SlideShare a Scribd company logo

Zero-Knowledge Proofs: Privacy-Preserving Digital Identity with Clare Nelson

SSIMeetup, profile picture
SSIMeetup

Zero-knowledge proofs (zkps) are cryptographic methods that enhance personal privacy while maintaining institutional integrity by allowing users to prove identities without revealing sensitive information. The document discusses various applications of zkps in digital identity, addressing challenges such as data breaches and identity theft, while promoting a balance between privacy and security. It also covers the technical aspects of zkps, their requirements, and the evolving standards in the field.

Internet
1 of 73
Downloaded 191 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
Most read
15
16
Most read
17
18
19
20
21
Most read
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
Zero-Knowledge Proofs (ZKP) Privacy-Preserving Digital Identity October 11, 2018 Clare Nelson, CISSP, CIPP/E VP Business Development & Product Strategy, North America Sedicii @Safe_SaaS SSIMeetup.orghttps://creativecommons.org/licenses/by-sa/4.0/
Why? Raison d’Être for Zero-Knowledge Proofs SSIMeetup.orghttps://creativecommons.org/licenses/by-sa/4.0/
Zero-Knowledge Proofs (ZKPs) Enhance Privacy https://docs.google.com/document/d/1spgtYG8iXZ_NjUXdN8AEdKdGmaulE8r-mf7NsQ-_y4E/edit# Personal Privacy Institutional Integrity Graphic: https://scattering-ashes.co.uk/ashes-help-and-advice/much-ash-cremation/ SSIMeetup.org
zk-STARKs Paper Scalable, transparent, and post-quantum secure computational integrity (March 2018) https://eprint.iacr.org/2018/046.pdf Human dignity demands that personal information, like medical and forensic data, be hidden from the public. But veils of secrecy designed to preserve privacy may also be abused to cover up lies and deceit by institutions entrusted with Data, unjustly harming citizens and eroding trust in central institutions. Zero knowledge (ZK) proof systems are an ingenious cryptographic solution to this tension between the ideals of personal privacy and institutional integrity, enforcing the latter in a way that does not compromise the former. – Eli Ben-Sasson, Iddo Bentov, Yinon Horesh, Michael Riabzev SSIMeetup.org
Scope Digital Identity SSIMeetup.orghttps://creativecommons.org/licenses/by-sa/4.0/
• Artificial Intelligence (OpenMined) • Cryptocurrency • Digital Watermarks • Ethereum • E-Voting • Gaming • Genomics • Location • Mimblewimble • Private Messaging • Sealed Auctions • Smart Contracts (Hawk) • Supply Chain Transparency • Trusted Platform Module (TPM) • Zero-Knowledge Blockchain Scope Out of Scope Digital Identity • Identity Proofing • Authentication In Scope
ZKP and Digital Identity What Problems Are We Solving? SSIMeetup.orghttps://creativecommons.org/licenses/by-sa/4.0/
Zero-Knowledge Proofs If your per-son-al data is nev-er col-lect-ed, it can-not be sto-len. https://www.zurich.ibm.com/identity_mixer/ https://www.ted.com/talks/maria_dubovitskaya_take_back_control_of_your_personal_data, TED Talk – Maria Dubovitskaya Cryptographer, Research Staff Member, IBM Zurich Research Laboratory, Ph.D. in cryptography and privacy from ETH Zurich Graphic: https://www.youtube.com/watch?v=jp_QGwXsoXM SSIMeetup.org
Motivations for ZKP and Digital Identity Digital Identity Risks •Loss of privacy, control •Data breaches •Identity theft o Identity fraud, crime ▪ Human, drug trafficking ▪ Terrorist funding •Surveillance, Profiling •Social engineering https://zkproof.org/ https://gpsbydesign.org/ https://docs.google.com/document/d/1spgtYG8iXZ_NjUXdN8AEdKdGmaulE8r-mf7NsQ-_y4E/edit# Graphic: https://gpsbydesign.org/ International Council on Global Privacy and Security, by Design • We don’t need to give up personal privacy for public safety. • We don't need to sacrifice privacy for data analytics. • We can have both. We must have both. TUPS
Ideal for Identification ZKPs are the ideal solution to challenges in identification • Users can prove identities o No exchange of sensitive information • Mitigates identity theft – Sultan Almuhammadi – Charles Neuman University of Southern California, Los Angeles (2005) https://ieeexplore.ieee.org/document/1524082/ Graphic: https://www.equifax.com.au/personal/articles/what-identity-watch SSIMeetup.org
Zero-Knowledge Proofs Definition SSIMeetup.orghttps://creativecommons.org/licenses/by-sa/4.0/
Zero-Knowledge Proofs One of the most powerful tools cryptographers have ever devised https://z.cash/team.html https://blog.cryptographyengineering.com/2014/11/27/zero-knowledge-proofs-illustrated-primer/ – Matthew Green Professor at Johns Hopkins University Co-founder of Zcash SSIMeetup.org
Definition of Zero-Knowledge Proof Proof System, not Geometry Proof http://www0.cs.ucl.ac.uk/staff/J.Groth/ShortNIZK.pdf http://www.austinmohr.com/work/files/zkp.pdf Proof system, not a geometry proof SSIMeetup.org
Definition of Zero-Knowledge Proof Enable a Prover to convince a Verifier of the validity of a statement • Yields nothing beyond validity of the statement • Incorporates randomness • Is probabilistic o Does not provide absolute certainty http://www0.cs.ucl.ac.uk/staff/J.Groth/ShortNIZK.pdf http://www.austinmohr.com/work/files/zkp.pdf Prover Verifier Statement SSIMeetup.org
Interactive Zero-Knowledge Proof Derived from http://blog.stratumn.com/zkp-hash-chains/ VerifierProver Construct ZKP Verify ZKP Proof Non-Interactive ZKP Transform multiple messages into one message, or string SSIMeetup.org
ZKP Requirements Completeness • If statement is true, verifier will be convinced by prover Soundness • If statement is false, a cheating prover cannot convince verifier it is true o Except with some small probability Zero-Knowledge • Verifier learns nothing beyond the statement’s validity http://www0.cs.ucl.ac.uk/staff/J.Groth/ShortNIZK.pdf http://www.austinmohr.com/work/files/zkp.pdf http://www.wisdom.weizmann.ac.il/~oded/zk-tut02.html Graphic: http://mentalfloss.com/article/64108/15-things-you-should-know-about-dogs-playing-poker SSIMeetup.org
007 Wants to Read the News Credit to Anna Lysyanskaya for the 007 metaphor Graphic: I can tell you. But then I’ll have to kill you. www.telegraph.co .uk Today’s news? Today’snews?Who are you? Do you have a subscription? SSIMeetup.org
007 Uses Subscription My subscription is #4309115 www.telegraph.co .uk Today’s news? Today’snews?Who are you? Do you have a subscription? 007 Reveals Personal Data: - Zip code when he looks up the weather - Date of birth when he reads his horoscope - More data when he browses the personal ads Credit to Anna Lysyanskaya for the 007 metaphor Graphic: SSIMeetup.org
Completeness: Telegraph Accepts Proof Here is a Zero-Knowledge Proof www.telegraph.co .uk Today’s news? Today’snews?Who are you? Do you have a subscription? Credit to Anna Lysyanskaya for the 007 metaphor Graphic: Completeness • Verifier is convinced of true statement SSIMeetup.org
Soundness Credit to Anna Lysyanskaya for the 007 metaphor Graphic: https://en.wikipedia.org/wiki/M_(James_Bond) It’s Bond. James Bond. www.telegraph.co .uk Today’s news? Rejected Who are you? Do you have a subscription? (M fails because she can’t prove to Telegraph) SSIMeetup.org
ZKP Illustration Interactive ZKP SSIMeetup.orghttps://creativecommons.org/licenses/by-sa/4.0/
Zero-Knowledge Proof Illustration Matthew Green Telecom Company • Cell towers • Vertices • Avoid signal overlap • Use 1 of 3 signals https://blog.cryptographyengineering.com/2014/11/27/zero-knowledge-proofs-illustrated-primer/ SSIMeetup.org
Zero-Knowledge Proof Illustration Matthew Green 3-Color Graph Problem • Use colors to represent frequency bands • Solve for 1,000 towers • Hire Brain Consulting https://blog.cryptographyengineering.com/2014/11/27/zero-knowledge-proofs-illustrated-primer/ SSIMeetup.org
Zero-Knowledge Proof Illustration Matthew Green Proof of Solution • Prove have solution without revealing it • Hats hide the solution https://blog.cryptographyengineering.com/2014/11/27/zero-knowledge-proofs-illustrated-primer/ SSIMeetup.org
Zero-Knowledge Proof Illustration Matthew Green Proof of Solution • Remove any two hats • See vertices are different colors https://blog.cryptographyengineering.com/2014/11/27/zero-knowledge-proofs-illustrated-primer/ SSIMeetup.org
6 4 Zero-Knowledge Proof Illustration Matthew Green Repeat this process • Clear previous solution • (Add randomness) • Solve again • Telecom removes two hats Accept or Reject • Complete for preset number of rounds • Telecom accepts or rejects https://blog.cryptographyengineering.com/2014/11/27/zero-knowledge-proofs-illustrated-primer/ SSIMeetup.org
ZKP Variants Examples SSIMeetup.orghttps://creativecommons.org/licenses/by-sa/4.0/
Examples of ZKP Variants https://www.slideshare.net/arunta007/elliptic-curve-cryptography-and-zero-knowledge-proof-27914533?next_slideshow=1 https://www.youtube.com/watch?v=CKncw6mIMJQ&list=PLpr-xdpM8wG8DPozMmcbwBjFn15RtC75N https://www.starkware.co/ http://zerocash-project.org/media/pdf/zerocash-extended-20140518.pdf https://eprint.iacr.org/2017/1066.pdf, Bulletproofs https://thexvid.com/video/O8QA6Nvg8RI/zcash-genesis-block.html, trusted setup, live stream of Zcash launch ZKP NIZKP zk-SNARK zk-STARK Designated Verifier Lattice-Based Interactive, multiple messages, need stable communication channel Not interactive, one message Need one-time, trusted setup to generate key at launch No setup, working on memory issues, I or NI, post-quantum secure No setup, 188 bytes, 10 ms in some cases, not post-quantum secure Lattice-based cryptography, post-quantum secure, research Graph Isomorphism zk-STIK Bulletproof Interactive, compare graphs, efficient computation Scalable Transparent Interactive Oracle of Proof (IOP) of Knowledge DVNIZK, not just any entity can be verifier, verifier must know secret Auror a SSIMeetup.org
Trusted Setup Zcash example https://z.cash/technology/paramgen https://z.cash/blog/the-design-of-the-ceremony/ https://thexvid.com/video/O8QA6Nvg8RI/zcash-genesis-block.html, trusted setup, live stream of Zcash launch Multi-Party Computation (MPC) Ceremonies Zcash Sprout (2016) Six participants in the ceremony: 1. Andrew Miller 2. Peter Van Valkenburgh 3. John Dobbertin (pseudonym) 4. Zooko Wilcox 5. Derek Hinch 6. Peter Todd Zcash Sapling (2017-2018) • 87 Participants Private transactions in Zcash rely on zk-SNARK public parameters for constructing and verifying zero-knowledge proofs • Generating zk-SNARK public parameters is equivalent to generating a public/private key pair • Keep public key • Destroy private key • If an attacker gets a copy of the private key, could ▪ Create counterfeit Zcash ▪ Not violate anyone else’s privacy ▪ Not steal other people’s Zcash SSIMeetup.org
ZKP Examples Digital Identity SSIMeetup.orghttps://creativecommons.org/licenses/by-sa/4.0/
