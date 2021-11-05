IT

The team demonstrated the concept using a distance of just 60 meters, proving the practicality of the technique.

[Imagem: Pouriya Alikhani et al. – 10.1038/s41586-021-03998-y]

Security guaranteed by the Theory of Relativity

Information security researchers at the University of Geneva, Switzerland, are proposing an unusual – and supposedly inviolable – way to protect passwords and computer systems against hacker attacks.

The system is based on the concept of “zero knowledge tests”, in which users identify themselves in complete secrecy, without disclosing any personal information.

The difference is that everything is based on the Relativity principle of physics, the notion that information – and nothing else – cannot travel faster than the speed of light.

Thus, this is one of the fundamental principles of modern physics, which would allow the secure transfer of data, whether at the time you are going to withdraw money from the bank, whether in cryptocurrencies or other transitions based on block chains (blockchain).

Zero knowledge test

A security risk arises when a customer – the so-called “voucher” – needs to confirm his identity, for example, when he wants to withdraw money from an ATM. For this, he must provide his personal data to the bank – the so-called “verifier” – which processes this information, be it an identification number or a password.

As long as only the verifier and verifier know this data, confidentiality is guaranteed. If other people obtain this information, for example by hacking into the bank’s server, security will be compromised.

To combat this problem, those who introduce themselves to the bank as a customer should ideally be able to confirm their identity without revealing any information about their personal data, as this would open a new security hole. This is possible through the concept of proof of zero knowledge, a concept created in the 1980s and which has been used in the field of cryptocurrencies.

“Imagine that I want to prove a mathematical theorem to a colleague. If I show them the steps of the proof, they will be convinced, but they will have access to all the information and be able to easily reproduce the proof,” explains Professor Nicolas Brunner. “On the contrary, with a proof of zero knowledge, I will be able to convince you that I know the proof, without giving any information about it, thus preventing any possible data recovery.”

Sounds pretty good, but current implementations of the zero-knowledge proof have their weakness: They’re based on the assumption that it’s impractical to solve a specific mathematical function in a timely manner to make the attack. If this assumption is refuted, security is compromised because the data would become accessible, and this cannot be ruled out because someone can develop a better algorithm or even technical advances like the primacy of quantum computers.

Here comes the novelty proposed by your team.

The team tested two implementations, one based on satellite communication and the other on optical fiber.

[Imagem: Pouriya Alikhani et al. – 10.1038/s41586-021-03998-y]

Relativistic Zero Knowledge Test

The proposal is that security is based not on a mathematical hypothesis, but on a physical concept, the principle of relativity. The notion that information cannot travel faster than light is one of the mainstays of modern physics. As physicists believe that this is an indisputable notion, the protocol would offer perfect and guaranteed long-term security against any technical innovations.

Implementing a relativistic zero-knowledge proof still involves a complex mathematical problem, known as graph coloring (or graph labeling, more generally), but two distant prover/verifier pairs come into play.

“We use a three-color problem. This type of problem consists of a graph formed by a set of nodes connected or not by links,” explains researcher Hugo Zbinden. Each node is assigned one of three possible colors – green, blue or red – and the two nodes that are linked together must be of different colors. These three-color problems, with their 5,000 nodes and 10,000 links in this example, are virtually impossible to solve in practice, since all possibilities must be tried out.

So why do we need two tester/verifier pairs? “To confirm your identity, tasters will no longer have to provide a code, but demonstrate to the verifier that they know a way to tricolor a particular graph,” replies Brunner.

A graph with its 3 colors: For each edge, check whether the two connected vertices are of different colors.

[Imagem: Pouriya Alikhani]

To ensure security, verifiers will randomly choose a large number of pairs of nodes in the graph connected by a link and then ask their respective prover what color the node is. If this verification is done simultaneously, the testers will not be able to communicate with each other during the test, as they will be separated by a distance, and the speed of light sets a limit on the time that would be necessary for the two to exchange information. Thus, if the two advertised colors are always different, the verifiers will be convinced of the tasters’ identity, as they themselves know a tricolor of this graph.

Finally, to prevent the testers from reproducing the graph, the two testers must constantly change the color code in a correlated way: What was green becomes blue, blue becomes red, etc. “This way, the proof is done and verified, without revealing any information about it,” detailed Brunner.

Immediate practical use

In tests performed by the team, this check is performed more than three million times, all in less than three seconds. The researchers have shown that separating the two tester/verifier pairs by 60 meters is enough to ensure they cannot communicate. And the team believes that, in the very near future, this distance could be reduced to one meter.

“But this system can now be used, for example, between two branches of a bank and does not require complex or expensive technology,” said Brunner.

Now hope that hackers don’t find some form of superluminal information exchange, or even discover an alternative theory of Relativity before academic physicists.

Bibliography: Article: experimental relativistic zero-knowledge proofs

Authors: Pouriya Alikhani, Nicolas Brunner, Claude Crpeau, Sbastien Designolle, Raphal Houlmann, Weixu Shi, Nan Yang, Hugo Zbinden

Magazine: Nature

Vol.: 599, pages 47-50

DOI: 10.1038/s41586-021-03998-y

