Completeness : Every x ∈ L is accepted with a high probability (e.g., at least 2/3). 2. Soundness : Every x / ∈ L is rejected with a high probability. 3. Polynomial verification : The verifier must do his private computa- tion in polynomial time. c circlecopyrt Eli Biham - December 27, 2010 533 Zero Knowledge Protocols (19) Example — Graph Isomorphism The Graph Isomorphism Problem : Given two graphs G 1 and G 2 , where | V 1 | = | V 2 | = N . Is there a permutation π on V 1 such that ( u,v ) ∈ E 1 ⇐⇒ ( π ( u ) ,π ( v )) ∈ E 2 . We give two different interactive proofs for it. c circlecopyrt Eli Biham - December 27, 2010 534 Zero Knowledge Protocols (19) A Trivial Interactive Proof 1. Given G 1 ,G 2 . 2. The prover sends a permutation π which maps the vertices of V 1 to V 2 . 3. The verifier checks whether this permutation maps V 1 to V 2 . If it is, the verifier accepts the instance, otherwise he rejects it....
View Full Document

This note was uploaded on 04/14/2011 for the course CS 236506 taught by Professor Yanivcarmeli during the Spring '11 term at Technion.

Page1 / 47

crypto-slides-19-zk.1x1 - Zero Knowledge Protocols c...

This preview shows document pages 1 - 8. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online