Suppose we have a website and you log in the website with a username and a password.During registration your computer downloads a file containing a random 32 digit number.Now when you try to log in , the website asks you 5 questions.Which is the digit at position x?(with x being a random number from 0-31).Isnt this a zero knowledge proof type of user authentication?
Asked
Active
Viewed 75 times
2 Answers
2
No. It is not a zero knowledge proof. Zero knowledge means, roughly speaking, that the verifier gains no additional information other than the statement is true (in this case, that the user knows the secret). But in your protocol, the verifier does gain additional information. The verifier learns some of the digits of the secret. Thus, it is not a zero knowledge proof.
It is a sort of interactive proof system (a proof of knowledge, roughly speaking), more or less.
D.W.
- 167,959
- 22
- 232
- 500
1
A zero-knowledge proof intuitively can be understood as follows:
Party A, which wants to prove its credibility, presents two parts of the proof in two separate boxes to Person B. These two parts together would be successful at proving credibility. But B is only allowed to open one of the boxes. A does not have any information on what box B is going to pick.
This is sufficient to convince B after multiple rounds because B can only be lucky 50% of the time after each round. Why is this zero-knowledge? Because B can not convince any party C about the credibility, it can be claimed that the ordering of box picking was known to A before the proof began, giving it plausible deniability.
The model you described does not form a zero-knowledge because the website is gaining knowledge about the random bit, it would be zero-knowledge if you are able to present the proof that you are aware of the random number without leaking any information about the random number itself.
Zee
- 243
- 1
- 6