ZKP Flexibility, Variety of Use Cases • Range proofs o Age range: 25-45 years old • Set membership o Citizen of European Union • Comparison o Do identity attributes or secrets match? • Computational integrity Logical combination of any of the above Preserve Privacy SSIMeetup.org
Graph Isomorphism ZKP Paper by Manuel Blum, UC Berkeley, 1986 Prover Verifier (Graph Isomorphism Problem: Given two graphs with 𝑛 vertices each, decide whether they are isomorphic.) 1986: http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.469.9048&rep=rep1&type=pdf 2006: https://www.cs.cmu.edu/~ryanw/crypto/lec6.pdf 2009: http://www.cs.cornell.edu/courses/cs6810/2009sp/scribe/lecture18.pdf 2011: http://www.cs.haifa.ac.il/~orrd/IntroToCrypto/Spring11/Lecture9.pdf https://kriptan.org/white-papers.html http://gauss.ececs.uc.edu/Courses/c653/lectures/PDF/zero.pdf Compare identity attributes without transferring them SSIMeetup.org
Graph Isomorphism ZKP Passport Driver’s License National ID Relying Party Authoritative Sources No personal data leaves mobile phone or authoritative source 1986: http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.469.9048&rep=rep1&type=pdf 2006: https://www.cs.cmu.edu/~ryanw/crypto/lec6.pdf 2009: http://www.cs.cornell.edu/courses/cs6810/2009sp/scribe/lecture18.pdf 2011: http://www.cs.haifa.ac.il/~orrd/IntroToCrypto/Spring11/Lecture9.pdf https://kriptan.org/white-papers.html http://gauss.ececs.uc.edu/Courses/c653/lectures/PDF/zero.pdf https://medium.com/@kriptannetwork/we-did-it-before-it-was-cool-1a3b69627cc5 Verifier
zk-STARK Example (Ben-Sasson, Bentov, Horesh, Riabzev) https://eprint.iacr.org/2018/046.pdf National Offender DNA Database Presidential Candidate, Jaffa Prove to public that Jaffa is not in offender database Graphic: https://www.linkedin.com/in/jaffaedwards/, with permission May 25, 2018. No reliance on any external trusted party
Designated Verifier https://eprint.iacr.org/2017/1029.pd Designated-Verifier Non-Interactive Zero-Knowledge Proof of Knowledge (DVNIZK) • Know verifier in advance • Provides efficient, privacy-preserving authentication Graphic: http://www.cs.technion.ac.il/images/events/2018/3031/fullsize.jpg EUROCRYPT 2018 SSIMeetup.org
ZKP Identity-Related Landscape Identity Verification, Authentication
Considerations SSIMeetup.orghttps://creativecommons.org/licenses/by-sa/4.0/
ZKP Considerations Depends on Implementation or Use Cases 1. Transparent • Setup with no reliance on any third party • No trapdoors 2. Scalable • Verify proofs exponentially faster than database size 3. Succinct 4. Universal 5. Compliant with upcoming ZKP standards 6. Interactive, non-interactive 7. Support for IoT or cars 8. Security (threat model) • Code bugs, compromise during deployment, side channel attacks, tampering attacks, MiTM • Manual review, proof sketches, re-use gadgets, emerging tools for formal verification, testing • ZKP protocol breach, how detect breach? 9. Third-party audit • Monero audits: Kudelski Security $30K, Benedikt Bünz, QuarksLab 10. Post-quantum secure https://eprint.iacr.org/2018/046.pdf https://forum.getmonero.org/22/completed-tasks/90007/bulletproofs-audit-fundraising SSIMeetup.org
1985 Goldwasser, Micali, Rackoff paper 2018 ZKP Standards Organization 2012 Goldwasser, Micali win Turing Award https://groups.csail.mit.edu/cis/pubs/shafi/1985-stoc.pdf https://zkproof.org/ Timeline It is Still Early Days
ZKP Standards https://zkproof.org/ https://zkproof.org/documents.html *https://zkproof.org/zcon0_notes.pdf I think you should be more explicit here in step two ZKProof.org • Open initiative • Industry, academia • Framework for a formal standard of Zero-Knowledge Proofs • Working drafts: o Security o Implementation o Applications Cartoonist: Sydney Harris Source: https://www.art.com/products/p15063445373-sa-i6847848/sidney-harris-i-think-you-shoul d-be-more-explicit-here-in-step-two-cartoon.htm
ZKP Standards https://docs.google.com/document/d/1spgtYG8iXZ_NjUXdN8AEdKdGmaulE8r-mf7NsQ-_y4E/edit#heading=h.1irq6vg7ivr ZKProof Standards Applications Track Proceedings • Identity Framework, Protocol Description, Functionality 1. Third-party anonymous and confidential attribute attestations through credential issuance by the issuer 2. Confidentially proving claims using Zero-Knowledge Proofs through the presentation of proof of credential by the holder 3. Verification of claims through Zero-Knowledge Proof verifications by the verifier 4. Unlinkable credential revocation by the issuer Plus: • Credential transfer • Authority delegation • Trace auditability Graphic: http://www.activistpost.com/2015/09/fbi-biometrics-programs-surveillance-database.html
ZKP Standards https://zkproof.org/ https://zkproof.org/documents.html *https://zkproof.org/zcon0_notes.pdf (June 2018) ZKProof Workshop at Zcon0 • Legal questions o If a robber shows a ZKP that they hold my coins, who legally owns them?* • Trust Graphic: https://www.pymnts.com/fraud-attack/2018/payment-details-north-korean-hack-cyberattack-security/
Trust https://zkproof.org/zcon0.html Graphic: http://www.criticbrain.com/articles/india-needs-to-bridge-gap-between-academia-and-industry Technical people that trust ZKPs because they understand the math Non-technical people who trust the technical people How bridge this gap? SSIMeetup.org
Resources SSIMeetup.orghttps://creativecommons.org/licenses/by-sa/4.0/
ZKP Resources • ISO/IEC 9798-5 • Letter to NIST • Code o libSNARK C++ library o libSTARK C++ library o Bulletproofs using Ristretto, Rust library • Succinct Computational Integrity and Privacy Research (SCIPR) Lab • Stanford Applied Cryptography • ZKP Science • ZKP Standards Organization • References: 4 backup slides at end of this presentation https://zkp.science/docs/Letter-to-NIST-20160613-Advanced-Crypto.pdf https://github.com/chain/ristretto-bulletproofs/ A Hands-On Tutorial for Zero-Knowledge Proofs: Part I-III http://www.shirpeled.com/20 18/10/a-hands-on-tutorial-for- zero-knowledge.html September-October, 2018 SSIMeetup.org
Gratitude ZKP Inventors, Pioneers SSIMeetup.orghttps://creativecommons.org/licenses/by-sa/4.0/
We Stand on the Shoulders of Giants https://www.csail.mit.edu/user/733 https://people.csail.mit.edu/silvio/ https://cyberweek.tau.ac.il/2017/about/speakers/item/207-eli-ben-sasson https://z.cash/team.html Shafi Goldwasser Eli Ben-Sasson Silvio Micali Matthew Green
@Safe_SaaS Questions? www.slideshare.net/eralcnoslen/presentations Clare_Nelson @ ClearMark . biz SSIMeetup.orghttps://creativecommons.org/licenses/by-sa/4.0/
Mathematics SSIMeetup.orghttps://creativecommons.org/licenses/by-sa/4.0/
Bulletproof https://blog.chain.com/faster-bulletproofs-with-ristretto-avx2-29450b4490cd Range Proof Protocol
Backup Slides SSIMeetup.orghttps://creativecommons.org/licenses/by-sa/4.0/
Known Vulnerabilities An Example SSIMeetup.orghttps://creativecommons.org/licenses/by-sa/4.0/
Zero-Knowledge Range Proof (ZKRP) Validate •Person is 18-65 years old o Without disclosing the age •Person is in Europe o Without disclosing the exact location https://github.com/ing-bank/zkrangeproof SSIMeetup.org
ZKRP Vulnerability • Madars Virza • “The publicly computable value y/t is roughly the same magnitude (in expectation) as w^2 * (m-a+1)(b-m+1). However, w^2 has fixed bit length (again, in expectation) and thus for a fixed range, this value leaks the magnitude of the committed value.” • The proof is not zero knowledge • Response: will find alternative ZKP https://github.com/ing-bank/zkrangeproof Graphic: https://www.pexels.com/photo/milkweed-bug-perching-on-pink-flower-in-close-up-photography-1085549/
Source: https://www.usenix.org/legacy/event/hotsec08/tech/full_papers/parno/parno_html/index.html If you have a PC, you may have touched Zero-Knowledge Proof (TPM 1.2) Graphic: https://www.windowscentral.com/best-dell-laptop SSIMeetup.org
References • Attribute-based Credentials for Trust (ABC4Trust) Project, https://abc4trust.eu/ (2017). • AU2EU Project, Authentication and Authorization for Entrusted Unions, http://www.au2eu.eu/ (2017). • Baldimsti, Foteini; Lysanskaya, Anna. Anonymous Credentials Light. http://cs.brown.edu/~anna/papers/bl13a.pdf (2013). • Ben Sasson, Eli; Chiesa, Alessandro; Garman, Christina, et al. Zerocash: Decentralized Anonymous Payments from Bitcoin, http://zerocash-project.org/media/pdf/zerocash-extended-20140518.pdf (May 2014). • Bitansky, Nir; Weizman, Zvika Brakerski; Kalai, Yael. 3-Message Zero Knowledge Against Human Ignorance, https://eprint.iacr.org/2016/213.pdf (September 2016). • Blum, Manauel; De Santos, Alfredo; Micali, Silvio; Persiano, Giuseppe. Non-Interactive Zero-Knowledge and its Applications, https://people.csail.mit.edu/silvio/Selected%20Scientific%20Papers/Zero%20Knowledge/Noninteractive_Zero-Knowkedge.pdf (1991). • Brands, Stefan. Rethinking Public Key Infrastructures and Digital Certificates. The MIT Press, http://www.credentica.com/the_mit_pressbook.html (2000). • Bunz, Benedikt; Bootle, Jonathan; Boneh, Dan; et al. Bulletproofs: Short Proofs for Confidential Transactions and More, https://eprint.iacr.org/2017/1066.pdf (2017). • Camenisch, Jan and E. Van Herreweghen, Design and implementation of the IBM Idemix anonymous credential system, in Proceedings of the 9th ACM conference on Computer and communications security. ACM, 2002, pp. 21–30. • Camenisch, Jan; Dubovitskaya, Maria; Enderlein, Robert; et al. Concepts and languages for privacy-preserving attribute-based authentication, https://pdfs.semanticscholar.org/82e2/4078c9ba9fcaf6177a80b8496779676af114.pdf (2013).
References • Cutler, Becky. The Feasibility and Application of Using Zero-Knowledge Protocol for Authentication Systems, http://www.cs.tufts.edu/comp/116/archive/fall2015/bcutler.pdf (2015). • Durcheva, Mariana. Zero Knowledge Proof Protocol Based on Graph Isomorphism Problem, http://www.jmest.org/wp-content/uploads/JMESTN42351827.pdf (2016). • Fleischhacker, Nils; Goyal, Vuypil; Jain, Abhishek. On the Existence of Three Round Zero-Knowledge Proofs, https://eprint.iacr.org/2017/935.pdf (2017). • Ganev, Valentin; Deml, Stefan. Introduction to zk-SNAKRs (Part 1), https://blog.decentriq.ch/zk-snarks-primer-part-one/ (2018). • Gebeyehu, Worku; Ambaw, Lubak; Reddy, MA Eswar. Authenticating Grid Using Graph Isomorphism Based Zero Knowledge Proof, https://link.springer.com/chapter/10.1007/978-3-319-03107-1_2 (2014). • Geraud, Rémi. Zero-Knowledge: More Secure than Passwords? https://blog.ingenico.com/posts/2017/07/zero-knowledge-proof-more-secure-than-passwords.html (July 25, 2017). • Geers, Marjo; Comparing Privacy in eID Schemes, http://www.id-world-magazine.com/?p=923 (2017). • Goldreich, Oded. Zero-Knowledge: a tutorial by Oded Goldreich, http://www.wisdom.weizmann.ac.il/~oded/zk-tut02.html has extensive reference list (2010). • Goldreich, Oded; Yair, Oren. Definitions and Properties of Zero-Knowledge Proof Systems, http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.17.2901 (19940. • Goldwasser, Micali, Rackoff, The Knowledge Complexity of Interactive Proof-Systems, ACM 0-89791-151-2/85/005/02911 (1985). • Green, Matthew. Zero Knowledge Proofs: An Illustrated Primer, https://blog.cryptographyengineering.com/2014/11/27/zero-knowledge-proofs-illustrated-primer/ (November 2014).
