The document discusses authentication protocols based on zero-knowledge proofs, outlining the concepts of interactive proofs and their properties, including completeness and soundness. It proposes a specific authentication protocol that utilizes zero-knowledge proofs and constructs a path graph based on Hamiltonian cycles, while examining related computational challenges like the odd-hole problem. The document also details completed and current tasks in developing this proposed solution within the context of graph theory.

1. Authentication protocols based on zero knowledge proof
Brief introduction (Part 2)
Israel Buitron Damaso1
Guillermo B. Morales Luna1 (Advisor)
Feliu Salgols Troncoso2 (Advisor)
1Computer Science Department
2Mathematics Department
Center for Research and Advanced Studies of the National Polytechnic Institute
November 12, 2014

2. Outline
Introduction
Our work

3. Outline
Introduction
Introductory notions

4. Authentication
Idea
I Authentication is the process of verifying an entity's identity, given its
credentials.
I The entity could be in the form of a person, a computer, a device, a group
of network computers, etc.

5. Interactive proof
Idea
I An interactive proof is a protocol between two parties (the prover and the
veri

6. er).
I The crucial point is that the veri

7. er is restricted to be a probabilistic
polynomial-time algorithm, whereas no such restriction applies to the
prover.

8. Interactive proof
Objetive
I By means of an interactive proof, the prover convinces the veri

9. er of the
validity of a given statement.
I A statement is of the form x 2 L, where x is a word and L is a formal
language.
I The interesting languages are those for which no polynomial-time
membership tests (are known to) exist.
I It follows that the veri

10. er cannot determine on its own whether x 2 L
holds.

11. Interactive proof
Properties
Interactive proofs have two basic properties:
I Completeness, which means that executions of the protocol between the
prover and the veri

12. er should result in the veri

13. er accepting the proof, if
x 2 L holds.
I Soundness, which means that executions of the protocol between the
prover and the veri

14. er should result in the veri

15. er rejecting the proof, if
x62 L holds.
This property protects the interest of the veri

16. er.

17. Zero knowledge proof
Idea
I Zero-knowledge is a property attributed to interactive proofs.
I This property protects the interest of the prover.
I By means of a zero-knowledge proof, the prover is able to convince the
veri

18. er of the validity of a given statement, without releasing any
knowledge beyond the validity of the statement.

19. Outline
Introduction
Our work

20. Outline
Our work
Proposed solution
Authentication protocol
Completed tasks
Current tasks

21. Proposed solution
I Give an authentication protocol, based on:
I a zero-knowledge proof
I the NP-hardness of the Independence Set Problem in Graph Theory
I synthetic problem instances

22. Authentication protocol
Public and private keys
I Let P be a set of participants.
I Each participant p 2 P constructs randomly a Hamiltonian cycle hp and
selects as private key a set p of kp non-crossing and disjoint mp-paths.
I Then, the participant selects as public key the tuple (kp;mp;Kp), where
Kp is the set of pairs of endpoints of the paths in p.

23. Authentication protocol
Procedure
1. The veri

24. er selects a subset Lv Kp and sends it to the prover as a
challenge.
2. The prover replies with the list RLp of mp-paths connecting each pair at
Lv.
3. The veri

25. er accepts accordingly to whether RLp is a collection of pairwise
non-crossing and disjoint mp-paths in the graph.

26. Outline
Our work
Proposed solution
Completed tasks
f-sequences search
Path graphs construction
Odd-holes search
Encoding problem instances
Current tasks

27. f-sequences
Idea
The f-sequences describe Hamiltonian
cycles at the hypercube.

28. f-equivalence
De

29. nition
Given two dierent f-sequences, we say that they are f-equivalent if one is a
rotation, reverse or both of the other one.
For example:
I Rotation
[1; 2; 1; 3; 1; 2; 1; 3] =f [2; 1; 3; 1; 2; 1; 3; 1]
I Reverse
[1; 2; 1; 3; 1; 2; 1; 3] =f [3; 1; 2; 1; 3; 1; 2; 1]
I Rotation and reverse composition
[1; 2; 1; 3; 1; 2; 1; 3] =f [1; 3; 1; 2; 1; 3; 1; 2]

30. f-sequences
Search problem
I All f-sequences in a hypercube can be found using a breadth-