Zero-Knowledge Proof About proving somebody knows some secret without revealing it Interactive: between the P rover & V erifier ( P and V or P eggy & V ictor ) Does not give away any information about the secret (zero-knowledge) Does not allow the verifier to impersonate the prover

A very simple scenario Secret: the key to open the door (C) Uses cut-and-choose protocol Enough to prove to Victor Not enough to convince a third party (Carol) of proof’s validity A B C
Graph-Isomorphism Peggy knows the Isomorphism between two big Graphs G 1 and G 2 Peggy generates graphs H 1 , H 2 , …. H n Victor asks Peggy to show isomorphism of H i with either G 1 or G 2 , but not both Why Zero-knowledge?

Nearly Zero-Knowledge proof Peggy has a secret number s Peggy’s public key is < n , v > where n is product of two large primes & v = s 2 mod n Peggy chooses random r 1 , r 2 , r 3 , …, r k and passes all r i 2 mod n to Victor For each r i 2 mod n , Victor can ask either ( s*r i mod n ) or ( r i mod n ) Victor verifies the response from Peggy - for x = s*r i mod n , check x 2 v*r i 2 mod n - for y = r i mod n , check y 2 r i 2 mod n
Why does this work??