References • Groth, Jens. Short Pairing-Based Non-Interactive Zero-Knowledge Arguments, http://www0.cs.ucl.ac.uk/staff/J.Groth/ShortNIZK.pdf (2010). • Groth, Jens; Lu, Steve. “A Non-Interactive Shuffle with Pairing Based Verifiability,” http://www0.cs.ucl.ac.uk/staff/J.Groth/AsiacryptPairingShuffle.pdf (2006). • Groth, Jens; Ostrovsky, Rafail; Sahai, Amit. New Techniques for Non-interactive Zero-Knowledge, http://www0.cs.ucl.ac.uk/staff/J.Groth/NIZKJournal.pdf (2011). • Guillou, Quisqater, “How to Explain Zero-Knowledge Protocols to Your Children,” http://pages.cs.wisc.edu/~mkowalcz/628.pdf (1998). • Gupta, Anuj Das; Delight, Ankur. Zero-Knowledge Proof of Balance: A Friendly ZKP Demo, http://blog.stratumn.com/zero-knowledge-proof-of-balance-demo/ (June 2017). • Hardjono, Thomas; Pentland, Alex “Sandy”; MIT Connection Science & Engineering; Core Identities for Future Transaction Systems, https://static1.squarespace.com/static/55f6b5e0e4b0974cf2b69410/t/57f7a1653e00be2c09eb96e7/1475846503159/Core-Identity- Whitepaper-v08.pdf (October 7, 2016). [TBD: check back, right now it is a DRAFT, do not cite] • ISO/IEC Information technology — Security techniques — Entity authentication — Part 5: Mechanisms using zero-knowledge techniques, https://www.iso.org/standard/50456.html (2015). • Johnstone, Mike; Why we need privacy-preserving authentication in the Facebook age, http://www.iaria.org/conferences2015/filesICSNC15/ICSNC_Keynote_v1.1a.pdf (November 2013). • Kogta, Ronak. ZK-Snarks in English, https://www.slideshare.net/rixor786/zksnarks-in-english?qid=0e3be303-84fc-43d2-be96-6db2085a28ff&v=&b=&from_search=3 (July 2017).
References • Lindell, Yehudi. Efficient Zero-Knowledge Proof, https://www.youtube.com/watch?v=Vahw28dValA, (2015). • Lysyanskaya, Anna. How to Balance Privacy and Key Management in User Authentication, http://csrc.nist.gov/groups/ST/key_mgmt/documents/Sept2012_Presentations/LYSYANSKAYA_nist12.pdf (2012). • Martin-Fernandez, Francisco; Caballero-Gil, Pino; Caballero-Gil, Candido. Authentication Based on Non-Interactive Zero-Knowledge Proofs for the Internet of Things. https://www.ncbi.nlm.nih.gov/pmc/articles/PMC4732108/ (January 2016). • Mohr, Austin. A Survey of Zero-Knowledge Proofs with Applications to Cryptography, http://www.austinmohr.com/work/files/zkp.pdf. • Montenegro, Jose.; Fischer, Michael; Lopez, Javier; et al. Secure Sealed-Bid Online Auctions Using Discreet Cryptographic Proof, http://www.sciencedirect.com/science/article/pii/S0895717711004535?via%3Dihub (June 2013). • Nguyen, Quan; Rudoy, Mikhail; Srinivasan, Arjun. Two Factor Zero Knowledge Proof Authentication System, https://courses.csail.mit.edu/6.857/2014/files/16-nguyen-rudoy-srinivasan-two-factor-zkp.pdf (2014). • Schukat, M; Flood, P. Zero-knowledge Proofs in M2M Communication, http://digital-library.theiet.org/content/conferences/10.1049/cp.2014.0697 (2014). • Broadbent, Ann; Ji, Zhengfeng; Song, Fang. Zero-knowledge proof systems for QMA, https://arxiv.org/pdf/1604.02804.pdf (2016). • Unruh, Dominique. Quantum Proofs of Knowledge, https://eprint.iacr.org/2010/212.pdf (February 2015). • Wilcox, Zooko. Podcast, Zero Knowledge, The Future of Privacy. https://medium.com/blockchannel/episode-3-zero-knowledge-the-future-of-privacy-ea18479295f4 (February 21, 2017). • Wu, Huixin; Wang, Feng. A Survey of Noninteractive Zero Knowledge Proof System and its Applications. https://www.hindawi.com/journals/tswj/2014/560484/ (May 2014).
Graph Isomorphism https://en.wikipedia.org/wiki/Graph_isomorphism G and H are isomorphic graphs SSIMeetup.org
Graph Isomorphism ZKP (GIZKP) Carnegie Mellon University, 2006 https://www.cs.cmu.edu/~ryanw/crypto/lec6.pdf How does Prover prove to Verifier that an isomorphism exists? Input: 2 isomorphic graphs G, H on n nodes each. Prover knows isomorphism f. A security parameter k (positive integer). Output: A zero-knowledge protocol that proves P knows f. Prover gives no info to V˜ P˜ can cheat (successfully) with probability ≤ 1/2 n . Protocol: Repeat k times. Prover: Privately take G and randomly permute vertices to get a graph F. Prover: Publicly present F to Verifier (G and H are public from the beginning). Verifier: Toss a coin, and ask Prover to show that G ∼= F if heads, or H ∼= F if tails. SSIMeetup.org
Graph Isomorphism ZKP (GIZKP) Cornell University, 2009 http://www.cs.cornell.edu/courses/cs6810/2009sp/scribe/lecture18.pd f SSIMeetup.org
EUROCRYPT 2018 Efficient Designated-Verifier Non-Interactive Zero-Knowledge Proofs of Knowledge • Pyrros Chaidos (University of Athens), Geoffroy Couteau (Karlsruhe Institute of Technology) Quasi-Optimal SNARGs via Linear Multi-Prover Interactive Proofs • Dan Boneh (Stanford), Yuval Ishai (Technion and UCLA), Amit Sahai (UCLA), David J. Wu (Stanford) https://eurocrypt.iacr.org/2018/acceptedpapers.html On the Existence of Three Round Zero-Knowledge Proofs • Nils Fleischhacker (Johns Hopkins University and Carnegie Mellon University), Vipul Goyal (Carnegie Mellon University), Abhishek Jain (Johns Hopkins University) An Efficiency-Preserving Transformation from Honest-Verifier Statistical Zero-Knowledge to Statistical Zero-Knowledge • Pavel Hubáček (Charles University in Prague), Alon Rosen (IDC Herzliya), Margarita Vald (Tel-Aviv University) Partially Splitting Rings for Faster Lattice-Based Zero-Knowledge Proofs • Vadim Lyubashevsky (IBM Research - Zurich), Gregor Seiler (IBM Research - Zurich) SSIMeetup.org
The Schnorr NIZK proof is obtained from the interactive Schnorr identification scheme through a Fiat-Shamir transformation • This transformation involves using a secure cryptographic hash function to issue the challenge instead https://tools.ietf.org/html/draft-hao-schnorr-01 Schnorr NIZK (IETF Draft) Graphic: https://www.bswllc.com/resources-articles-preparing-for-th e-2013-coso-internal-framework SSIMeetup.org
Zero-Knowledge Proof, Formal Definition http://www.cs.cornell.edu/courses/cs6810/2009sp/scribe/lecture18.pd An interactive proof system (P, V) for a language L is zero-knowledge if for any PPT verifier V∗ there exists an expected PPT simulator S such that ∀ x ∈ L, z ∈ {0, 1} ∗ , ViewV∗ [P(x) ↔ V∗ (x, z)] = S(x, z) As usual, P has unlimited computation power (in practice, P must be a randomized TM). Intuitively, the definition states that an interactive proof system (P, V) is zero-knowledge if for any verifier V∗ there exists an efficient simulator S that can essentially produce a transcript of the conversation that would have taken place between P and V∗ on any given input. SSIMeetup.org
ZKPOK I can’t tell you my secret, but I can prove to you that I know the secret Source: J. Chou, SC700 A2 Internet Information Protocols (2001) Graphic: http://www.flowmarq.com/single-post/2015/05/18/IDENTITY-Clarifying-Motivations SSIMeetup.org
https://www.symantec.com/connect/blogs/you-can-t-have-privacy-without-security https://www.microsoft.com/en-us/research/research-area/security-privacy-cryptography/ You can have security without privacy, but you can’t have privacy without security. — Carolyn Herzog, EVP and General Counsel, ARM SSIMeetup.org
ZKP Variations • GMR defined knowledge as the computational power of a party • Differentiates “knowledge” from “information” • Knowledge is coupled with computational power https://eprint.iacr.org/2010/150.pdf
• One-Round ZKP • Pairing-Based Non-Interactive Arguments • Perfect ZKPs • Private-coin ZKP • Public-coin ZKP • Scalable Transparent Argument of Knowledge (STARK) • Scalable Transparent IOP of Knowledge (STIK) • Schnorr Non-Interactive Zero-Knowledge Proof • Statistical Zero-Knowledge • Succinct Interactive Proof (SCIP) • Succinct Non-Interactive Argument (SNARG) • Succinct Non-Interactive Argument of Knowledge (SNARK) • Super-Perfect ZKP • Symbolic Zero-Knowledge Proof • Three-Round ZKP • ZK Arguments • ZKP Based on Graph Isomorphism • ZKP of Proximity (ZKPP)https://ieeexplore.ieee.org/document/1524082/ https://eprint.iacr.org/2018/167.pdf https://eurocrypt.iacr.org/2018/acceptedpapers.html http://www0.cs.ucl.ac.uk/staff/J.Groth/NIZKJournal.pdf https://eprint.iacr.org/2017/114.pdf http://www.jmest.org/wp-content/uploads/JMESTN42351827.pdf Examples: ZKP Variations, Terminology SSIMeetup.org
Non-Interactive Zero-Knowledge Proof http://slideplayer.com/slide/2891428 zk-SNARK Proof SSIMeetup.org
ISO/IEC 9798-5:2009 Compliance with ISO/IEC 9798-5 may involve the use of the following patents and their counterparts in other countries. https://www.iso.org/standard/50456.html Patent Title Inventor Filing Date US 4 995 082 Method for identifying subscribers and for generating and verifying electronic signatures in a data exchange system C.P. Schnorr 1990 US 5 140 634 Method and apparatus for authenticating accreditations and for authenticating and signing messages L.C. Guillou and J-J. Quisquater 1991 EP 0 311 470 Methods and systems to authenticate authorizations and messages with a zero knowledge-proof system and to provide messages with a signature L.C. Guillou and J-J. Quisquater 1998 EP 0 666 664 Method for performing a double-signature secure electronic transaction M. Girault 1995 SSIMeetup.org
Attack Resilience (From Academia) http://repository.ust.hk/ir/bitstream/1783.1-6277/1/pseudo.pdf Attack Description Mitigation Impersonation A malicious impersonator, for either party Need secret, completeness and soundness Replay Attack Malicious peer or attacker collects previous proofs, and resends these Challenge message required Man in the Middle (MITM) Intruder is able to access and modify messages between prover and verifier (without them knowing) It depends, implementation specific Collaborated Attack Subverted nodes collaborate to enact identity fraud, or co-conspirator It depends, requires reputation auditing design Denial of Service (Dos) Renders networks, hosts, and other systems unusable by consuming bandwidth or deluging with huge number of requests to overload systems Could happen during authentication setup SSIMeetup.org
ZKP Challenges https://www.slideshare.net/arunta007/elliptic-curve-cryptography-and-zero-knowledge-proof-27914533?next_slideshow=1 https://www.starkware.co/#jobs • Requires expertise and experience o PhD mathematics or cryptography o Algebraic cryptography, high-performance computation in finite fields o Applications of modern algebra to algorithms and computer science • Correct usage • Security, threat model • Audited code, formal verification • Known bugs and vulnerabilities Graphic: http://www.digifotopro.nl/content/beklimming-mount-everest-360-graden-vastgelegd SSIMeetup.org

