First part of a brief introduction to my PhD research titled "Authentication protocols based on zero knownledge proofs".
This presentation was given in a PhD class.
PARES CRANEALES. ORIGEN REAL Y APARENTE, TRAYECTO E INERVACIÓN. CLASIFICACIÓN...
Authentication protocols based on zero knowledge proofs (Part 1 - Brief Talk)
1. Authentication protocols based on zero knownledge proof
Brief introduction
Israel Buitron Damaso1
1Computer Science Department
Centro de Investigacion y de Estudios Avanzados del Instituto Politecnico Nacional
September 26, 2014
4. Problem
I In mobile devices some alternatives to current protocols are required.
I Little instances of hard problems.
I In some cases parties should not share credentials.
I Applications can reduce data transferences, such that, bank mobile
applications
6. Proposed solution
I Zero-knowledge proof could be used in authetication protocols
I In graphs theory, many hard problems can be proposed, one of them is
independence set
I Some kinds of graphs have a synthetic representation
I A good trade-o could be fould between data shared and a good way to
reject intruders
8. Contributions
I Characterization of paths graphs
I A one-way function will be proposed
I An authentication protocol will be proposed
I An ecient implementation for mobile devices
10. Graph
I A graph is a pair G = (V;E) where V (G) is a
11. nite and non-empty set of
vertices, and the set E(G) of edges is an unordered subset of V V
I The order and the size of G are the cardinalities of V (G) and E(G)
respectively
12. Subgraph
I A subgraph H of G is a graph such that V (H) V (G) and
E(H) E(G).
I If V 0 V (G) then the induced subgraph of G by V 0 is the graph having
V 0 as set of vertices
I Two vertices u; v in V 0 are joined by an edge in V 0 if and only if
uv 2 E(G).
I If e = v1v2 2 E(G) then v1 is adjacent to v2 and the vertices v1 and v2
are incident to the edge e.
13. Clique
I The complete graph Kn of order n is a graph having n vertices, where
each one is adjacent to any other.
I A clique in G is a complete induced subgraph of G.
14. Path and cycle
I A path in G with initial vertex v0 and ending vertex vm is a sequence of
vertices = v0v1 : : : vm, such that for i = 0; : : : ;m 1, vivi+1 2 E(G),
v0; : : : ; vm are pairwise dierent, and m is a positive integer.
I The vertices v0 and vm are the end-vertices or endpoints of .
I The length jj of the path is m, hence is said to be an m-path.
I The internal vertices of are v1; : : : ; vm1
I If v0 = vm, then is a cycle.
15. Non-crossing and disjoint paths
I The distance dG(u; v) between two vertices u; v in G is the length of the
shortest path connecting u and v.
I Two paths which are not cycles 1, 2 are non-crossing if there is no
common vertex in 1 and 2 which is internal in at least one of the paths.
I We say that the paths 1 and 2 are disjoint if no edge appears in both
paths.
16. Hamiltonian graph
I A two-factor in a graph G is a family C1; : : : ;Ck of cycles of G such that
any vertex in G belongs to one and only one cycle Ci.
I A two-factor of G consisting of only one cycle is a Hamiltonian cycle of G.
I Let HG be the collection of Hamiltonian cycles in G, if HG6= ; then G is
called Hamiltonian.
17. Independent set
I An independent set of G is a subset I of V (G) such that no edge in E(G)
contains both endpoints in I.
I A maximal independent set of G is an independent set of G that is not a
proper subset of another independent set of G.
I A maximum independent set of G is a maximal independent set with the
largest cardinality, the so called independence number (G) of G.
23. Parameters of protocol
I G = (V;E), a graph,
I k, number of m-paths in a hamiltonian cycle,
I K, a set of endpoint vertices for each m-path,
I m, size of m-paths.
Note:
Let s = f(jV j; jEj) be the representation size of G, i.e. the number of bits
required to state explicitly G, usually f is a polylogarithmic map.
24. Properties of graphs
Properties required for graphs G:
1. Huge number of Hamiltonians: jHGj is superexponential with respect to s,
2. Intractability: the problem NonCrossingPaths is computationally
intractable with respect to the size of the given instance.
25. Protocol parties
I Let P be a set of participants.
I Let G be a Hamiltonian graph satisfying the above properties, publicly
known.
I Each participant p 2 P constructs randomly a Hamiltonian cycle
Hp 2 HG.
I Selects as private key a set p of kp non-crossing and disjoint mp-paths
directly from H for positive values mp and kp.
I selects as public key the tuple (kp;mp;Kp), where Kp is the set of pairs of
endpoints of the paths in p
31. er selects a subset Lv Kp and sends it to the prover as a
challenge.
2. The prover replies with the list RLp of mp-paths connecting each pair at
Lv.
3. The veri
32. er accepts accordingly to whether RLp is a collection of pairwise
non-crossing and disjoint mp-paths in G.
35. cation protocol be tampered by an Intruder, a fake
private key should be forged, hence the problem NonCrossingPaths should be
solved.
The robustness of the identi
39. Problem
Instance: A graph G = (V;E),
a positive number k,
a set K = f(i1; j1); : : : ; (ik; jk)g of k pairwise dierent pairs of
vertices in G and,
a positive integer m satisfying m k jV (G)j.
Solution: A pairwise non-crosing and disjoint collection of m-paths
= f1; : : : ; kg
40. Construction
I Given a Hamiltonian cycle H of G it is very simple to complete instances
of NonCrossingPaths having as solutions non-crossing and disjoint paths
taken from H
I For instance, if H = v0v1 : : : vjV (G)j1, and m k jV (G)j, then for
K = f(v0; vm) ;
(vm+1; v2(m+1)1) ;
...
;
(v(k1)(m+1); vk(m+1)1)g
the collection of paths
= fv0 : : : vm ;
vm+1 : : : v2(m+1)1 ;
...
v(k1)(m+1) : : : vk(m+1)1g
is a solution.
43. Path graphs
Given an instance of NonCrossingPaths (G, k, K, m), where
K = f(ui1 ; uj1 ); : : : ; (uik ; ujk )g, let the path graph, Pm;k;K;G, be the graph
whose vertices are the m-paths in G connecting pairs at K:
= [uj0 : : : ujm] 2 V (Pm;k;K;G) , (uj0 ; ujm) 2 K;