Second part of a brief introduction to my PhD research titled "Authentication protocols based on zero knowledge proofs". This presentation was given in a PhD class.

1. Authentication protocols based on zero knowledge proof
Brief introduction (Part 2)
Israel Buitron Damaso1
Guillermo B. Morales Luna1 (Advisor)
Feliu Salgols Troncoso2 (Advisor)
1Computer Science Department
2Mathematics Department
Center for Research and Advanced Studies of the National Polytechnic Institute
November 12, 2014

2. Outline
Introduction
Our work

3. Outline
Introduction
Introductory notions

4. Authentication
Idea
I Authentication is the process of verifying an entity's identity, given its
credentials.
I The entity could be in the form of a person, a computer, a device, a group
of network computers, etc.

5. Interactive proof
Idea
I An interactive proof is a protocol between two parties (the prover and the
veri

6. er).
I The crucial point is that the veri

7. er is restricted to be a probabilistic
polynomial-time algorithm, whereas no such restriction applies to the
prover.

8. Interactive proof
Objetive
I By means of an interactive proof, the prover convinces the veri

9. er of the
validity of a given statement.
I A statement is of the form x 2 L, where x is a word and L is a formal
language.
I The interesting languages are those for which no polynomial-time
membership tests (are known to) exist.
I It follows that the veri

10. er cannot determine on its own whether x 2 L
holds.

11. Interactive proof
Properties
Interactive proofs have two basic properties:
I Completeness, which means that executions of the protocol between the
prover and the veri

12. er should result in the veri

13. er accepting the proof, if
x 2 L holds.
I Soundness, which means that executions of the protocol between the
prover and the veri

14. er should result in the veri

15. er rejecting the proof, if
x62 L holds.
This property protects the interest of the veri

16. er.

17. Zero knowledge proof
Idea
I Zero-knowledge is a property attributed to interactive proofs.
I This property protects the interest of the prover.
I By means of a zero-knowledge proof, the prover is able to convince the
veri

18. er of the validity of a given statement, without releasing any
knowledge beyond the validity of the statement.

19. Outline
Introduction
Our work

20. Outline
Our work
Proposed solution
Authentication protocol
Completed tasks
Current tasks

21. Proposed solution
I Give an authentication protocol, based on:
I a zero-knowledge proof
I the NP-hardness of the Independence Set Problem in Graph Theory
I synthetic problem instances

22. Authentication protocol
Public and private keys
I Let P be a set of participants.
I Each participant p 2 P constructs randomly a Hamiltonian cycle hp and
selects as private key a set p of kp non-crossing and disjoint mp-paths.
I Then, the participant selects as public key the tuple (kp;mp;Kp), where
Kp is the set of pairs of endpoints of the paths in p.

23. Authentication protocol
Procedure
1. The veri

24. er selects a subset Lv Kp and sends it to the prover as a
challenge.
2. The prover replies with the list RLp of mp-paths connecting each pair at
Lv.
3. The veri

25. er accepts accordingly to whether RLp is a collection of pairwise
non-crossing and disjoint mp-paths in the graph.

26. Outline
Our work
Proposed solution
Completed tasks
f-sequences search
Path graphs construction
Odd-holes search
Encoding problem instances
Current tasks

27. f-sequences
Idea
The f-sequences describe Hamiltonian
cycles at the hypercube.

28. f-equivalence
De

29. nition
Given two dierent f-sequences, we say that they are f-equivalent if one is a
rotation, reverse or both of the other one.
For example:
I Rotation
[1; 2; 1; 3; 1; 2; 1; 3] =f [2; 1; 3; 1; 2; 1; 3; 1]
I Reverse
[1; 2; 1; 3; 1; 2; 1; 3] =f [3; 1; 2; 1; 3; 1; 2; 1]
I Rotation and reverse composition
[1; 2; 1; 3; 1; 2; 1; 3] =f [1; 3; 1; 2; 1; 3; 1; 2]

30. f-sequences
Search problem
I All f-sequences in a hypercube can be found using a breadth-

31. rst search
algorithm.
Instance: Hypercube Qn.
Solution: Set of f-sequences FQn in Qn
I As hypercube dimension n increases, the resulting FQn grow up rapidly.
I By de

32. ning f-equivalent makes FQn smaller and also de

33. nes a
equivalence relation.