More Related Content

PDF
Zero Knowledge Proofs: What they are and how they work
All Things Open
 
PDF
Eos - Efficient Private Delegation of zkSNARK provers
Alex Pruden
 
PDF
Bitcoin Blockchain - Under the Hood
Galin Dinkov
 
PDF
zkStudyClub: HyperPlonk (Binyi Chen, Benedikt Bünz)
Alex Pruden
 
PDF
Blockchain Scalability - Architectures and Algorithms
Gokul Alex
 
PDF
Hyperledger Indy tutorial
ssuser3993f3
 
PDF
Introduction to Self Sovereign Identity
Heather Vescent
 
PDF
Blockchain Security and Privacy
Anil John
 
Zero Knowledge Proofs: What they are and how they work
All Things Open
 
Eos - Efficient Private Delegation of zkSNARK provers
Alex Pruden
 
Bitcoin Blockchain - Under the Hood
Galin Dinkov
 
zkStudyClub: HyperPlonk (Binyi Chen, Benedikt Bünz)
Alex Pruden
 
Blockchain Scalability - Architectures and Algorithms
Gokul Alex
 
Hyperledger Indy tutorial
ssuser3993f3
 
Introduction to Self Sovereign Identity
Heather Vescent
 
Blockchain Security and Privacy
Anil John
 

What's hot (20)

PDF
Zksnarks in english
Ronak Kogta
 
PPT
Hash crypto
Harry Potter
 
PDF
Introduction To Solidity
101 Blockchains
 
PDF
Information Security Cryptography ( L02- Types Cryptography)
Anas Rock
 
PPTX
Blockchain Introduction Presentation
Amr Alaa Yassen
 
PDF
Zero-Knowledge Proofs in Light of Digital Identity
Clare Nelson, CISSP, CIPP-E
 
PPT
Secure Socket Layer
Naveen Kumar
 
PPTX
Consensus Algorithms.pptx
Rajapriya82
 
PDF
Blockchain Technology Fundamentals
Experfy
 
PDF
Blockchain Security Issues and Challenges
Merlec Mpyana
 
PPTX
Hash Function
Siddharth Srivastava
 
PPT
Network security cryptographic hash function
Mijanur Rahman Milon
 
PPTX
secure file storage on cloud using hybrid Cryptography ppt.pptx
NishmithaHc
 
PDF
Crypto Wallet Types Explained
101 Blockchains
 
PPTX
Blockchain
Amit Kumar
 
PPTX
Zero Trust Model
Yash
 
PPTX
Introduction to Blockchain
AIMDek Technologies
 
PPTX
Idea(international data encryption algorithm)
SAurabh PRajapati
 
PDF
Web3 Security: The Blockchain is Your SIEM
Tal Be'ery
 
PPTX
public key infrastructure
vimal kumar
 
Zksnarks in english
Ronak Kogta
 
Hash crypto
Harry Potter
 
Introduction To Solidity
101 Blockchains
 
Information Security Cryptography ( L02- Types Cryptography)
Anas Rock
 
Blockchain Introduction Presentation
Amr Alaa Yassen
 
Zero-Knowledge Proofs in Light of Digital Identity
Clare Nelson, CISSP, CIPP-E
 
Secure Socket Layer
Naveen Kumar
 
Consensus Algorithms.pptx
Rajapriya82
 
Blockchain Technology Fundamentals
Experfy
 
Blockchain Security Issues and Challenges
Merlec Mpyana
 
Hash Function
Siddharth Srivastava
 
Network security cryptographic hash function
Mijanur Rahman Milon
 
secure file storage on cloud using hybrid Cryptography ppt.pptx
NishmithaHc
 
Crypto Wallet Types Explained
101 Blockchains
 
Blockchain
Amit Kumar
 
Zero Trust Model
Yash
 
Introduction to Blockchain
AIMDek Technologies
 
Idea(international data encryption algorithm)
SAurabh PRajapati
 
Web3 Security: The Blockchain is Your SIEM
Tal Be'ery
 
public key infrastructure
vimal kumar
 
Ad

Similar to Zero-Knowledge Proofs: Privacy-Preserving Digital Identity with Clare Nelson (20)

PDF
Zero-Knowledge Proofs: Identity Proofing and Authentication
Clare Nelson, CISSP, CIPP-E
 
PDF
Exploring the role of DSA in Zero Knowledge Proof
22f2000330
 
PDF
How Do Zero-Knowledge Proofs Keep Blockchain Transactions Private.pdf
imoliviabennett
 
PPTX
Privacy-Preserving Authentication, Another Reason to Care about Zero-Knowledg...
Clare Nelson, CISSP, CIPP-E
 
PDF
Zero knowledge proof.pdf
Muhammad Khubaib Awan
 
PDF
moncon - The World's Simplest Paywall
Diego Torres
 
PDF
Texas Bitcoin Conference: Are Privacy Coins Private Enough?
Clare Nelson, CISSP, CIPP-E
 
PDF
Demystifying Zero-Knowledge Proofs A Primer for Business Leaders.pdf
Prolitus Technologies
 
PDF
Privacy-preserving techniques using zero knowledge proof in public Ethereum
Nagib Aouini
 
PPTX
Blockchain privacy approaches in hyperledger indy
ManishKumarGiri2
 
PDF
zkSNARKs in Ethereum, and Baby ZoE
Feng-Ren Tsai
 
PPTX
lProtocol mainly used in cryptography and network security. .pptx
Uma Maheswari
 
PPTX
Dissemination of knowledge on Secure Systems Engineering
JAIGANESH SEKAR
 
PDF
Bat38 aouini bogosalvarado_zk-snark_blockchain
BATbern
 
PDF
Zero-knowledge proofs and why it is future of blockchain.pdf
Konrad Kokosa
 
PDF
The Future of Privacy in Digital Identity Management
Yushu Excellence
 
PPTX
[Cryptica 22] Personal data protection using Zero-Knowledge proofs - Marija M...
DataScienceConferenc1
 
PDF
ZKbasicsCheatsheet.pdf shasdhadasdsahdashdhasd
Clifford65
 
PPT
Zero knowledge proofsii
sreesaiprakash
 
PPTX
A Zero-Knowledge Proof: Improving Privacy on a Blockchain
Altoros
 
Zero-Knowledge Proofs: Identity Proofing and Authentication
Clare Nelson, CISSP, CIPP-E
 
Exploring the role of DSA in Zero Knowledge Proof
22f2000330
 
How Do Zero-Knowledge Proofs Keep Blockchain Transactions Private.pdf
imoliviabennett
 
Privacy-Preserving Authentication, Another Reason to Care about Zero-Knowledg...
Clare Nelson, CISSP, CIPP-E
 
Zero knowledge proof.pdf
Muhammad Khubaib Awan
 
moncon - The World's Simplest Paywall
Diego Torres
 
Texas Bitcoin Conference: Are Privacy Coins Private Enough?
Clare Nelson, CISSP, CIPP-E
 
