Information Technology Reference
In-Depth Information
Fig. 2.
ZK-PAP with PKE
Notations used:
IDA:
User name of A
N1 & N2:
Nonce
k:
Shared secret key between A(user) & S(server)
F:
Transformation function
E
K
:
Encryption using key k
H[pwd]:
Hash of the password
E
PU-S
& E
PU-A
:
Encryption using public key of S & A respectively
7
Conclusion
This paper illustrates ZK-PAP and ZK-PAP with PKE protocols, both of which are
based on the concept of zero-knowledge proof. The ability to authenticate oneself
without having to reveal one's password will make the system less vulnerable to
attacks. As the protocol uses the hash of the password as key, using a strong
encryption cipher (in which key-recovery is hard) will strengthen the security of this
protocol.
Also using the public-key encryption in ZK-PAP with PKE adds a second level of
security and enables mutual authentication between the client & server. Both protocol
proposed here are simple & efficient, thus enabling their practical use.
Acknowledgment.
The author extends thanks to Indian Institute of Science at
Bangalore, India for introducing me to this fascinating field in cryptography and
giving me the opportunity to study it for my own interest.
