Sign In

Communications of the ACM

ACM TechNews

'zero Knowledge' May Answer Computer Security Question


Fictitious logo for a Zero Knowledge privacy standard.

Researchers have developed a new protocol to create a "zero-knowledge proof," which could vastly improve the security of electronic messaging.

Credit: Spideroak.com

Cornell University researchers have developed a new protocol to create what is known as a "zero-knowledge proof," which involves answering questions that depend on having a secret bit of knowledge.

"I think zero-knowledge proofs are one of the most amazing notions in computer science," says Cornell professor Rafael Pass. "What we have done is to combine it with another notion--that it's easier to prove that a computation can be done correctly than it is to actually compute it."

The concept was first developed in 1985, and early versions required only a few messages being passed back and forth, but were insecure if an attacker participated in many proofs at the same time. The new protocol completes the job in as few as 10 exchanges while remaining secure over many simultaneous exchanges, according to Pass.

The next step is to apply the idea to the "man-in-the-middle" attack, in which an intruder slips in between two parties to a conversation, making them think they are talking directly to each other, in order to change messages as they pass through.

From Cornell Chronicle
View Full Article

 

Abstracts Copyright © 2013 Information Inc., Bethesda, Maryland, USA


 

No entries found