Demystifying Zero-Knowledge Proofs A Primer for Business Leaders.pdf
Prolitus Technologies
 
Privacy-preserving techniques using zero knowledge proof in public Ethereum
Nagib Aouini
 
Blockchain privacy approaches in hyperledger indy
ManishKumarGiri2
 
zkSNARKs in Ethereum, and Baby ZoE
Feng-Ren Tsai
 
lProtocol mainly used in cryptography and network security. .pptx
Uma Maheswari
 
Dissemination of knowledge on Secure Systems Engineering
JAIGANESH SEKAR
 
Bat38 aouini bogosalvarado_zk-snark_blockchain
BATbern
 
Zero-knowledge proofs and why it is future of blockchain.pdf
Konrad Kokosa
 
The Future of Privacy in Digital Identity Management
Yushu Excellence
 
[Cryptica 22] Personal data protection using Zero-Knowledge proofs - Marija M...
DataScienceConferenc1
 
ZKbasicsCheatsheet.pdf shasdhadasdsahdashdhasd
Clifford65
 
Zero knowledge proofsii
sreesaiprakash
 
A Zero-Knowledge Proof: Improving Privacy on a Blockchain
Altoros
 
Ad

More from SSIMeetup (20)

PDF
ZKorum: Building the Next Generation eAgora powered by SSI
SSIMeetup
 
PDF
Anonymous credentials with range proofs, verifiable encryption, ZKSNARKs, Cir...
SSIMeetup
 
PDF
Value proposition of SSI tech providers - Self-Sovereign Identity
SSIMeetup
 
PDF
SSI Adoption: What will it take? Riley Hughes
SSIMeetup
 
PDF
Web5 - Open to Build - Block-TBD
SSIMeetup
 
PDF
Portabl - The state of open banking, regulations, and the intersection of SSI...
SSIMeetup
 
PDF
PharmaLedger: A Digital Trust Ecosystem for Healthcare
SSIMeetup
 
PDF
Cheqd: Making privacy-preserving digital credentials fun
SSIMeetup
 
PDF
PolygonID Zero-Knowledge Identity Web2 & Web3
SSIMeetup
 
PDF
Building SSI Products: A Guide for Product Managers
SSIMeetup
 
PDF
Solving compliance for crypto businesses using Decentralized Identity – Pelle...
SSIMeetup
 
PDF
The Pan-Canadian Trust Framework (PCTF) for SSI
SSIMeetup
 
PDF
Identity-centric interoperability with the Ceramic Protocol
SSIMeetup
 
PDF
The SSI Ecosystem in South Korea
SSIMeetup
 
PDF
Introducing the SSI eIDAS Legal Report – Ignacio Alamillo
SSIMeetup
 
PDF
Learn about the Trust Over IP (ToIP) stack
SSIMeetup
 
PDF
How to avoid another identity nightmare with SSI? Christopher Allen
SSIMeetup
 
PDF
Self-Sovereign Identity: Ideology and Architecture with Christopher Allen
SSIMeetup
 
PDF
eIDAS regulation: anchoring trust in Self-Sovereign Identity systems
SSIMeetup
 
PDF
Explaining SSI to C-suite executives, and anyone else for that matter
SSIMeetup
 
ZKorum: Building the Next Generation eAgora powered by SSI
SSIMeetup
 
Anonymous credentials with range proofs, verifiable encryption, ZKSNARKs, Cir...
SSIMeetup
 
Value proposition of SSI tech providers - Self-Sovereign Identity
SSIMeetup
 
SSI Adoption: What will it take? Riley Hughes
SSIMeetup
 
Web5 - Open to Build - Block-TBD
SSIMeetup
 
Portabl - The state of open banking, regulations, and the intersection of SSI...
SSIMeetup
 
PharmaLedger: A Digital Trust Ecosystem for Healthcare
SSIMeetup
 
Cheqd: Making privacy-preserving digital credentials fun
SSIMeetup
 
PolygonID Zero-Knowledge Identity Web2 & Web3
SSIMeetup
 
Building SSI Products: A Guide for Product Managers
SSIMeetup
 
Solving compliance for crypto businesses using Decentralized Identity – Pelle...
SSIMeetup
 
The Pan-Canadian Trust Framework (PCTF) for SSI
SSIMeetup
 
Identity-centric interoperability with the Ceramic Protocol
SSIMeetup
 
The SSI Ecosystem in South Korea
SSIMeetup
 
Introducing the SSI eIDAS Legal Report – Ignacio Alamillo
SSIMeetup
 
Learn about the Trust Over IP (ToIP) stack
SSIMeetup
 
How to avoid another identity nightmare with SSI? Christopher Allen
SSIMeetup
 
Self-Sovereign Identity: Ideology and Architecture with Christopher Allen
SSIMeetup
 
eIDAS regulation: anchoring trust in Self-Sovereign Identity systems
SSIMeetup
 
Explaining SSI to C-suite executives, and anyone else for that matter
SSIMeetup
 

Recently uploaded (20)

PPTX
Pengenalan perangkat Jaringan komputer pada teknik jaringan komputer dan tele...
Prayudha3
 
PPTX
Unlocking Hope : How Crypto Recovery Services Can Reclaim Your Lost Funds
lionsgate network
 
PPTX
The Internet of Things (IoT) refers to a vast network of interconnected devic...
chethana8182
 
PPTX
Different Generation Of Computers .pptx
divcoder9507
 
PPTX
原版北不列颠哥伦比亚大学毕业证文凭UNBC成绩单2025年新版在线制作学位证书
e7nw4o4
 
PPT
Introduction to dns domain name syst.ppt
MUHAMMADKAVISHSHABAN
 
PPT
1965 INDO PAK WAR which Pak will never forget.ppt
sanjaychief112
 
PDF
Data Protection & Resilience in Focus.pdf
AmyPoblete3
 
PPTX
Parallel & Concurrent ...
yashpavasiya892
 
PPTX
Crypto Recovery California Services.pptx
lionsgate network
 
PPTX
Perkembangan Perangkat jaringan komputer dan telekomunikasi 3.pptx
Prayudha3
 
PPTX
Blue and Dark Blue Modern Technology Presentation.pptx
ap177979
 
PPTX
Google SGE SEO: 5 Critical Changes That Could Wreck Your Rankings in 2025
Reversed Out Creative
 
PDF
Slides: PDF Eco Economic Epochs for World Game (s) pdf
Steven McGee
 
PPTX
Black Yellow Modern Minimalist Elegant Presentation.pptx
nothisispatrickduhh
 
PDF
Cybersecurity Awareness Presentation ppt.
banodhaharshita
 
PPTX
办理方法西班牙假毕业证蒙德拉贡大学成绩单MULetter文凭样本
xxxihn4u
 
PPTX
How tech helps people in the modern era.
upadhyayaryan154
 
PPTX
Microsoft PowerPoint Student PPT slides.pptx
Garleys Putin
 
PPTX
The Internet of Things (IoT) refers to a vast network of interconnected devic...
chethana8182
 
Pengenalan perangkat Jaringan komputer pada teknik jaringan komputer dan tele...
Prayudha3
 
Unlocking Hope : How Crypto Recovery Services Can Reclaim Your Lost Funds
lionsgate network
 
The Internet of Things (IoT) refers to a vast network of interconnected devic...
chethana8182
 
Different Generation Of Computers .pptx
divcoder9507
 
原版北不列颠哥伦比亚大学毕业证文凭UNBC成绩单2025年新版在线制作学位证书
e7nw4o4
 
Introduction to dns domain name syst.ppt
MUHAMMADKAVISHSHABAN
 
1965 INDO PAK WAR which Pak will never forget.ppt
sanjaychief112
 
Data Protection & Resilience in Focus.pdf
AmyPoblete3
 
Parallel & Concurrent ...
yashpavasiya892
 
Crypto Recovery California Services.pptx
lionsgate network
 
Perkembangan Perangkat jaringan komputer dan telekomunikasi 3.pptx
Prayudha3
 
Blue and Dark Blue Modern Technology Presentation.pptx
ap177979
 
Google SGE SEO: 5 Critical Changes That Could Wreck Your Rankings in 2025
Reversed Out Creative
 
Slides: PDF Eco Economic Epochs for World Game (s) pdf
Steven McGee
 
Black Yellow Modern Minimalist Elegant Presentation.pptx
nothisispatrickduhh
 
Cybersecurity Awareness Presentation ppt.
banodhaharshita
 
办理方法西班牙假毕业证蒙德拉贡大学成绩单MULetter文凭样本
xxxihn4u
 
How tech helps people in the modern era.
upadhyayaryan154
 
Microsoft PowerPoint Student PPT slides.pptx
Garleys Putin
 
The Internet of Things (IoT) refers to a vast network of interconnected devic...
chethana8182
 

