What are Zero-Knowledge Techniques and Zero-Knowledge Proofs (ZKPs)
Namaste🙏, I’m Ankita Sinha, an MTech CSE student doing a specialization in Information Security. You can connect with me on LinkedIn, and Github. Contributors of the Article: Megala & AnkitaTo preserve user privacy and guarantee data confidentiality on a network, it is crucial to secure communication between the mobile devices held by users and a remote server. Authentication of the participants is significant in mobile Internet-based applications to establish trust relations. While Blockchain is a trustworthy alternative for obtaining the desired privacy and security of information exchange, it features transparency as a setback. Therefore, Zero Knowledge Proof (ZKP) has been considered one of the prominent solutions for achieving the requirements of transaction confidentiality.
1. Introduction
Zero-knowledge techniques are mathematical methods used to verify things without sharing or revealing underlying data. Think of a payment app checking whether you have enough money in your bank account to complete a transaction without finding anything else about your balance. Or an app is confirming a password's validity without needing to process it directly. In this way, zero-knowledge proofs can help broker all sorts of sensitive agreements, transactions, and interactions in a more private and secure way.
Cryptography has been associated with Blockchain as one of the most crucial components since its inception. As a matter of fact, cryptography on the Blockchain is the foremost reason for its large-scale adoption across different industries for various companies. The ZKP Blockchain applications emerged with the arrival of a new cryptography protocol or mechanism based on mathematical foundations.
2. Zero-Knowledge Proof
Zero-knowledge protocols are probabilistic assessments, which means they don't prove something with the complete certainty that is simply revealing it would. Instead, they provide small pieces of unlinkable information that can accumulate to show that the validity of an assertion is overwhelmingly probable. Zero-knowledge proofs can be used to validate cryptocurrency transactions managed on a blockchain and combat fraud without revealing data about which wallet a payment came from, where it was sent, or how much currency changed hands. By contrast, digital currency that doesn't incorporate zero-knowledge proofs, like Bitcoin, reveals all of that information.
Zero-Knowledge Proofs (ZKPs) allow data to be verified without revealing that data. They, therefore, have the potential to revolutionize the way data is collected, used, and transacted with. Each transaction has a 'verifier' and a 'prover'. In a transaction using ZKPs, the prover attempts to prove something to the verifier without telling the verifier anything else about that thing. By providing the final output, the prover proves that they are able to compute something without revealing the input or the computational process. Meanwhile, the verifier only learns about the output.
A true ZKP needs to prove three criteria:
(i) Completeness: Completeness of the transaction is essential. It implies that the truth of a statement convinces the verifier about the fact that the prover has possession of the required input. It should convince the verifier that the prover knows what they say they know
(ii) Soundness: if the information is false, it cannot convince the verifier that the prover's information is true. It is the second important trait in the design of a ZKP. It indicates that a dishonest prover cannot convince the verifier about the fact that they have the required input when their statement is false.
(iii) Zero-knowledge-ness: it should reveal nothing else to the verifier. The final and most critical factor in the design of a zero-knowledge proof refers to zero knowledge. The primary indication of the zero-knowledge aspect in ZKP points out towards non-disclosure of information. Irrespective of the fact that the statement is true or false, the verifier must not learn anything about the information.
There are two types of ZKP: non-interactive ZKP and interactive ZKP
Zero-Knowledge Succinct Non-interactive Arguments of Knowledge (Zk-SNARKs, a type of non-interactive ZKP) are Zero-Knowledge because they don't reveal any knowledge to the verifier, succinct because the proof can be verified quickly, noninteractive because repeated interaction is not required between prover and verifier and arguments of knowledge because they present soundproof.
3. Related works on Zero-Knowledge protocols
3.1 Adaptive Group-based Zero-Knowledge Proof- Authentication Protocol in Vehicular Ad Hoc Networks. IEEE Transactions on Intelligent Transportation Systems 21, no. 2 (2019): 867–881.
