El documento presenta un protocolo de autenticación basado en pruebas de conocimiento cero, diseñado para dispositivos móviles, donde se propone utilizar la teoría de grafos para enfrentar problemas de compartición de credenciales. Se describe un protocolo de identificación que utiliza caminos no cruzados y disjuntos en un ciclo hamiltoniano, garantizando la seguridad frente a intrusos mediante la complejidad computacional del problema. Se espera que las contribuciones incluyan una implementación eficiente del protocolo y la caracterización de caminos en grafos.

1. Authentication protocols based on zero knownledge proof
Brief introduction
Israel Buitron Damaso1
1Computer Science Department
Centro de Investigacion y de Estudios Avanzados del Instituto Politecnico Nacional
September 26, 2014

2. Outline
Introduction
Our work

3. Outline
Introduction
Problem statement
Proposed solution
Expected contributions
Concepts

4. Problem
I In mobile devices some alternatives to current protocols are required.
I Little instances of hard problems.
I In some cases parties should not share credentials.
I Applications can reduce data transferences, such that, bank mobile
applications

5. Outline
Introduction
Problem statement
Proposed solution
Expected contributions
Concepts

6. Proposed solution
I Zero-knowledge proof could be used in authetication protocols
I In graphs theory, many hard problems can be proposed, one of them is
independence set
I Some kinds of graphs have a synthetic representation
I A good trade-o could be fould between data shared and a good way to
reject intruders

7. Outline
Introduction
Problem statement
Proposed solution
Expected contributions
Concepts

8. Contributions
I Characterization of paths graphs
I A one-way function will be proposed
I An authentication protocol will be proposed
I An ecient implementation for mobile devices

9. Outline
Introduction
Problem statement
Proposed solution
Expected contributions
Concepts
Graph theory

10. Graph
I A graph is a pair G = (V;E) where V (G) is a

11. nite and non-empty set of
vertices, and the set E(G) of edges is an unordered subset of V V
I The order and the size of G are the cardinalities of V (G) and E(G)
respectively

12. Subgraph
I A subgraph H of G is a graph such that V (H) V (G) and
E(H) E(G).
I If V 0 V (G) then the induced subgraph of G by V 0 is the graph having
V 0 as set of vertices
I Two vertices u; v in V 0 are joined by an edge in V 0 if and only if
uv 2 E(G).
I If e = v1v2 2 E(G) then v1 is adjacent to v2 and the vertices v1 and v2
are incident to the edge e.

13. Clique
I The complete graph Kn of order n is a graph having n vertices, where
each one is adjacent to any other.
I A clique in G is a complete induced subgraph of G.

14. Path and cycle
I A path in G with initial vertex v0 and ending vertex vm is a sequence of
vertices = v0v1 : : : vm, such that for i = 0; : : : ;m 1, vivi+1 2 E(G),
v0; : : : ; vm are pairwise dierent, and m is a positive integer.
I The vertices v0 and vm are the end-vertices or endpoints of .
I The length jj of the path is m, hence is said to be an m-path.
I The internal vertices of are v1; : : : ; vm1
I If v0 = vm, then is a cycle.

15. Non-crossing and disjoint paths
I The distance dG(u; v) between two vertices u; v in G is the length of the
shortest path connecting u and v.
I Two paths which are not cycles 1, 2 are non-crossing if there is no
common vertex in 1 and 2 which is internal in at least one of the paths.
I We say that the paths 1 and 2 are disjoint if no edge appears in both
paths.

16. Hamiltonian graph
I A two-factor in a graph G is a family C1; : : : ;Ck of cycles of G such that
any vertex in G belongs to one and only one cycle Ci.
I A two-factor of G consisting of only one cycle is a Hamiltonian cycle of G.
I Let HG be the collection of Hamiltonian cycles in G, if HG6= ; then G is
called Hamiltonian.

17. Independent set
I An independent set of G is a subset I of V (G) such that no edge in E(G)
contains both endpoints in I.
I A maximal independent set of G is an independent set of G that is not a
proper subset of another independent set of G.
I A maximum independent set of G is a maximal independent set with the
largest cardinality, the so called independence number (G) of G.

18. Independent set problem
I In this case, independent set problem consists in

19. nding maximum
independent set in a given graph G.
I This is an NP-hard problem, dicult even to be aproximated.

20. Outline
Introduction
Our work

21. Outline
Our work
Identi

22. cation protocol
NonCrossingPaths problem
Path graphs

23. Parameters of protocol
I G = (V;E), a graph,
I k, number of m-paths in a hamiltonian cycle,
I K, a set of endpoint vertices for each m-path,
I m, size of m-paths.
Note:
Let s = f(jV j; jEj) be the representation size of G, i.e. the number of bits
required to state explicitly G, usually f is a polylogarithmic map.

24. Properties of graphs
Properties required for graphs G:
1. Huge number of Hamiltonians: jHGj is superexponential with respect to s,
2. Intractability: the problem NonCrossingPaths is computationally
intractable with respect to the size of the given instance.

25. Protocol parties
I Let P be a set of participants.
I Let G be a Hamiltonian graph satisfying the above properties, publicly
known.
I Each participant p 2 P constructs randomly a Hamiltonian cycle
Hp 2 HG.
I Selects as private key a set p of kp non-crossing and disjoint mp-paths
directly from H for positive values mp and kp.
I selects as public key the tuple (kp;mp;Kp), where Kp is the set of pairs of
endpoints of the paths in p

26. Identi

27. cation protocol
Objective
A prover shall prove to a veri

28. er that he/she knows the private key p of
his/her public key (kp;mp;Kp).

29. Identi

30. cation protocol
Procedure
1. The veri

31. er selects a subset Lv Kp and sends it to the prover as a
challenge.
2. The prover replies with the list RLp of mp-paths connecting each pair at
Lv.
3. The veri