IT Security Outsourced IT

Zero-Knowledge Password Protocol

What is Zero-Knowledge Password Protocol?

Zero-knowledge password protocol or zero-knowledge proof (ZKP) is a method in cryptography where one party (the prover) can prove to the other party (the verifier) that he knows the secret information without revealing it. With ZKP, there is no transmission or storage of password/credential details on the authentication server. The proof protocol may be interactive or non-interactive. One example of zero-knowledge authentication is when a prover has an asymmetric key-pair (e.g. RSA, EC) and uses the private key (the identifying secret) to respond to a challenge sent with the public key. The private key is never revealed, but the verifier is convinced that the prover has the key. Another example of ZKP would be if a verifier presents a prover with a hash H, and would like the prover to provide proof that it has the secret data that hashes to H. The prover produces a ZKP that convinces the verifier that it has the data that hashes to H, without revealing the data itself to the verifier1. Examples of systems where ZKP technology can be implemented include identity verification, logins, token-gating, global identity, messaging, authentication, storage protection, transmitting private blockchain transactions, file system control, complex documentation, voting, and security for sensitive information. The key properties of ZKP include:

Completeness. If the statement is true, and both users follow the rules faithfully, then the verifier would be convinced without any external help.

Soundness. If the statement is false, the verifier won’t be convinced in any scenario (even if the prover says that the statement is true for some small probability).

Zero-Knowledge. Whether the statement is true or false, the verifier will not be able to know any information beyond the statement being true or false.

The following are benefits of ZKP:

  • Simple. One of the key advantages of ZKP is that it does not involve any complex encryption method.
  • Secure. It does not require anyone to reveal any sort of information.
  • Shortening of transactions. ZKPs shorten transactions on blockchain, allowing users to not have to worry about information storage, including compatibility and identity with different types of assets.

There are disadvantages to ZKP, as well:

  • Lengthy. With ZKP technology, there are around 2k computations, with each requiring a certain amount of time to process.
  • Imperfect. The messages delivered to verifier/prover might be destroyed or modified.
  • Limited. The ZKP demands the secret to be a numerical value. In other cases, a translation is required.

1 Double Octopus, 2023, “Zero Knowledge Proof”