Zero-knowledge password proof
Encyclopedia
In cryptography
, a zero-knowledge password proof (ZKPP) is an interactive method for one party (the prover) to prove to another party (the verifier) that it knows a value of a password
, without revealing anything other than the fact that it knows that password to the verifier. The term is defined in IEEE P1363.2
, in reference to one of the benefits of using a password-authenticated key agreement
(PAKE) protocol that is secure against off-line dictionary attacks. A ZKPP prevents any party from verifying guesses for the password without interacting with a party that knows it and, in the optimal case, provides exactly one guess in each interaction.
Technically speaking, a ZKPP is different from a zero-knowledge proof
.
A common use of a zero-knowledge password proof is in authentication
systems where one party wants to prove its identity to a second party using a password but doesn't want the second party or anybody else to learn anything about the password.
methods (EKE) described by Steven M. Bellovin
and Michael Merritt in 1992. A considerable number of refinements, alternatives, and variations in the growing class of password-authenticated key agreement
methods were developed in subsequent years. Standards for these methods include IETF RFC 2945, IEEE P1363.2
, and ISO-IEC 11770-4.
Cryptography
Cryptography is the practice and study of techniques for secure communication in the presence of third parties...
, a zero-knowledge password proof (ZKPP) is an interactive method for one party (the prover) to prove to another party (the verifier) that it knows a value of a password
Password
A password is a secret word or string of characters that is used for authentication, to prove identity or gain access to a resource . The password should be kept secret from those not allowed access....
, without revealing anything other than the fact that it knows that password to the verifier. The term is defined in IEEE P1363.2
IEEE P1363
IEEE P1363 is an Institute of Electrical and Electronics Engineers standardization project for public-key cryptography. It includes specifications for:* Traditional public-key cryptography...
, in reference to one of the benefits of using a password-authenticated key agreement
Password-authenticated key agreement
In cryptography, a password-authenticated key agreement method is an interactive method for two or more parties to establish cryptographic keys based on one or more party's knowledge of a password.-Types:...
(PAKE) protocol that is secure against off-line dictionary attacks. A ZKPP prevents any party from verifying guesses for the password without interacting with a party that knows it and, in the optimal case, provides exactly one guess in each interaction.
Technically speaking, a ZKPP is different from a zero-knowledge proof
Zero-knowledge proof
In cryptography, a zero-knowledge proof or zero-knowledge protocol is an interactive method for one party to prove to another that a statement is true, without revealing anything other than the veracity of the statement....
.
A common use of a zero-knowledge password proof is in authentication
Authentication
Authentication is the act of confirming the truth of an attribute of a datum or entity...
systems where one party wants to prove its identity to a second party using a password but doesn't want the second party or anybody else to learn anything about the password.
History
The first methods to demonstrate a ZKPP were the Encrypted key exchangeEncrypted key exchange
Encrypted Key Exchange is a family of password-authenticated key agreement methods described by Steven M. Bellovin and Michael Merritt...
methods (EKE) described by Steven M. Bellovin
Steven M. Bellovin
Steven M. Bellovin is a researcher on computer networking and security. He is currently a Professor in the Computer Science department at Columbia University, having previously been a Fellow at AT&T Labs Research in Florham Park, New Jersey.- Career :...
and Michael Merritt in 1992. A considerable number of refinements, alternatives, and variations in the growing class of password-authenticated key agreement
Password-authenticated key agreement
In cryptography, a password-authenticated key agreement method is an interactive method for two or more parties to establish cryptographic keys based on one or more party's knowledge of a password.-Types:...
methods were developed in subsequent years. Standards for these methods include IETF RFC 2945, IEEE P1363.2
IEEE P1363
IEEE P1363 is an Institute of Electrical and Electronics Engineers standardization project for public-key cryptography. It includes specifications for:* Traditional public-key cryptography...
, and ISO-IEC 11770-4.
See also
- Cryptographic protocolCryptographic protocolA security protocol is an abstract or concrete protocol that performs a security-related function and applies cryptographic methods.A protocol describes how the algorithms should be used...
- Topics in cryptography
- Password-authenticated key agreementPassword-authenticated key agreementIn cryptography, a password-authenticated key agreement method is an interactive method for two or more parties to establish cryptographic keys based on one or more party's knowledge of a password.-Types:...
- Zero-knowledge proofZero-knowledge proofIn cryptography, a zero-knowledge proof or zero-knowledge protocol is an interactive method for one party to prove to another that a statement is true, without revealing anything other than the veracity of the statement....
- Key-agreement protocolKey-agreement protocolIn cryptography, a key-agreement protocol is a protocol whereby two or more parties can agree on a key in such a way that both influence the outcome. If properly done, this precludes undesired third-parties from forcing a key choice on the agreeing parties...