Information Technology Reference
In-Depth Information
2.2
Definitions
Here we shall be discussing the concepts of zero-knowledge proofs and PAP in brief.
2.2.1 Zero-Knowledge Proof
Let us first discuss the concept of zero knowledge proofs. The concept of zero-
knowledge can be explained with the help of a classical example of two identical
balls[9]. Suppose a person, say 'A' has two identical billiards ball of different colors,
say red and blue. Now he want to convince his friend, say 'B' that the two balls are of
different colors.
The basic approach will be to give the two balls to B so that he can see them and
confirm the fact that the two balls are of different colors or not. However, in this
scheme B gains knowledge about the colors of the balls.
Using the zero-knowledge approach, however A can convince his friend B that he
has balls of different colors without having B see the balls actually. To do this, A
blindfolds B and then places a ball on each of B's hand. Though B has no idea about
which ball is of which color but A can see the color of the two balls.
Now A asks B to take his hands at the back and either swap the arrangement of the
two balls or keep the arrangement same as original and show him the balls again. A
sees the new arrangement of the balls and lets B know whether the balls were
swapped or not. Thus A can prove to B that he has given him balls of different colors
without revealing anything about color of the balls.
Let us say they play this game 't' times, where the value of t is large. If A tries to
cheat B by giving him both the balls of same color, then the probability that A will
still be able to answer correctly in each game is 2
-t
which is negligible for large value
of t.
This is a zero knowledge approach since A convinced B that he has two balls of
different colors but at end of all games, B does not gain any knowledge about the
colors of the two balls or any knowledge on how to distinguish the two balls.
Another classic example to understand zero-knowledge proof is given in [15]
which uses the example of magic cave to explain the same concept.
2.2.2 Password Authentication Protocol
Let us now discuss about the Password Authentication Protocol(PAP)[12,13]. PAP is
an authentication protocol which is being used by point-to-point protocol to validate
and authenticate users before they can access resources. This protocol requires the
user to send the username and password to the authenticating server in cleartext thus
making it vulnerable to packet sniffing & eavesdropping.
After the server receives the username & password, it generates hash of the
password using the same algorithm which was used to hash the password before
storing it into the password file. Then the generated hash is matched against the stored
password hash corresponding to the entered user name. If a match is found, then the
user is allowed to login else access is denied.
