Score:2

Difference between an authentication scheme and a identification scheme in ZK proofs?

in flag

EDIT: I want to specify what I know about schemes security:

  • Authentication schemes: P can prove V he is P, and nobody else can prove V that they are P.
  • Identification schemes: P can prove V he is P, and V can't prove to anybody else that he is P.
  • Signature schemes: P can prove V he is P, and V can't prove even to himself that he is P.

https://link.springer.com/content/pdf/10.1007%2F3-540-47721-7_12.pdf

I don't know which is the strongest scheme between Authentication and Identification.

I know that a signature scheme is the strongest level of security, and correct me if I'm wrong but that should be basically just an identification scheme where you can also sign a message thanks to one-way functions in NIZKs (said very poorly and briefly).

Now, what I don't know is if in any ZK scheme you always want the "Proof of Knowledge" property to be verified. I suppose the answer to be yes, as (I think) in all of them you have to make sure that a user is who he says he is... but if its really like this, then I don't get the difference between an authentication scheme and a identification scheme in ZK proofs.

Maybe I'm wrong and in a authentication scheme (that should be the "weakest" of them?) you don't need the Proof of Knowledge property but you only need the scheme to be zero-knowledge?
Or maybe there's more to it? That's my doubt, thank you!\

yacovm avatar
us flag
You can construct both with zero knowledge proofs. But not every signature scheme is necessarily known to be zero knowledge. I guess that any signature scheme can be turned into an identification scheme, by having the verifier send a random challenge to the prover.
in flag
Thanks but I don't think you got the question right, what I don't know is the difference between authentication schemes and identification ones in a zero-knowledge context, i only know that Proof of Knowledge can be an important aspect for them but I don't know if its necessary for one or both
kr flag
The security properties you mention don't appear to be standard (for example, signatures are not defined as interactive protocols, and I have no idea what it means that V cannot prove to himself that he is P), and I don't think there is a standard notion of what an “authentication scheme” is either. You should properly reference where you heard those from if you want a useful answer.
ming alex avatar
in flag
As I kown, the ZK can be uesed to construct either signature schemes or identification schemes. The difference between signature and identification scheme is whether P and V interact. For example, the Schnorr's identification protocol can be convert into a signatrue scheme by using Fiat-Shamir heuristic. For the authentication, it is an ambigurous term in this context. Both signature schemes and identification schemes can meet the authentication of an entity, while the symmetric key scheme, public key encryption or password-based also can meet the authentication of an entity.
in flag
@MehdiTibouchi yes I'm sorry, this is where I got the information: https://link.springer.com/content/pdf/10.1007%2F3-540-47721-7_12.pdf its the original paper of Fiat and Shamir
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.