In the age of the Internet, it’s getting harder and harder to keep secrets.
When you type in your password, there’s no telling who might be watching it go by. However, new research at Cornell may offer a pathway to more secure communications.
The answer is to not send sensitive information at all. Rafael Pass, associate professor of computer science, has developed a new protocol, or set of rules, to create what computer scientists call a “zero knowledge proof.”
“I think zero knowledge proofs are one of the most amazing notions in computer science,” Pass said. “What we have done is to combine it with another notion — that it’s easier to prove that a computation can be done correctly than it is to actually compute it.”
The result is a way to prove that you know something without saying out loud what it is you know. Instead of insecurely typing the password for your bank account, you just prove to the bank that you know the password. You could pass an exam by proving that you know the answer, without actually writing the answer down so the person sitting next to you can’t copy it.
Applications include password authentication, cryptography, auctions, financial transactions and online voting. “At this point it’s purely theoretical,” Pass cautioned, “but it is teaching us a lot more about how zero knowledge works. That’s what makes me excited.” Pass and colleagues will describe their work at the 54th Annual IEEE Symposium on Foundations of Computer Science, October 27 to 29 in Berkeley, CA.
In its simplest form, such a proof consists of answering questions that depend on having the secret knowledge. To prove you have been in my house, I might ask you what color my cat is. The idea has been around since 1985, and there are already many ways to do it. Early versions required only a few messages being passed back and forth, but were insecure if an attacker participated in many proofs at the same time, as can easily be done on the Internet. An attacker could pick up a little bit of information from each exchange, piecing together the whole secret. Some newer methods will remain secure over many simultaneous exchanges, but instead require many messages being passed back and forth. The new protocol gets the job done with as few as 10 exchanges, Pass said, while remaining secure over many simultaneous exchanges. The researchers supply a rigorous mathematical proof that the protocol is a true zero-knowledge system, and that it works with just a small number of exchanges.
The Latest on: Zero knowledge proof
- Bulletproofs: The Latest Technique to Improve Bitcoin’s Confidentiality on February 25, 2018 at 4:43 am
In it, the team proposes: [Bulletproofs are] a new non-interactive zero-knowledge proof protocol with very short proofs and without a trusted setup; the proof size is only logarithmic in the witness size. According to the researchers, privacy for payments ... […]
- A zero knowledge proof for Where’s Wally on February 25, 2018 at 4:28 am
Smart contracts, for example, could use a zero knowledge proof to conceal exactly how a contract has been satisfied, whilst only revealing the fact that it has indeed been satisfied. (This is useful if, say, the conditions of the contract are sensitive. […]
- Google discloses a "high" severity security flaw in Windows 10 [Update] on February 23, 2018 at 7:44 am
A few days ago, Google's Project Zero team publicly exposed a security flaw in Microsoft ... The security researcher who discovered this flaw has also attached a proof-of-concept code in C++ which creates a text file in the Windows folder, and abuses ... […]
- The 10 biggest breakthrough technologies of 2018... so far on February 21, 2018 at 10:04 am
A new cryptographic protocol called a zero-knowledge proof may help true internet privacy finally become a reality. It was pioneered by digital currency Zcash, the developers of which used a message called a zk-SNARK (zero-knowledge succinct non ... […]
- Rensselaer Central High School takes precautions after rumored threat on February 16, 2018 at 10:12 pm
However, the school's superintendent said they have zero proof and believe there's no credibility behind ... students that were around the new student. "To the best of the knowledge of the kids that were at the table that was it," said Craig. […]
- What zero-knowledge proofs will do for blockchain on December 16, 2017 at 6:41 am
Most recently, a couple of financial services stalwarts have embraced ZK proofs with great fanfare: A zero-knowledge proof or protocol allows a “prover” to assure a “verifier” that they have knowledge of a secret or statement without revealing the ... […]
- Israeli serial startup stars of blockchain tech return with QEDit, a zero-knowledge proof diligence tool on December 4, 2017 at 5:16 am
Leveraging some “mind boggling math” introduced as an update onto the Ethereum blockchain only a few months ago, QEDit is launching its product on our Battlefield stage at TechCrunch Disrupt Berlin. The company, which takes its name from the Latin ... […]
- ING Releases Zero-Knowledge Range Proof For More Efficient Blockchain Applications on November 20, 2017 at 6:25 am
ING Bank has released its Zero-Knowledge Range Proof (ZKRP) solution at the inaugural Enterprise Ethereum Alliance Event in Amsterdam. A zero-knowledge proof (ZKP) is a cryptographic method that allows a party (the prover) to prove to another party (the ... […]
via Google News and Bing News