Zero-knowledge password proof

del.icio.us del.icio.us
Digg Digg
Furl Furl
Reddit Reddit
Rojo Rojo
Add to OnlyWire

In cryptography, a zero-knowledge password proof (ZKPP) is a zero-knowledge proof of knowledge of a password. It is an interactive method for one party (the prover) to prove to another party (the verifier) that it knows a value of a password, without revealing anything other than the fact that it knows that password to the verifier. The term is defined in IEEE P1363.2, in reference to one of the benefits of using a password-authenticated key agreement (PAKE) protocol that is secure against off-line dictionary attacks. A ZKPP prevents any party from verifying guesses for the password without interacting with a party that knows it and, in the optimal case, provides exactly one guess in each interaction.

Technically speaking, a ZKPP satisfies the three properties of a zero-knowledge proof: Completeness, Soundness, and Zero-Knowledge. Most zero-knowledge proofs described in the literature presume a cryptographically large secret. A ZKPP differs in that it satisfies these properties even when the password (the statement to be proven) is too small or insufficiently random to be used directly as a cryptographic key.

A common use of a zero-knowledge password proof is in authentication systems where one party wants to prove its identity to a second party using a password but doesn't want the second party or anybody else to learn anything about the password.

Contents

History

The first methods to demonstrate a ZKPP were the Encrypted key exchange methods (EKE) described by Steven M. Bellovin and Michael Merritt in 1992. A considerable number of refinements, alternatives, and variations in the growing class of password-authenticated key agreement methods were developed in subsequent years. Standards for these methods include IETF RFC 2945, IEEE P1363.2, and ISO-IEC 11770-4.

References

  • S. M. Bellovin and M. Merritt. Encrypted Key Exchange: Password-Based Protocols Secure Against Dictionary Attacks. Proceedings of the IEEE Symposium on Research in Security and Privacy, Oakland, May 1992.
  • IEEE P1363.2: Proposed Standard for Password-Based Public-Key Cryptography.

See also

External links

Retrieved from "http://en.wikipedia.org/wiki/Zero-knowledge_password_proof"

This article is from Wikipedia. All text is available under the terms of the GNU Free Documentation License.

Giant Panda

Mercedes Car
James Bond Guide
This site monitored by SitePinger.net