The Zero-Knowledge Protocol (ZKP) simulation software

• Slides Demo
• ZKP Program Download
• TZKP Program Download

When a principal A (or called a grantor or prover) gives its secret information such as user ID to a principal B (or called a grantee or verifier), B can use the infomation to impersonate A. Zero-Knowledge Protocol (ZKP) uses a three-move protocol to solve this concern. The protocol structure is: Principal A selects a "witness" computed from its secret information and sends the witness to principal B. B then sends a randomly generated "challenge" to A. A produces a "response" from the received challenge and a token withdrawn from CA (Certificate Authority) to B. B uses some public information from CA to verify the collected information (witness, challenge, response) to produce an answer, "YES" or "NO", to complete the three-move transaction. A generated triple-information is append to a credeltial list after completing a ZKP protocol. When some principal makes a deposit to CA, it also sends its collected credential list. CA uses the newly and previously received credeltial lists with secret sharing formula to detect double spending (some principal sends its asset twice).

The software is designed for ZKP-based delegation. The software adopts the Ferguson's algorithm (N. Ferguson, "Single-term off-line coins", In advances in Cryptology - EUROCRYPT'93 (1993). 318-328). There are two separate modules in this software environment: one is for certificate authority (CA), and the other one serves as a principal. CA can generate RSA private and public key pair and other public information, and the public parameters can be used for verification when issuing a one-time token to a principal. A principal can decide to use a withdrawn token to make further delegations with secure attribute binding (such as resource rescription, time stamp, etc.) to other principals or send a deposit with a collected credential list to CA. According to the received credentials from principals in deposit phase, the CA can decipher the information from the stored credeltial lists to see if some principals violate quota rule.

The first version of the software is written in C# languahe with .NET framework and executed on Microsoft Windows platform. It has some implementation consideration:

1. It uses big integer library*, which key size can be from 32 to 2048 bits.
2. In order to guarantee high security, a widely used secure hash function, SHA1, is implemented in this software system during withdraw and delegation.
3. CA and principals use socket with TCP/IP for communication. Due to the flexible design of communication manager, in addition to using network, other communication approaches such as Infra Red can also be imported in the future.
4. A registered principal can be mobile aned ubiquitous, for he can plug in his smart card storing personal tokens issued by CAs to any machine that has the ZKP software installed.
5. In the delegation phase, principals delegate resource statement and attributes described in XML format, which can be easily maintained and expanded.
6. The user interface module hides the complicated details of the algorithm and provides a clear and convenient way for users to operate. The animated UI for withdrawal and delegation can give users an impressed picture of what the ZKP protocol does.

* In this version of our system, we use BigInteger Class Version 1.03, which is designed and published by Chew Keong Tan, 2002. http://www.codeproject.com/csharp/biginteger.asp?target=biginteger