Zero-Knowledge Proofs: Privacy-Preserving Digital Identity with Clare Nelson

  • 1. Zero-Knowledge Proofs (ZKP) Privacy-Preserving Digital Identity October 11, 2018 Clare Nelson, CISSP, CIPP/E VP Business Development & Product Strategy, North America Sedicii @Safe_SaaS SSIMeetup.orghttps://creativecommons.org/licenses/by-sa/4.0/
  • 2. Why? Raison d’Être for Zero-Knowledge Proofs SSIMeetup.orghttps://creativecommons.org/licenses/by-sa/4.0/
  • 3. Zero-Knowledge Proofs (ZKPs) Enhance Privacy https://docs.google.com/document/d/1spgtYG8iXZ_NjUXdN8AEdKdGmaulE8r-mf7NsQ-_y4E/edit# Personal Privacy Institutional Integrity Graphic: https://scattering-ashes.co.uk/ashes-help-and-advice/much-ash-cremation/ SSIMeetup.org
  • 4. zk-STARKs Paper Scalable, transparent, and post-quantum secure computational integrity (March 2018) https://eprint.iacr.org/2018/046.pdf Human dignity demands that personal information, like medical and forensic data, be hidden from the public. But veils of secrecy designed to preserve privacy may also be abused to cover up lies and deceit by institutions entrusted with Data, unjustly harming citizens and eroding trust in central institutions. Zero knowledge (ZK) proof systems are an ingenious cryptographic solution to this tension between the ideals of personal privacy and institutional integrity, enforcing the latter in a way that does not compromise the former. – Eli Ben-Sasson, Iddo Bentov, Yinon Horesh, Michael Riabzev SSIMeetup.org
  • 6. • Artificial Intelligence (OpenMined) • Cryptocurrency • Digital Watermarks • Ethereum • E-Voting • Gaming • Genomics • Location • Mimblewimble • Private Messaging • Sealed Auctions • Smart Contracts (Hawk) • Supply Chain Transparency • Trusted Platform Module (TPM) • Zero-Knowledge Blockchain Scope Out of Scope Digital Identity • Identity Proofing • Authentication In Scope
  • 7. ZKP and Digital Identity What Problems Are We Solving? SSIMeetup.orghttps://creativecommons.org/licenses/by-sa/4.0/
  • 8. Zero-Knowledge Proofs If your per-son-al data is nev-er col-lect-ed, it can-not be sto-len. https://www.zurich.ibm.com/identity_mixer/ https://www.ted.com/talks/maria_dubovitskaya_take_back_control_of_your_personal_data, TED Talk – Maria Dubovitskaya Cryptographer, Research Staff Member, IBM Zurich Research Laboratory, Ph.D. in cryptography and privacy from ETH Zurich Graphic: https://www.youtube.com/watch?v=jp_QGwXsoXM SSIMeetup.org
  • 9. Motivations for ZKP and Digital Identity Digital Identity Risks •Loss of privacy, control •Data breaches •Identity theft o Identity fraud, crime ▪ Human, drug trafficking ▪ Terrorist funding •Surveillance, Profiling •Social engineering https://zkproof.org/ https://gpsbydesign.org/ https://docs.google.com/document/d/1spgtYG8iXZ_NjUXdN8AEdKdGmaulE8r-mf7NsQ-_y4E/edit# Graphic: https://gpsbydesign.org/ International Council on Global Privacy and Security, by Design • We don’t need to give up personal privacy for public safety. • We don't need to sacrifice privacy for data analytics. • We can have both. We must have both. TUPS
  • 10. Ideal for Identification ZKPs are the ideal solution to challenges in identification • Users can prove identities o No exchange of sensitive information • Mitigates identity theft – Sultan Almuhammadi – Charles Neuman University of Southern California, Los Angeles (2005) https://ieeexplore.ieee.org/document/1524082/ Graphic: https://www.equifax.com.au/personal/articles/what-identity-watch SSIMeetup.org
  • 12. Zero-Knowledge Proofs One of the most powerful tools cryptographers have ever devised https://z.cash/team.html https://blog.cryptographyengineering.com/2014/11/27/zero-knowledge-proofs-illustrated-primer/ – Matthew Green Professor at Johns Hopkins University Co-founder of Zcash SSIMeetup.org
  • 13. Definition of Zero-Knowledge Proof Proof System, not Geometry Proof http://www0.cs.ucl.ac.uk/staff/J.Groth/ShortNIZK.pdf http://www.austinmohr.com/work/files/zkp.pdf Proof system, not a geometry proof SSIMeetup.org
  • 14. Definition of Zero-Knowledge Proof Enable a Prover to convince a Verifier of the validity of a statement • Yields nothing beyond validity of the statement • Incorporates randomness • Is probabilistic o Does not provide absolute certainty http://www0.cs.ucl.ac.uk/staff/J.Groth/ShortNIZK.pdf http://www.austinmohr.com/work/files/zkp.pdf Prover Verifier Statement SSIMeetup.org
  • 15. Interactive Zero-Knowledge Proof Derived from http://blog.stratumn.com/zkp-hash-chains/ VerifierProver Construct ZKP Verify ZKP Proof Non-Interactive ZKP Transform multiple messages into one message, or string SSIMeetup.org
  • 16. ZKP Requirements Completeness • If statement is true, verifier will be convinced by prover Soundness • If statement is false, a cheating prover cannot convince verifier it is true o Except with some small probability Zero-Knowledge • Verifier learns nothing beyond the statement’s validity http://www0.cs.ucl.ac.uk/staff/J.Groth/ShortNIZK.pdf http://www.austinmohr.com/work/files/zkp.pdf http://www.wisdom.weizmann.ac.il/~oded/zk-tut02.html Graphic: http://mentalfloss.com/article/64108/15-things-you-should-know-about-dogs-playing-poker SSIMeetup.org
  • 17. 007 Wants to Read the News Credit to Anna Lysyanskaya for the 007 metaphor Graphic: I can tell you. But then I’ll have to kill you. www.telegraph.co .uk Today’s news? Today’snews?Who are you? Do you have a subscription? SSIMeetup.org
  • 18. 007 Uses Subscription My subscription is #4309115 www.telegraph.co .uk Today’s news? Today’snews?Who are you? Do you have a subscription? 007 Reveals Personal Data: - Zip code when he looks up the weather - Date of birth when he reads his horoscope - More data when he browses the personal ads Credit to Anna Lysyanskaya for the 007 metaphor Graphic: SSIMeetup.org
  • 19. Completeness: Telegraph Accepts Proof Here is a Zero-Knowledge Proof www.telegraph.co .uk Today’s news? Today’snews?Who are you? Do you have a subscription? Credit to Anna Lysyanskaya for the 007 metaphor Graphic: Completeness • Verifier is convinced of true statement SSIMeetup.org
  • 20. Soundness Credit to Anna Lysyanskaya for the 007 metaphor Graphic: https://en.wikipedia.org/wiki/M_(James_Bond) It’s Bond. James Bond. www.telegraph.co .uk Today’s news? Rejected Who are you? Do you have a subscription? (M fails because she can’t prove to Telegraph) SSIMeetup.org
  • 22. Zero-Knowledge Proof Illustration Matthew Green Telecom Company • Cell towers • Vertices • Avoid signal overlap • Use 1 of 3 signals https://blog.cryptographyengineering.com/2014/11/27/zero-knowledge-proofs-illustrated-primer/ SSIMeetup.org
  • 23. Zero-Knowledge Proof Illustration Matthew Green 3-Color Graph Problem • Use colors to represent frequency bands • Solve for 1,000 towers • Hire Brain Consulting https://blog.cryptographyengineering.com/2014/11/27/zero-knowledge-proofs-illustrated-primer/ SSIMeetup.org
  • 24. Zero-Knowledge Proof Illustration Matthew Green Proof of Solution • Prove have solution without revealing it • Hats hide the solution https://blog.cryptographyengineering.com/2014/11/27/zero-knowledge-proofs-illustrated-primer/ SSIMeetup.org
  • 25. Zero-Knowledge Proof Illustration Matthew Green Proof of Solution • Remove any two hats • See vertices are different colors https://blog.cryptographyengineering.com/2014/11/27/zero-knowledge-proofs-illustrated-primer/ SSIMeetup.org
  • 26. 6 4 Zero-Knowledge Proof Illustration Matthew Green Repeat this process • Clear previous solution • (Add randomness) • Solve again • Telecom removes two hats Accept or Reject • Complete for preset number of rounds • Telecom accepts or rejects https://blog.cryptographyengineering.com/2014/11/27/zero-knowledge-proofs-illustrated-primer/ SSIMeetup.org
  • 28. Examples of ZKP Variants https://www.slideshare.net/arunta007/elliptic-curve-cryptography-and-zero-knowledge-proof-27914533?next_slideshow=1 https://www.youtube.com/watch?v=CKncw6mIMJQ&list=PLpr-xdpM8wG8DPozMmcbwBjFn15RtC75N https://www.starkware.co/ http://zerocash-project.org/media/pdf/zerocash-extended-20140518.pdf https://eprint.iacr.org/2017/1066.pdf, Bulletproofs https://thexvid.com/video/O8QA6Nvg8RI/zcash-genesis-block.html, trusted setup, live stream of Zcash launch ZKP NIZKP zk-SNARK zk-STARK Designated Verifier Lattice-Based Interactive, multiple messages, need stable communication channel Not interactive, one message Need one-time, trusted setup to generate key at launch No setup, working on memory issues, I or NI, post-quantum secure No setup, 188 bytes, 10 ms in some cases, not post-quantum secure Lattice-based cryptography, post-quantum secure, research Graph Isomorphism zk-STIK Bulletproof Interactive, compare graphs, efficient computation Scalable Transparent Interactive Oracle of Proof (IOP) of Knowledge DVNIZK, not just any entity can be verifier, verifier must know secret Auror a SSIMeetup.org
  • 29. Trusted Setup Zcash example https://z.cash/technology/paramgen https://z.cash/blog/the-design-of-the-ceremony/ https://thexvid.com/video/O8QA6Nvg8RI/zcash-genesis-block.html, trusted setup, live stream of Zcash launch Multi-Party Computation (MPC) Ceremonies Zcash Sprout (2016) Six participants in the ceremony: 1. Andrew Miller 2. Peter Van Valkenburgh 3. John Dobbertin (pseudonym) 4. Zooko Wilcox 5. Derek Hinch 6. Peter Todd Zcash Sapling (2017-2018) • 87 Participants Private transactions in Zcash rely on zk-SNARK public parameters for constructing and verifying zero-knowledge proofs • Generating zk-SNARK public parameters is equivalent to generating a public/private key pair • Keep public key • Destroy private key • If an attacker gets a copy of the private key, could ▪ Create counterfeit Zcash ▪ Not violate anyone else’s privacy ▪ Not steal other people’s Zcash SSIMeetup.org
  • 31. ZKP Flexibility, Variety of Use Cases • Range proofs o Age range: 25-45 years old • Set membership o Citizen of European Union • Comparison o Do identity attributes or secrets match? • Computational integrity Logical combination of any of the above Preserve Privacy SSIMeetup.org