Authentication technologies based on security policies and access control rules in Vehicular Ad Hoc Networks (VANET) assume full trust in the roadside units (RSU) and authentication servers. RSU utilizes information such as Vehicle Identification Numbers (VIN) to track a user's traveling behavior, violating user privacy and anonymity. In this paper, an adaptive group-based zero-knowledge proof authentication protocol has been implemented to offer various levels of users' privacy settings based on the type of services available. This protocol is integrated with a security feature that enables a network to dynamically adjust the internal state of the protocol to fit a service requirement. The amount of private information enclosed during the authentication phase can be controlled by a dynamically updated parameter, α, the threshold value for validating a user on the network.
This paper implemented a two-way zero-knowledge protocol as On-Board Unit (i.e., Car) OBU to Access point in the network — RSU authentication and RSU to OBU authentication. AES128 symmetric approach has been used to encrypt both OBU and RSU proofs. RSU announces its public certificate, whereas OBU constructs the message with its private parameters and encrypts using RSU's public key and requests for communication. First, OBU acts as a prover and sends a proof of knowledge PF(SGi ) on group-based secrets SGi generated at time T2 using session key K session. RSU will verify the proof. Secondly, RSU acts as a prover and submits the encrypted proof PF(ti) to the OBU, which now acts as a verifier to authenticate, achieving users' anonymity. Here the prover picks a random number R and sends W=±R2 mod m. The verifier sends a random binary string (b0, …, bk). Prover then computes Y=R.y=0y=kPrybymod m and sends it to the verifier. The verifier receives Y and verifies that Y2=W.y=0y=kgybymod m.
Security analysis:
The probability of an OBU cheater where an OBU can easily cheat a verifier (RSU) with probability Pc is computed. A cheater needs to guess a random binary vector (b0, b1,…, bk ) with a probability of 2−k per iteration, providing Y=R.
The probabilities of false authentication are estimated. False authentication occurs in the proposed protocol when two OBUs from the same group establish similar μ ZKP poofs with an RSU. The verifier (OBU) and the proofer securely construct the shared polynomial F(x) independently using a secure cryptographic hash function.
Merits:
Users have the option to make critical decisions on the level of privacy and the amount of resources usage they prefer, such as short system response time versus the number of private information disclosures.
This authentication protocol is incorporated with a distributed privilege control and revoking mechanism that render users' private information to law enforcement in case of a traffic violation.
AGZKP-AP provides substantial resistance to attacks with a probability of false authentication approaching zero.
3.2 Efficient authentication protocol with anonymity and key protection for mobile Internet users. Journal of Parallel and Distributed Computing 137 (2020): 179–191.
Authentication protocol with distributed key generation for mobile devices has been implemented, which is composed of the initialization phase, registration phase, and mutual authentication & key exchange phase. Zero-knowledge proof, an authentication protocol was used for the mobile Internet, which can provide both anonymity and key protection. Linear encryption techniques and two-party protocols are used to generate an authentication key. After successful mutual authentication, the signature procedure is implemented. In the initialization phase, the server generates groups, generators of groups, hash functions, and two random private key parameters and computes the public key based on these parameters, and then publishes it. In the registration phase, users requests registration and are provided private keys. User's on choosing two random parameters belonging to prime order, computes the hash function to generate the private key as well as the public key. Then user applies a mod function to generate the shared secret key. In the mutual authentication & key exchange phase, users and server establish a session key and generates proof based on the parameters received and the server verifies it. The timestamps are used to check the freshness of messages between users and a server.
Security analysis:
Mutual authentication shows that no adversary successfully forges authentication transcripts of users and servers.
Unlinkability shows that no adversary who can view the Internet traffic is able to track which servers/services a given user.
It is resistant to men in middle attacks as it is difficult to compute the server's private keys.
Merits:
This authentication protocol achieves anonymity by translating a proof of knowledge to a signature of knowledge. The anonymity property means that the server should not know which user it is interacting with. To model the anonymity against a corrupted server, the adversary is given a corrupted server's private key.
3.3 Privacy-preserving authentication scheme for connected electric vehicles using Blockchain and zero-knowledge proofs. IEEE Transactions on Vehicular Technology 69, no. 6 (2020): 5760–5772.
