meljun cortes automata theory 24

8/13/2019 MELJUN CORTES Automata Theory 24

1/21

CSC 3130: Automata theory and formal languages

Interaction, randomness,

and zero-knowledge

MELJUN P. CORTES MBA MPA BSCS ACS

MELJUN CORTES


2/21

Authentication

What happens when you type in your password?


3/21

Nave authentication

The server knows your password

So they can impersonate you at other web sites

where you use the same password

login: me

password: opensesame

OK

you server

acme.com


4/21

Zero-knowledge authentication

acme.com

Can you convince the server that you knowyour password,

without revealing it (or any other information)?

I know the password

Can you prove it?


5/21

What is knowledge?

Example 1: Tomorrows lottery numbers

We are ignorant of them because they are

random

What is ignorance?

(lack of knowledge)

2 31 12 7 28 11


6/21

What is ignorance?

Example 2: A difficult math problem

We are ignorant because it takes a lot of work tofigure out the answer

Questions of this type include Finding satisfying assignments to Boolean formulas

Finding cliques in graphs

All NP-hard problems

Prove that P NP


7/21

Using ignorance to our advantage

acme.com

I know the password

Can you prove it?

We want to convincethe server that we knowthe password,

while keeping it ignorantof the password itself

The server is convinced, but gains zero-knowledge!


8/21

A protocol for non-color-blindness

You want to convince me you are not color-blind

I pull at random either a red ball

or a blue ball and show it to you

You say red or blue

We repeat this 10 times

If you got all the answers right,I am convinced you know red from blue


9/21

Interaction and knowledge

What knowledgedid I gain from this interaction?

I learned that you can tell blue from red

But I also learned the colors of the ballsin each glass

Suppose I was color-blind

Then I used you to gain some knowledge!


10/21

A different protocol

box 1

box 2

I pull at random either two balls from same box

or one ball from box 1 and one from box 2

You say same color or different color

We repeat 10 times

If you got all the answers right,

I am convinced you know red from blue

But I did not gain any other knowledge!


11/21

Zero-knowledge

Suppose I am color-blind but you are not

In the first protocol, I cannot predictyour answer

ahead of time

In the second protocol, I knowwhat you will say,

so I do not gain knowledgewhen you say it


12/21

Zero-knowledge password

authentication

acme.com

Oded Goldreich Silvio Micali Avi Wigderson


13/21

Graph coloring

Theorem

Task: Assign one of 3colors tothe vertices so that no edge has

both endpoints of same color

3COL = {G: Ghas a valid 3-coloring}

3COLis NP-complete


14/21

NP-hardness of 3COL

Proof sketch of NP-hardness: Reduce from 3SAT

We describe G:

3CNF formulaf graphG

Ghas a valid 3-coloring

R

fis satisfiable

Part I: 3 special verticesT (true), F (false), and X

T F

X


15/21

NP-hardness of 3COL

Part 2: For each variable xi

xi

X

xi

Either xihas color of Tand xihas color of F

Or xihas color of F

and xihas color of T

Part 3: For each clause, e.g. x1x2x3

Can be 3-colored

iff clause is satisfied

x1

x2

x3

T


16/21

Password authentication via 3-coloring

Step 0: When you register for the web service,

choose your password to be a valid 3-coloring of

some (suitable) graph

acme.comregistration

password:1

2

3 4

5

6 G


17/21

Password authentication via 3-coloring

When the server asks for your password

do not send the password, but send the graph G

instead (without the colors)

acme.com

password:1

2

3 4

5

6 G

password?

G


18/21

Intuition about registration phase

Because 3-coloring is hard, the server will not beable to figure out your password (coloring) from G

Later, when you try to log in, you will convincethe server that you knowhow to color G, without

revealing the coloring itself

The server will be convinced you know yourpassword but remain ignorant about what it is


19/21

The login phase

password: You randomly permute the colors

You lock each of the colors in a

box

and send the boxes to the server

1

2

3 4

5

6

The server chooses an edge at

random and asks for the keys tothe boxes at the endpoints

You send the requested keys

The server unlocks the two

boxesand checks the colors are

differentRepeat this 1000 times. Login

succeeds if colors always different


20/21

Analysis in the login phase

If you are an impostor, you wont know how tocolor the graph, so at least one of the edges will

have endpoints of the same color, and the server

is likely to catch this

If you are honest, the server remains ignorant

about your password, because all he sees are

two random different colors

But how do we send locked boxesand keysover

the internet?


21/21

meljun cortes automata theory 24

Documents