  • 32. Graph Isomorphism ZKP Paper by Manuel Blum, UC Berkeley, 1986 Prover Verifier (Graph Isomorphism Problem: Given two graphs with 𝑛 vertices each, decide whether they are isomorphic.) 1986: http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.469.9048&rep=rep1&type=pdf 2006: https://www.cs.cmu.edu/~ryanw/crypto/lec6.pdf 2009: http://www.cs.cornell.edu/courses/cs6810/2009sp/scribe/lecture18.pdf 2011: http://www.cs.haifa.ac.il/~orrd/IntroToCrypto/Spring11/Lecture9.pdf https://kriptan.org/white-papers.html http://gauss.ececs.uc.edu/Courses/c653/lectures/PDF/zero.pdf Compare identity attributes without transferring them SSIMeetup.org
  • 33. Graph Isomorphism ZKP Passport Driver’s License National ID Relying Party Authoritative Sources No personal data leaves mobile phone or authoritative source 1986: http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.469.9048&rep=rep1&type=pdf 2006: https://www.cs.cmu.edu/~ryanw/crypto/lec6.pdf 2009: http://www.cs.cornell.edu/courses/cs6810/2009sp/scribe/lecture18.pdf 2011: http://www.cs.haifa.ac.il/~orrd/IntroToCrypto/Spring11/Lecture9.pdf https://kriptan.org/white-papers.html http://gauss.ececs.uc.edu/Courses/c653/lectures/PDF/zero.pdf https://medium.com/@kriptannetwork/we-did-it-before-it-was-cool-1a3b69627cc5 Verifier
  • 34. zk-STARK Example (Ben-Sasson, Bentov, Horesh, Riabzev) https://eprint.iacr.org/2018/046.pdf National Offender DNA Database Presidential Candidate, Jaffa Prove to public that Jaffa is not in offender database Graphic: https://www.linkedin.com/in/jaffaedwards/, with permission May 25, 2018. No reliance on any external trusted party
  • 35. Designated Verifier https://eprint.iacr.org/2017/1029.pd Designated-Verifier Non-Interactive Zero-Knowledge Proof of Knowledge (DVNIZK) • Know verifier in advance • Provides efficient, privacy-preserving authentication Graphic: http://www.cs.technion.ac.il/images/events/2018/3031/fullsize.jpg EUROCRYPT 2018 SSIMeetup.org
  • 36. ZKP Identity-Related Landscape Identity Verification, Authentication
  • 38. ZKP Considerations Depends on Implementation or Use Cases 1. Transparent • Setup with no reliance on any third party • No trapdoors 2. Scalable • Verify proofs exponentially faster than database size 3. Succinct 4. Universal 5. Compliant with upcoming ZKP standards 6. Interactive, non-interactive 7. Support for IoT or cars 8. Security (threat model) • Code bugs, compromise during deployment, side channel attacks, tampering attacks, MiTM • Manual review, proof sketches, re-use gadgets, emerging tools for formal verification, testing • ZKP protocol breach, how detect breach? 9. Third-party audit • Monero audits: Kudelski Security $30K, Benedikt Bünz, QuarksLab 10. Post-quantum secure https://eprint.iacr.org/2018/046.pdf https://forum.getmonero.org/22/completed-tasks/90007/bulletproofs-audit-fundraising SSIMeetup.org
  • 39. 1985 Goldwasser, Micali, Rackoff paper 2018 ZKP Standards Organization 2012 Goldwasser, Micali win Turing Award https://groups.csail.mit.edu/cis/pubs/shafi/1985-stoc.pdf https://zkproof.org/ Timeline It is Still Early Days
  • 40. ZKP Standards https://zkproof.org/ https://zkproof.org/documents.html *https://zkproof.org/zcon0_notes.pdf I think you should be more explicit here in step two ZKProof.org • Open initiative • Industry, academia • Framework for a formal standard of Zero-Knowledge Proofs • Working drafts: o Security o Implementation o Applications Cartoonist: Sydney Harris Source: https://www.art.com/products/p15063445373-sa-i6847848/sidney-harris-i-think-you-shoul d-be-more-explicit-here-in-step-two-cartoon.htm
  • 41. ZKP Standards https://docs.google.com/document/d/1spgtYG8iXZ_NjUXdN8AEdKdGmaulE8r-mf7NsQ-_y4E/edit#heading=h.1irq6vg7ivr ZKProof Standards Applications Track Proceedings • Identity Framework, Protocol Description, Functionality 1. Third-party anonymous and confidential attribute attestations through credential issuance by the issuer 2. Confidentially proving claims using Zero-Knowledge Proofs through the presentation of proof of credential by the holder 3. Verification of claims through Zero-Knowledge Proof verifications by the verifier 4. Unlinkable credential revocation by the issuer Plus: • Credential transfer • Authority delegation • Trace auditability Graphic: http://www.activistpost.com/2015/09/fbi-biometrics-programs-surveillance-database.html
  • 42. ZKP Standards https://zkproof.org/ https://zkproof.org/documents.html *https://zkproof.org/zcon0_notes.pdf (June 2018) ZKProof Workshop at Zcon0 • Legal questions o If a robber shows a ZKP that they hold my coins, who legally owns them?* • Trust Graphic: https://www.pymnts.com/fraud-attack/2018/payment-details-north-korean-hack-cyberattack-security/
  • 45. ZKP Resources • ISO/IEC 9798-5 • Letter to NIST • Code o libSNARK C++ library o libSTARK C++ library o Bulletproofs using Ristretto, Rust library • Succinct Computational Integrity and Privacy Research (SCIPR) Lab • Stanford Applied Cryptography • ZKP Science • ZKP Standards Organization • References: 4 backup slides at end of this presentation https://zkp.science/docs/Letter-to-NIST-20160613-Advanced-Crypto.pdf https://github.com/chain/ristretto-bulletproofs/ A Hands-On Tutorial for Zero-Knowledge Proofs: Part I-III http://www.shirpeled.com/20 18/10/a-hands-on-tutorial-for- zero-knowledge.html September-October, 2018 SSIMeetup.org
  • 47. We Stand on the Shoulders of Giants https://www.csail.mit.edu/user/733 https://people.csail.mit.edu/silvio/ https://cyberweek.tau.ac.il/2017/about/speakers/item/207-eli-ben-sasson https://z.cash/team.html Shafi Goldwasser Eli Ben-Sasson Silvio Micali Matthew Green
  • 48. @Safe_SaaS Questions? www.slideshare.net/eralcnoslen/presentations Clare_Nelson @ ClearMark . biz SSIMeetup.orghttps://creativecommons.org/licenses/by-sa/4.0/
  • 53. Zero-Knowledge Range Proof (ZKRP) Validate •Person is 18-65 years old o Without disclosing the age •Person is in Europe o Without disclosing the exact location https://github.com/ing-bank/zkrangeproof SSIMeetup.org
  • 54. ZKRP Vulnerability • Madars Virza • “The publicly computable value y/t is roughly the same magnitude (in expectation) as w^2 * (m-a+1)(b-m+1). However, w^2 has fixed bit length (again, in expectation) and thus for a fixed range, this value leaks the magnitude of the committed value.” • The proof is not zero knowledge • Response: will find alternative ZKP https://github.com/ing-bank/zkrangeproof Graphic: https://www.pexels.com/photo/milkweed-bug-perching-on-pink-flower-in-close-up-photography-1085549/
  • 55. Source: https://www.usenix.org/legacy/event/hotsec08/tech/full_papers/parno/parno_html/index.html If you have a PC, you may have touched Zero-Knowledge Proof (TPM 1.2) Graphic: https://www.windowscentral.com/best-dell-laptop SSIMeetup.org
  • 56. References • Attribute-based Credentials for Trust (ABC4Trust) Project, https://abc4trust.eu/ (2017). • AU2EU Project, Authentication and Authorization for Entrusted Unions, http://www.au2eu.eu/ (2017). • Baldimsti, Foteini; Lysanskaya, Anna. Anonymous Credentials Light. http://cs.brown.edu/~anna/papers/bl13a.pdf (2013). • Ben Sasson, Eli; Chiesa, Alessandro; Garman, Christina, et al. Zerocash: Decentralized Anonymous Payments from Bitcoin, http://zerocash-project.org/media/pdf/zerocash-extended-20140518.pdf (May 2014). • Bitansky, Nir; Weizman, Zvika Brakerski; Kalai, Yael. 3-Message Zero Knowledge Against Human Ignorance, https://eprint.iacr.org/2016/213.pdf (September 2016). • Blum, Manauel; De Santos, Alfredo; Micali, Silvio; Persiano, Giuseppe. Non-Interactive Zero-Knowledge and its Applications, https://people.csail.mit.edu/silvio/Selected%20Scientific%20Papers/Zero%20Knowledge/Noninteractive_Zero-Knowkedge.pdf (1991). • Brands, Stefan. Rethinking Public Key Infrastructures and Digital Certificates. The MIT Press, http://www.credentica.com/the_mit_pressbook.html (2000). • Bunz, Benedikt; Bootle, Jonathan; Boneh, Dan; et al. Bulletproofs: Short Proofs for Confidential Transactions and More, https://eprint.iacr.org/2017/1066.pdf (2017). • Camenisch, Jan and E. Van Herreweghen, Design and implementation of the IBM Idemix anonymous credential system, in Proceedings of the 9th ACM conference on Computer and communications security. ACM, 2002, pp. 21–30. • Camenisch, Jan; Dubovitskaya, Maria; Enderlein, Robert; et al. Concepts and languages for privacy-preserving attribute-based authentication, https://pdfs.semanticscholar.org/82e2/4078c9ba9fcaf6177a80b8496779676af114.pdf (2013).
  • 57. References • Cutler, Becky. The Feasibility and Application of Using Zero-Knowledge Protocol for Authentication Systems, http://www.cs.tufts.edu/comp/116/archive/fall2015/bcutler.pdf (2015). • Durcheva, Mariana. Zero Knowledge Proof Protocol Based on Graph Isomorphism Problem, http://www.jmest.org/wp-content/uploads/JMESTN42351827.pdf (2016). • Fleischhacker, Nils; Goyal, Vuypil; Jain, Abhishek. On the Existence of Three Round Zero-Knowledge Proofs, https://eprint.iacr.org/2017/935.pdf (2017). • Ganev, Valentin; Deml, Stefan. Introduction to zk-SNAKRs (Part 1), https://blog.decentriq.ch/zk-snarks-primer-part-one/ (2018). • Gebeyehu, Worku; Ambaw, Lubak; Reddy, MA Eswar. Authenticating Grid Using Graph Isomorphism Based Zero Knowledge Proof, https://link.springer.com/chapter/10.1007/978-3-319-03107-1_2 (2014). • Geraud, Rémi. Zero-Knowledge: More Secure than Passwords? https://blog.ingenico.com/posts/2017/07/zero-knowledge-proof-more-secure-than-passwords.html (July 25, 2017). • Geers, Marjo; Comparing Privacy in eID Schemes, http://www.id-world-magazine.com/?p=923 (2017). • Goldreich, Oded. Zero-Knowledge: a tutorial by Oded Goldreich, http://www.wisdom.weizmann.ac.il/~oded/zk-tut02.html has extensive reference list (2010). • Goldreich, Oded; Yair, Oren. Definitions and Properties of Zero-Knowledge Proof Systems, http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.17.2901 (19940. • Goldwasser, Micali, Rackoff, The Knowledge Complexity of Interactive Proof-Systems, ACM 0-89791-151-2/85/005/02911 (1985). • Green, Matthew. Zero Knowledge Proofs: An Illustrated Primer, https://blog.cryptographyengineering.com/2014/11/27/zero-knowledge-proofs-illustrated-primer/ (November 2014).