The framework allows an EV user to request charging scheduling from an EVSP in an Ethereum Blockchain application while ensuring the privacy of the EV user. The concept of Zero-Knowledge Succinct Non-Interactive Argument of Knowledge (zkSNARK) is utilized which aims to provide an efficient variant of zero-knowledge proofs. zkSNARKs allows a person to prove to another person the correctness of a statement without revealing the contents of the proof in one message. Once verified by the smart contract without being identified, an Ethereum token system is used to issue tokens to that EV. The tokens will be used for scheduling and charging services requested through a near-random address, hereafter referred to as a pseudonym. The token approach will ensure the authentication and charging operations are kept separate and thus EVs remain anonymous.
Merits:
Service providers that have data breaches are often due to node failure where the customer's data is breached due to a single security measure failing.
Through cryptocurrencies, payment information will not be exposed to service providers.
3.4 Privacy-preserving traffic management: A blockchain and zero-knowledge proof inspired approach. IEEE Access 8 (2020): 181733–181743.
A decentralized and location-aware architecture of the blockchain-based traffic management system, which addresses privacy-preserving and integrity issues, has been proposed in this paper. The architecture enables the application of both permission-based (PBL) and modularly distributed blockchain networks and non-interactive zero-knowledge proof-of-relativity (ZKRP) protocol. Hence, Hyperledger Fabric and the Hyperledger Ursa cryptographic library have been included in the design of the prototype system. The ZKP protocol allows the prover, referred to as the confirmer, to prove, by committing to the scheme, that the secret is true to the other party (the verifier) without communicating to the other party any additional information apart from knowing the secret. The zero-knowledge set membership (ZKSM) problem proves that an unknown part resides in some of the data in a particular set [u, v]. The ZKSM illustrates PK{(δ, γ ): y = g h ∧ (u ≤ δ ≤ v)}, where g h is a dedication of the secret δ ∈ [u, v] using the random value γ. It proves to the verifier that the secret in γ lies in the set [u, v]. They focus on ZKSM, zero-knowledge range proof (ZKRP) related to ZKSM protocols. ZKRP is a protocol that allows the blockchain network to verify a secret key that is within a range without revealing the secret number. It can be applied to different kinds of decentralization applications. The architecture design helps inter-network operations concerning the preservation of data privacy. With the ZKRP protocol, privacy and integrity across the network are preserved. And for the intra-network, architecture is designed with a Hyperledger fabric platform for sharing and recording the data in the system and transaction validation. ZKRP prevents any linking of sensitive information. Since interactive ZKP would require more communication and delay the gateway's real-time operation, it would not be suitable for connecting to the gateway.
Merits:
Proofs based on zero-knowledge have been used to demonstrate knowledge, i.e., data, to others without divulging any knowledge about the secret keys.
The data privacy and integrity across the network are preserved with ZKRP. As it prevents any linking of sensitive information but still validates the information.
For decentralized traffic management, the ZKRP scheme is effective and feasible.
3.5 Secure remote multi-factor authentication scheme based on chaotic map zero-knowledge proof for crowdsourcing internet of things. IEEE Access 8 (2019): 8754–8767.
The paper presents a new secure remote authentication scheme with three layers: 1) the identity of the user; 2) a password; and 3) a biometric of the user, which is authenticated by the remote server, help in the key agreement process, and are included in the key agreement. Chaos maps, which have a smaller key size and a lower computational overhead, are used to achieve remote multi-factor authentication and key agreement. They are then implemented with zero-knowledge technology and fuzzy extraction technology to gain remote multi-factor authentication. Due to the fact that the user is revealing anything sensitive, the adversary will not be able to impersonate any user even if the server's master key has been compromised. Hence, it is more secure and robust. This zero-knowledge proof allows prover P to prove to verifier V knowledge of s ∈ Z p * with the generate function g such that y = gs for some y ∈ Z p *. The presented scheme is proven secure by using Random-Or-Real (ROR), Burrows-Abadi-Needham (BAN) logic, and ProVerif 2.0. Moreover, a security analysis of various attacks was conducted. The proposed design has four phases: 1) system setup; 2) registration; 3) the login and authentication phase; 4) the password, biometric change, and device revocation phase. For system setup, the server S is responsible for choosing a large prime number p, and a Chebyshev polynomial Tn(x) where x ∈ (−∞, +∞). The hash function are H1(·): {0, 1}* → Z p *and H2(·) : {0, 1}* →{0, 1}n. The reference string is < p, H1(·),H2(·),Tn(x) >. A secure channel is used to receive a certificate from the server during registration for user Ui. Ui must complete the login, authentication, and key agreement phases to access the services from S. Those using the appropriate credentials, i.e., a valid user, can change their old password PWi and their old biometric Bi to new password PW'i and a new biometric B'i, in the password, biometric change, and device revocation phase. They are providing low computational overhead and communication overhead.