34. Path graph construction
1. Parameters
I A hypercube Qn,
I two integers m and k, where
m k jV (Qn)j

35. Path graph construction
2. Pick randomly a Hamiltonian cycle
I Given a hypercube Qn we need to pick a Hamiltonian cycle h.
I Here we use f-sequences search.

36. Path graph construction
3. Subpaths in Hamiltonian cycle
I Split cycle h into k disjoint subpaths, all of them with size m.
I It results in
K =
(v0; vm); (vm+1; v2(m+1)1); : : : ; (v(k1)(m+1); vk(m+1)1)
and
=
(v0; : : : ; vm); (vm+1; : : : ; v2(m+1)1); : : : ; (v(k1)(m+1); : : : ; vk(m+1)1)

37. Path graph construction
4. Path graph vertex set
I Here, the path graph Pk;K;m;Qn is being generated by its vertex set.
I Procedure:
for each k = (vi; vj) 2 K, search all m-paths in Qn which
connects vi and vj .
I Each m-path found will be an vertex in Pk;K;m;Qn.

38. Path graph construction
5. Path path edge set
I Now, edges of path graph Pk;K;m;Qn must be found.
I Given two vertices i; j of Pk;K;m;Qn, they are in the form = vi; : : : ; vj | {z }
m+1
:
I We de

39. ne an edge in Pk;K;m;Qn if these vertices (and also paths in Qn)
share at least one inner vertex with another vertex. For example:
i = vp; : : : ; vq
j = vl; vp; : : : ; vq

40. Odd-hole
What is?
An odd-hole is an induced cycle of length 5 or more.

41. Odd-hole
Why are they important?
I Given a graph G, it is a Berge graph if neither G nor its complement have
odd-holes.
I Due to the Strong Perfect Graph Theorem, we know that perfect graphs
are the same as Berge graphs.
I It's known that Independent Set Problem in perfect graphs can be solved
polynomial-time.
I So, we don't like that paths graphs could be perfect graphs.

42. Odd-hole
Search problem
I Given a path graph Pk;m;K;Qn, lets walk randomly in their vertices looking
for a q-hole, with q 5 and odd.
I Let be a sequence = v0; : : : ; vq1, if (v0; vq1) is an edge in Pk;m;K;Qn,
then check for any non-consecutive pair is also an edge in Pk;m;K;Qn, if
not, a odd-hole is found.
I Otherwise, we can remove vo from and look for a vq vertex.

43. Encoding
PEM format
I Remembering in authentication protocol, the prover must convince the
veri

44. er that he knows a secret (his private key), but veri

45. er also knows
prover's public key.
I So... Keys must be shared!
I Public and private keys are encoded using PEM format.

46. Outline
Our work
Proposed solution
Completed tasks
Current tasks
Determine optimal values of parameters
Prove path graphs are not perfect graphs

47. Optimal values
I As we can remember, path graphs are constructed using:
I m as length of m-paths,
I k as number of m-paths in Hamiltonian cycle and,
I K as the set of endpoint pairs in Qn
I Exterme values of m and k are not good.
I We must determine optimal values for m and k according with
m k jV (Qn)j
.

48. Path graphs are not perfect graphs
I Although we have experimentaly found path graphs are not perfect graphs
that is not a formal proof.
I Similar values of m and k generates path graphs with no odd-holes, but
it's easy to see that extreme values are not well-behaved.
I Suppose that an odd-hole is found in a path graph obtained from Qn,
does it imply that a path graph from Qn+1 must also have an odd-hole?

49. Thank you!!
Questions?
:)