  • 58. References • Groth, Jens. Short Pairing-Based Non-Interactive Zero-Knowledge Arguments, http://www0.cs.ucl.ac.uk/staff/J.Groth/ShortNIZK.pdf (2010). • Groth, Jens; Lu, Steve. “A Non-Interactive Shuffle with Pairing Based Verifiability,” http://www0.cs.ucl.ac.uk/staff/J.Groth/AsiacryptPairingShuffle.pdf (2006). • Groth, Jens; Ostrovsky, Rafail; Sahai, Amit. New Techniques for Non-interactive Zero-Knowledge, http://www0.cs.ucl.ac.uk/staff/J.Groth/NIZKJournal.pdf (2011). • Guillou, Quisqater, “How to Explain Zero-Knowledge Protocols to Your Children,” http://pages.cs.wisc.edu/~mkowalcz/628.pdf (1998). • Gupta, Anuj Das; Delight, Ankur. Zero-Knowledge Proof of Balance: A Friendly ZKP Demo, http://blog.stratumn.com/zero-knowledge-proof-of-balance-demo/ (June 2017). • Hardjono, Thomas; Pentland, Alex “Sandy”; MIT Connection Science & Engineering; Core Identities for Future Transaction Systems, https://static1.squarespace.com/static/55f6b5e0e4b0974cf2b69410/t/57f7a1653e00be2c09eb96e7/1475846503159/Core-Identity- Whitepaper-v08.pdf (October 7, 2016). [TBD: check back, right now it is a DRAFT, do not cite] • ISO/IEC Information technology — Security techniques — Entity authentication — Part 5: Mechanisms using zero-knowledge techniques, https://www.iso.org/standard/50456.html (2015). • Johnstone, Mike; Why we need privacy-preserving authentication in the Facebook age, http://www.iaria.org/conferences2015/filesICSNC15/ICSNC_Keynote_v1.1a.pdf (November 2013). • Kogta, Ronak. ZK-Snarks in English, https://www.slideshare.net/rixor786/zksnarks-in-english?qid=0e3be303-84fc-43d2-be96-6db2085a28ff&v=&b=&from_search=3 (July 2017).
  • 59. References • Lindell, Yehudi. Efficient Zero-Knowledge Proof, https://www.youtube.com/watch?v=Vahw28dValA, (2015). • Lysyanskaya, Anna. How to Balance Privacy and Key Management in User Authentication, http://csrc.nist.gov/groups/ST/key_mgmt/documents/Sept2012_Presentations/LYSYANSKAYA_nist12.pdf (2012). • Martin-Fernandez, Francisco; Caballero-Gil, Pino; Caballero-Gil, Candido. Authentication Based on Non-Interactive Zero-Knowledge Proofs for the Internet of Things. https://www.ncbi.nlm.nih.gov/pmc/articles/PMC4732108/ (January 2016). • Mohr, Austin. A Survey of Zero-Knowledge Proofs with Applications to Cryptography, http://www.austinmohr.com/work/files/zkp.pdf. • Montenegro, Jose.; Fischer, Michael; Lopez, Javier; et al. Secure Sealed-Bid Online Auctions Using Discreet Cryptographic Proof, http://www.sciencedirect.com/science/article/pii/S0895717711004535?via%3Dihub (June 2013). • Nguyen, Quan; Rudoy, Mikhail; Srinivasan, Arjun. Two Factor Zero Knowledge Proof Authentication System, https://courses.csail.mit.edu/6.857/2014/files/16-nguyen-rudoy-srinivasan-two-factor-zkp.pdf (2014). • Schukat, M; Flood, P. Zero-knowledge Proofs in M2M Communication, http://digital-library.theiet.org/content/conferences/10.1049/cp.2014.0697 (2014). • Broadbent, Ann; Ji, Zhengfeng; Song, Fang. Zero-knowledge proof systems for QMA, https://arxiv.org/pdf/1604.02804.pdf (2016). • Unruh, Dominique. Quantum Proofs of Knowledge, https://eprint.iacr.org/2010/212.pdf (February 2015). • Wilcox, Zooko. Podcast, Zero Knowledge, The Future of Privacy. https://medium.com/blockchannel/episode-3-zero-knowledge-the-future-of-privacy-ea18479295f4 (February 21, 2017). • Wu, Huixin; Wang, Feng. A Survey of Noninteractive Zero Knowledge Proof System and its Applications. https://www.hindawi.com/journals/tswj/2014/560484/ (May 2014).
  • 61. Graph Isomorphism ZKP (GIZKP) Carnegie Mellon University, 2006 https://www.cs.cmu.edu/~ryanw/crypto/lec6.pdf How does Prover prove to Verifier that an isomorphism exists? Input: 2 isomorphic graphs G, H on n nodes each. Prover knows isomorphism f. A security parameter k (positive integer). Output: A zero-knowledge protocol that proves P knows f. Prover gives no info to V˜ P˜ can cheat (successfully) with probability ≤ 1/2 n . Protocol: Repeat k times. Prover: Privately take G and randomly permute vertices to get a graph F. Prover: Publicly present F to Verifier (G and H are public from the beginning). Verifier: Toss a coin, and ask Prover to show that G ∼= F if heads, or H ∼= F if tails. SSIMeetup.org
  • 62. Graph Isomorphism ZKP (GIZKP) Cornell University, 2009 http://www.cs.cornell.edu/courses/cs6810/2009sp/scribe/lecture18.pd f SSIMeetup.org
  • 63. EUROCRYPT 2018 Efficient Designated-Verifier Non-Interactive Zero-Knowledge Proofs of Knowledge • Pyrros Chaidos (University of Athens), Geoffroy Couteau (Karlsruhe Institute of Technology) Quasi-Optimal SNARGs via Linear Multi-Prover Interactive Proofs • Dan Boneh (Stanford), Yuval Ishai (Technion and UCLA), Amit Sahai (UCLA), David J. Wu (Stanford) https://eurocrypt.iacr.org/2018/acceptedpapers.html On the Existence of Three Round Zero-Knowledge Proofs • Nils Fleischhacker (Johns Hopkins University and Carnegie Mellon University), Vipul Goyal (Carnegie Mellon University), Abhishek Jain (Johns Hopkins University) An Efficiency-Preserving Transformation from Honest-Verifier Statistical Zero-Knowledge to Statistical Zero-Knowledge • Pavel Hubáček (Charles University in Prague), Alon Rosen (IDC Herzliya), Margarita Vald (Tel-Aviv University) Partially Splitting Rings for Faster Lattice-Based Zero-Knowledge Proofs • Vadim Lyubashevsky (IBM Research - Zurich), Gregor Seiler (IBM Research - Zurich) SSIMeetup.org
  • 64. The Schnorr NIZK proof is obtained from the interactive Schnorr identification scheme through a Fiat-Shamir transformation • This transformation involves using a secure cryptographic hash function to issue the challenge instead https://tools.ietf.org/html/draft-hao-schnorr-01 Schnorr NIZK (IETF Draft) Graphic: https://www.bswllc.com/resources-articles-preparing-for-th e-2013-coso-internal-framework SSIMeetup.org
  • 65. Zero-Knowledge Proof, Formal Definition http://www.cs.cornell.edu/courses/cs6810/2009sp/scribe/lecture18.pd An interactive proof system (P, V) for a language L is zero-knowledge if for any PPT verifier V∗ there exists an expected PPT simulator S such that ∀ x ∈ L, z ∈ {0, 1} ∗ , ViewV∗ [P(x) ↔ V∗ (x, z)] = S(x, z) As usual, P has unlimited computation power (in practice, P must be a randomized TM). Intuitively, the definition states that an interactive proof system (P, V) is zero-knowledge if for any verifier V∗ there exists an efficient simulator S that can essentially produce a transcript of the conversation that would have taken place between P and V∗ on any given input. SSIMeetup.org
  • 66. ZKPOK I can’t tell you my secret, but I can prove to you that I know the secret Source: J. Chou, SC700 A2 Internet Information Protocols (2001) Graphic: http://www.flowmarq.com/single-post/2015/05/18/IDENTITY-Clarifying-Motivations SSIMeetup.org
  • 68. ZKP Variations • GMR defined knowledge as the computational power of a party • Differentiates “knowledge” from “information” • Knowledge is coupled with computational power https://eprint.iacr.org/2010/150.pdf
  • 69. • One-Round ZKP • Pairing-Based Non-Interactive Arguments • Perfect ZKPs • Private-coin ZKP • Public-coin ZKP • Scalable Transparent Argument of Knowledge (STARK) • Scalable Transparent IOP of Knowledge (STIK) • Schnorr Non-Interactive Zero-Knowledge Proof • Statistical Zero-Knowledge • Succinct Interactive Proof (SCIP) • Succinct Non-Interactive Argument (SNARG) • Succinct Non-Interactive Argument of Knowledge (SNARK) • Super-Perfect ZKP • Symbolic Zero-Knowledge Proof • Three-Round ZKP • ZK Arguments • ZKP Based on Graph Isomorphism • ZKP of Proximity (ZKPP)https://ieeexplore.ieee.org/document/1524082/ https://eprint.iacr.org/2018/167.pdf https://eurocrypt.iacr.org/2018/acceptedpapers.html http://www0.cs.ucl.ac.uk/staff/J.Groth/NIZKJournal.pdf https://eprint.iacr.org/2017/114.pdf http://www.jmest.org/wp-content/uploads/JMESTN42351827.pdf Examples: ZKP Variations, Terminology SSIMeetup.org
  • 71. ISO/IEC 9798-5:2009 Compliance with ISO/IEC 9798-5 may involve the use of the following patents and their counterparts in other countries. https://www.iso.org/standard/50456.html Patent Title Inventor Filing Date US 4 995 082 Method for identifying subscribers and for generating and verifying electronic signatures in a data exchange system C.P. Schnorr 1990 US 5 140 634 Method and apparatus for authenticating accreditations and for authenticating and signing messages L.C. Guillou and J-J. Quisquater 1991 EP 0 311 470 Methods and systems to authenticate authorizations and messages with a zero knowledge-proof system and to provide messages with a signature L.C. Guillou and J-J. Quisquater 1998 EP 0 666 664 Method for performing a double-signature secure electronic transaction M. Girault 1995 SSIMeetup.org
  • 72. Attack Resilience (From Academia) http://repository.ust.hk/ir/bitstream/1783.1-6277/1/pseudo.pdf Attack Description Mitigation Impersonation A malicious impersonator, for either party Need secret, completeness and soundness Replay Attack Malicious peer or attacker collects previous proofs, and resends these Challenge message required Man in the Middle (MITM) Intruder is able to access and modify messages between prover and verifier (without them knowing) It depends, implementation specific Collaborated Attack Subverted nodes collaborate to enact identity fraud, or co-conspirator It depends, requires reputation auditing design Denial of Service (Dos) Renders networks, hosts, and other systems unusable by consuming bandwidth or deluging with huge number of requests to overload systems Could happen during authentication setup SSIMeetup.org
  • 73. ZKP Challenges https://www.slideshare.net/arunta007/elliptic-curve-cryptography-and-zero-knowledge-proof-27914533?next_slideshow=1 https://www.starkware.co/#jobs • Requires expertise and experience o PhD mathematics or cryptography o Algebraic cryptography, high-performance computation in finite fields o Applications of modern algebra to algorithms and computer science • Correct usage • Security, threat model • Audited code, formal verification • Known bugs and vulnerabilities Graphic: http://www.digifotopro.nl/content/beklimming-mount-everest-360-graden-vastgelegd SSIMeetup.org