Cryptid claims:

"We offer flexible APIs for building zero-knowledge proof based authentication and authorization, authenticated provenance, verifiable authenticity, and privacy preserving decentralized identity that scales to billions of people and devices."

The idea here is to reinvent the whole concept of "authentication" based on a concept in cryptography called "zero-knowledge proofs".

In fact they say, "Cryptid's Oberon authentication and authorization approach streamlines the process of acquiring, onboarding, and managing clients. It is designed using modern cryptography to replace OAuth 2.0 with simpler constructs and protocol flow. It uses zero-knowledge proofs (ZKPs) to move API security from centralized or federated architecture to zero-trust architecture. Born out of the lessons learned from 30 years of Internet security, Oberon is the simplest and most secure way to streamline your customer acquisition process. Oberon is available as a simple API or as an on-premesis product."

I have solid grasp of cryptographic fundamentals, which are symmetric key ciphers, public key ciphers, and hash functions. Zero-knowledge proofs lie outside of my understanding.

Nonetheless, I'm going to try to impart the basic idea, using hash functions as a springboard. Using hash functions you can create something called a challenge-response system. In fact I do this in a file synchronization program I wrote that I use every day. The program works by connecting to a server and getting a list of file names and hashes that represent the hash of the contents of each file. It compares these to its local directory to determine which files are different between the server and the local directory. If they are different it has to look at the file times to determine which is newer and either pull the newest version from the server or push the newest version to the server.

Before all this can happen, though, it has to authenticate the user. It does this with both a traditional password and a challenge-response. When the user sends the traditional password, it runs it through a hash function and compares it with the hash stored on the server. If a hacker would be able to get a copy of all the data on the server, because a hash of the password rather than the actual password is stored, they still cannot impersonate the user. However, if an attacker could eavesdrop on the whole conversation, they could intercept the password as it crosses the network, and impersonate the user from that point onward. To prevent this, a challenge-response system is used as a second step. For this, there is an additional "shared secret" shared between the server and the user. The server generates a random 256-bit number and sends it to the user, which does a hash of it using the "shared secret" as the "salt" for the hash (the shared secret is incorporated into the hashing function). The result is sent back to the server, which performs the same hash calculation and allows the user to proceed if the results match. Because the eavesdropper does not have access to the shared secret, they cannot impersonate the responses to the challenge-response system. They could replay a past challenge-response episode, but because the server issues a new 256-bit random number as the challenge every time, they cannot generate the correct response. After this there are some additional details that I'll skip over regarding how the system changes the symmetric key for the whole communication channel, preventing the eavesdropper from getting copies of whatever files are transmitted over the network.

On the surface, this sounds like a "zero-knowledge" system, but it isn't. It seems like a "zero-knowledge" system because in the challenge-response process, the user never reveals the actual secret. They just prove that they know the secret.

The reason this doesn't qualify as "zero-knowledge", though, is because the eavesdropper, while they are not able to obtain the shared secret, do learn one piece of knowledge: that the user is in possession of the shared secret.

For the system to be truly "zero-knowledge", the eavesdropper must not even be able to tell that the user has possession of the shared secret. The mathematics of how this is done is beyond me, so I have to stop here.

Why Cryptid thinks they need to use zero-knowledge proofs for authentication is not clear to me.

Zero-knowledge proofs are the cryptographic mechanism behind the cryptocurrencies that provide true anonymity. Cryptocurrencies like Bitcoin, that don't, have "mixers" but someone with sufficient ability to eavesdrop on the mixers can figure out who is making all the transactions. Cryptocurrencies that use zero knowledge proofs to provide true anonymity include include Zcash, Monero, PIVX, and Zerocoin. (Link to the zk-SNARK system used by Zcash below).

Cryptid: Authenticity Starts Here

#solidstatelife #cryptography #zeroknowledgeproofs