Security Analysis:
Based on the random-or-real model, the semantic security of the proposed scheme can be verified.
Mutual authentication proof is provided by the BAN logic between the server and the user.
In order to obtain the result of mutual authentication and session key secrecy, Proverif 2.00 was used to simulate the login, authentication, and key agreement phases for user Ui and server S.
This zero-knowledge proof scheme proves to be secure from numerous attacks.
Merits:
The proposed scheme improves as much functionality as possible and also eliminates multiple security flaws. It is more efficient than lightweight schemes, too.
Multi-factor authentication is achieved using zero-knowledge and fuzzy extraction technology.
Proven to be more secure and robust and user impersonation is a fail due to zero-knowledge proof.
4. Challenges in Authentication mechanisms
The Defense Advanced Research Projects Agency announced a new initiative called Securing Information for Encrypted Verification and Evaluation that aims to adapt zero-knowledge proofs for use by the US military. In practice, that might mean developing capabilities to prove the origin or provenance of data without revealing how it was specifically obtained. It could involve proving that a digital system has a security vulnerability, without needing to disclose details about the vulnerability or methods to exploit it. The most concrete SIEVE example relates to attributing a cyberattack to a specific group of people, entity, or nation. In this situation, the goal would be the ability to prove attribution without needing to reveal classified intelligence or either side's specific hacking capabilities. If zero-knowledge proofs could be used in this way, the technique would make it significantly easier to deal with cybersecurity's well-documented attribution problem.
Beyond blockchain data verification, recently improved agility in zero-knowledge proofs can apply to all different types of size and scale comparisons. And researchers suggest that such techniques could also potentially be used physically in, say, nuclear arms control, to determine the nuclear missile capabilities of different countries without directly being able to inspect their weapons.
The foremost area of application for ZKPs in Blockchain refers to messaging. End-to-encryption is a mandatory requirement in a privacy-oriented world. Encryption of messages aims at ensuring that no third party is able to view the communication between two individuals. Generally, messaging platforms require that users should verify their identity to the server, and the server must recognize the user. On the other hand, zero-knowledge proof allows the development of end-to-end trust in the world of messaging without leaving out any additional information. Therefore, the applications of ZKP in messaging applications are one of their major applications in the domain of Blockchain.
The transmission of sensitive information has slowly turned into a massive priority for enterprises, especially with radically expanding information systems and relevant functionalities. Zero-knowledge proof can provide the ideal platform for the transmission of sensitive information such as authentication information along with the assurance of improved security. Zero-knowledge proofs can help in the development of a secure channel tailored for users to use their information without exposure. As a result, ZKPs can help considerably in avoiding the concerns of data leakage in the worst-case scenarios.
Zero-knowledge proofs can also find reliable applications in the blockchain world for complicated documentation procedures. It can help in providing the facility for the encryption of data in chunks. As a result, users could easily gain control over specific blocks in order to enable access for a specific user. At the same time, it also ensures the restriction of access for other users. Therefore, ZKPs can easily ensure the best safeguards for complex documentation while restricting access for non-authorized individuals.
5. Conclusion
Zero-knowledge techniques allow you to verify things without sharing or revealing the details of the data. It is a cryptographic algorithm, i.e., a mathematical method that makes it possible to use services or validate information without revealing any sensitive information, i.e., demonstrating that the specific data is valid. They provide a secure channel for transferring data without revealing it. Consequently, it is more robust and secure than other authentication schemes and adds a layer of security and privacy to a service model. A technical challenge for this cryptographic algorithm is its scalability and high computing capacity. With this technique, one party, i.e., the prover, can validate data to the other party, verifier, that the data is valid. As a consequence, it is regarded as one of the handy tools used by various sectors.
References
