Zero knowledge proof is a method of proving knowledge about something without revealing the knowledge itself. This can be used, for example, to log in to a service without having to transmit the password. We explain how this works here.
Every day, we give up a little bit of our privacy in exchange for being able to use a website or an app. After all, let's be honest: Who among us has actually read through the privacy policy or the terms of use in detail and then decided that they don't want to use this offer after all?
Technically, it would be quite possible to better protect the privacy and data of users in all of this. One example is the model of "zero knowledge proof" described by Shafi Goldwasser, Silvio Micali and Charles Rackoff in their paper "The knowledge complexity of interactive proof systems".
It seeks to solve one problem in particular: How do I prove that I have knowledge about something without revealing the knowledge myself? A practical example: passwords. We have all created dozens of access data for the most diverse services. In order to be able to log in, we transmit the password to the service in question, which compares it with the information it has stored.
This procedure offers various points of attack, for example on the user's own device, on the service's server, and on the transmission path. It is true that there are security measures such as an encrypted connection, which generally offer a high level of protection. But given a suitably strong motivation, ways and means can be found to circumvent them. One example is a "man-in-the-middle attack," in which exchanged information is intercepted and possibly manipulated by a third party.
Last but not least, people themselves are often the weakest link in the security chain, and when targets are worthwhile, attackers rely on sometimes surprisingly sophisticated tactics.
For particularly important access points, it would be better to be able to log in without revealing a password. This is done, for example, by the "Secure Remote Password" protocol, which relies on zero knowledge proof. This is a different way of proving that you have the relevant knowledge and are authorized to access the system.
But how does it work now?
To illustrate the idea of zero knowledge proof, a story told by Jean-Jacques Quisquater, Louis Guillou et al in "How to explain zero-knowledge protocols to your children" is suitable.
In a nutshell, it goes like this: In a cave there is a fork and no matter which of the two paths you follow, you eventually end up at a door. If you could open it, you would find that behind it is the other path that you did not take at the fork. The two paths from the fork are thus connected, interrupted by the closed door.
If a person A now claims that he can open the door, then he could take a person B with him and simply demonstrate it. At that moment, however, she would reveal how she opens the door. How can she prove instead that she has this knowledge without revealing it at the same moment?
In the above story, it works as follows: Person A goes into the cave and randomly chooses one of the two paths at the fork. Person B waits outside first, then comes in as well and calls out to person A which side of the fork to come back from. If person A is already on the right side, she simply goes back. If she is on the wrong side, she must open the door to use the other path.
Both repeat this process until person B is convinced that person A is not on the right side each time by chance, but can actually open the door in between. The more often this is repeated, the more likely this becomes.
Person A from this example is called the "prover" in a Zero Knowledge Proof, and person B is the "verifier".
One major difficulty is to develop and implement an appropriate test. Another challenge can be to track down errors: After all, the processes take place intentionally in such a way that they are not easy to see.
Another problem is of a practical nature: If a user loses his password, there is no way for the provider to recover it or change it. So here you are responsible for keeping it safe yourself.
It turns out that with the appropriate ingenuity and effort, it is certainly possible to find a solution that does not transmit any data that an attacker could intercept and exploit. In this respect, the "Zero Knowledge Proof" and architectures and applications based on it are a good example of particularly secure and data-saving solutions.
