1. The concept of zero-knowledge proof
Let P ( Prover , certifier) represent an entity that has certain information and wants to verify this fact, and let V ( Verifier , verifier) be an entity that proves this fact.
A protocol proves to V that P does have some information, but V cannot deduce what the information is. We say that P has achieved the minimum leak proof.
If V cannot obtain any other knowledge except knowing that P can prove a certain fact, we say that P has realized zero-knowledge proof, and the corresponding protocol is called zero-knowledge protocol.
The following two properties are satisfied in the minimum leakage protocol:
(1) If P knows the proof method of a theorem, then P makes V believe that he can prove it with the probability of absolute advantage. (Completeness)
(2) If P does not know the proof method of a theorem, the probability of P convincing V that he will prove the theorem is very low. (reliability)
In the zero-knowledge protocol, in addition to meeting the above two conditions, the following properties are also satisfied:
(3) V cannot acquire any additional knowledge. (zero-knowledge)
2. Example of zero-knowledge proof
1. The zero-knowledge cave
The figure shows a simple maze, there is a door between C and D , and you need to know the secret password to open it . P proves to V that he can open the door, but he is unwilling to reveal the secret password to V.
The following protocols can be used:
In the protocol, if P does not know the secret password, he can only return to B from the original path, and cannot go another path. In addition, the probability of P guessing which path V requires is 1/2 each time, so the probability that P can deceive V in each round is 1/2. Assuming that n is 16, after 16 rounds, P can succeed The probability of deceiving V is 1/2^16=1/65536. Therefore, if P can return according to V's request 16 times, V can prove that P does know the secret password. We also see that V cannot obtain any information about P's secret password from the above proof process, so this is a zero-knowledge proof protocol.
2. Three-color problem-deploying towers
Now a certain telecommunications giant, V , intends to deploy a new cellular telecommunications network. Figure 2 of this network architecture . Each vertex in the graph represents a radio tower, and each link (edge) represents the area where two pairs of radio tower signals overlap , which means that the signals on the link will interfere with each other .
The telecommunications giant V allows the communication network to transmit signals in three bands, thus avoiding the problem of signal interference from nearby elevators.
Challenge: How to deploy towers with different bands so that two adjacent towers do not have the same band.
Ask P for help and ask P to provide a tower deployment map, and you can get a considerable consulting fee. Require:
(1) V must believe that P has indeed provided the correct solution before paying;
(2) V cannot get P's solution before paying.
Solution, P now uses different colors to represent different bands, which can be attributed to the three-color problem of the graph, and the following solution can be obtained.
P opens the cardboard according to V's request, and V verifies it;
P recolors, covers the cardboard, V continues to verify.
The above challenge is repeated until V believes that P has given an effective coloring scheme.
Once verified, the probability of V being cheated:
Repeat n times of verification, the probability of V being cheated: