Interaction, randomness,
and zero-knowledge
Docsity.com
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Guidelines and tips
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Community
Ask the community
Ask the community for help and clear up your study doubts
University Rankings
Discover the best universities in your country according to Docsity users
Free resources
Our save-the-student-ebooks!
Download our free guides on studying techniques, anxiety management strategies, and thesis advice from Docsity tutors
Interaction - Automata and Complexity Theory - Lecture Slides, Slides of Theory of Automata
Some concept of Automata and Complexity Theory are Administrivia, Closure Properties, Context-Free Grammars, Decision Properties, Deterministic Finite Automata, Intractable Problems, More Undecidable Problems. Main points of this lecture are: Interaction, Zero-Knowledge, Randomness, Password, Naïve Authentication, Server, Impersonate, Same Password, Web Sites, Information
Typology: Slides
2012/2013
1 / 21
This page cannot be seen from the preview
Don't miss anything!
Related documents
Partial preview of the text
Download Interaction - Automata and Complexity Theory - Lecture Slides and more Slides Theory of Automata in PDF only on Docsity!
Interaction, randomness,
and zero-knowledge
Authentication
What happens when you type in your password?
“Zero-knowledge” authentication
acme.com
Can you convince the server that you know your password, without revealing it (or any other information)?
I know the password
Can you prove it?
What is knowledge?
• Example 1: Tomorrow’s lottery numbers
We are ignorant of them because they are
random
What is ignorance?
(lack of knowledge)
Using ignorance to our advantage
acme.com
I know the password
Can you prove it?
We want to convince the server that we know the password, while keeping it ignorant of the password itself
The server is convinced, but gains zero-knowledge!
A protocol for “non-color-blindness”
- You want to convince me you are not color-blind
I pull at random either a red ball or a blue ball and show it to you You say “red” or “blue”
We repeat this 10 times
If you got all the answers right, I am convinced you know red from blue
A different protocol
box 1
box 2
I pull at random either two balls from same box or one ball from box 1 and one from box 2
You say “same color” or “different color”
We repeat 10 times
If you got all the answers right, I am convinced you know red from blue
But I did not gain any other knowledge!
Zero-knowledge
• Suppose I am color-blind but you are not
• In the first protocol, I cannot predict your
answer ahead of time
• In the second protocol, I know what you will
say, so I do not gain knowledge when you say
it
Graph coloring
• Theorem
Task: Assign one of 3 colors to the vertices so that no edge has both endpoints of same color
3COL = { G : G has a valid 3-coloring}
3COL is NP-complete
NP-hardness of 3COL
• Proof sketch of NP-hardness: Reduce from
3SAT
We describe G :
3CNF formula f graph G
G has a valid 3-coloring
R
f is satisfiable
Part I: 3 special vertices T (true), F (false), and X
T F
X
Password authentication via 3-
coloring
• Step 0: When you register for the web service,
choose your password to be a valid 3-coloring
of some (suitable) graph
acme.com
registration
password:
6 G
Password authentication via 3-
coloring
• When the server asks for your password
do not send the password, but send the graph
G instead (without the colors)
acme.com
password:
6 G
password? G
The login phase
password: You randomly permute the colors
You lock each of the colors in a box and send the boxes to the server
The server chooses an edge at random and asks for the keys to the boxes at the endpoints You send the requested keys The server unlocks the two boxes and checks the colors are differentRepeat this 1000 times. Login succeeds if colors always different