Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Skip to main content

Thank you for visiting nature.com. You are using a browser version with limited support for CSS. To obtain the best experience, we recommend you use a more up to date browser (or turn off compatibility mode in Internet Explorer). In the meantime, to ensure continued support, we are displaying the site without styles and JavaScript.

  • Article
  • Published:

Experimental relativistic zero-knowledge proofs

Nature volume 599, pages 47–50 (2021)Cite this article

Subjects

Abstract

Protecting secrets is a key challenge in our contemporary information-based era. In common situations, however, revealing secrets appears unavoidable; for instance, when identifying oneself in a bank to retrieve money. In turn, this may have highly undesirable consequences in the unlikely, yet not unrealistic, case where the bank’s security gets compromised. This naturally raises the question of whether disclosing secrets is fundamentally necessary for identifying oneself, or more generally for proving a statement to be correct. Developments in computer science provide an elegant solution via the concept of zero-knowledge proofs: a prover can convince a verifier of the validity of a certain statement without facilitating the elaboration of a proof at all1. In this work, we report the experimental realization of such a zero-knowledge protocol involving two separated verifier–prover pairs2. Security is enforced via the physical principle of special relativity3, and no computational assumption (such as the existence of one-way functions) is required. Our implementation exclusively relies on off-the-shelf equipment and works at both short (60 m) and long distances (≥400 m) in about one second. This demonstrates the practical potential of multi-prover zero-knowledge protocols, promising for identification tasks and blockchain applications such as cryptocurrencies or smart contracts4.

This is a preview of subscription content, access via your institution

Access options

Buy this article

  • Purchase on SpringerLink
  • Instant access to full article PDF
Buy now

Prices may be subject to local taxes which are calculated during checkout

Fig. 1: Relativistic zero-knowledge protocol for three-colourability on a short distance.

Similar content being viewed by others

Data availability

All data supporting the findings of this article are available from the corresponding authors upon request.

Code availability

All code supporting the findings of this article are available from the corresponding authors upon request.

References

  1. Goldwasser, S., Micali, S. & Rackoff, C. The knowledge complexity of interactive proof systems. In Proc. Seventeenth Annual ACM Symposium on Theory of Computing 291–304 (ACM, 1985).

  2. Ben-Or, M., Goldwasser, S., Kilian, J. & Wigder-son, A. Multi-prover interactive proofs: how to remove intractability assumptions. In Proc. Twentieth Annual ACM Symposium on Theory of Computing 113–131 (ACM, 1988).

  3. Kilian, J. Strong separation models of multi prover interactive proofs. In DIMACS Workshop on Cryptography (DIMACS, 1990).

  4. Ben-Sasson, E., Bentov, I., Horesh, Y. & Riabzev, M. Scalable, transparent, and post-quantum secure computational integrity. Preprint at https://eprint.iacr.org/2018/046.pdf (2018).

  5. Goldwasser, S., Micali, S. & Rackoff, C. The knowledge complexity of interactive proof systems. SIAM J. Comput. 18, 186–208 (1989).

    Article  MathSciNet  Google Scholar 

  6. Rivest, R. L., Shamir, A. & Adleman, L. A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM 21, 120–126 (1978).

    Article  MathSciNet  Google Scholar 

  7. Garey, M. R. & Johnson, D. S. Computers and Intractability: A Guide to the Theory of NP-Completeness (W. H. Freeman & Co., 1979).

  8. Goldreich, O., Micali, S. & Wigderson, A. Proofs that yield nothing but their validity or all languages in NP have zero-knowledge proof systems. J. ACM 38, 690–728 (1991).

    Article  MathSciNet  Google Scholar 

  9. Fortnow, L. The complexity of perfect zero-knowledge. In Proc. Nineteenth Annual ACM Symposium on Theory of Computing 204–209 (ACM, 1987).

  10. Ben Sasson, E. et al. Zerocash: decentralized anonymous payments from Bitcoin. In Proc. IEEE Symp. Security and Privacy 459–474 (IEEE, 2014).

  11. Bernstein, D. J. & Lange, T. Post-quantum cryptography. Nature 549, 188–194 (2017).

    Article  ADS  CAS  Google Scholar 

  12. Arute, F. et al. Quantum supremacy using a programmable superconducting processor. Nature 574, 505–510 (2019).

    Article  ADS  CAS  Google Scholar 

  13. Kent, A. Unconditionally secure bit commitment. Phys. Rev. Lett. 83, 1447–1450 (1999).

    Article  ADS  MathSciNet  CAS  Google Scholar 

  14. Crépeau, C., Massenet, A., Salvail, L., Stinchcombe, L. & Yang, N. Practical relativistic zero-knowledge for NP. In Proc. 1st Conf. Information-Theoretic Cryptography 4, 1–18 (LIPiCS, 2020).

  15. Mizuno, K. & Nishihara, S. Constructive generation of very hard 3-colorability instances. Discret. Appl. Math. 156, 218–229 (2008).

    Article  MathSciNet  Google Scholar 

  16. Katz, J. & Lindell, Y. Introduction to Modern Cryptography 3rd edn (CRC, 2020).

  17. Verbanis, E. et al. 24-hour relativistic bit commitment. Phys. Rev. Lett. 117, 140506 (2016).

    Article  ADS  Google Scholar 

  18. Li, N., Li, C., Helleseth, T., Ding, C. & Tang, X. Optimal ternary cyclic codes with minimum distance four and five. Finite Fields their Appl. 30, 100–120 (2014).

    Article  MathSciNet  Google Scholar 

  19. Tassa, T. & Villar, J. L. On proper secrets, (t, k)-bases and linear codes. Des. Codes Cryptogr. 52, 129–154 (2009).

    Article  MathSciNet  Google Scholar 

  20. Lunghi, T. et al. Practical relativistic bit commitment. Phys. Rev. Lett. 115, 030502 (2015).

    Article  ADS  CAS  Google Scholar 

  21. Bell, J. S. On the Einstein–Podolsky–Rosen paradox. Phys. Phys. Fiz. 1, 195–200 (1964).

    MathSciNet  Google Scholar 

  22. Kempe, J., Kobayashi, H., Matsumoto, K., Toner, B. & Vidick, T. Entangled games are hard to approximate. SIAM J. Comput. 40, 848–877 (2011).

    Article  MathSciNet  Google Scholar 

  23. Chailloux, A. & Leverrier, A. Relativistic (or 2-prover 1-round) zero-knowledge protocol for NP secure against quantum adversaries. In Advances in Cryptology – EUROCRYPT 2017 (eds. Coron, J. S. & Nielsen, J.) 369–396 (Springer, 2017).

  24. Ji, Z. Binary constraint system games and locally commutative reductions. Preprint at https://arxiv.org/abs/1310.3794 (2013).

  25. Groth, J. Non-interactive zero-knowledge arguments for voting. In Applied Cryptography and Network Security (eds. Ioannidis, J., Keromytis, A. & Yung, M.) 467–482 (Springer, 2005).

  26. Micali, S. & Rabin, M. O. Cryptography miracles, secure auctions, matching problem verification. Commun. ACM 57, 85–93 (2014).

    Article  Google Scholar 

  27. Glaser, A., Barak, B. & Goldston, R. J. A zero-knowledge protocol for nuclear warhead verification. Nature 510, 497–502 (2014).

    Article  ADS  CAS  Google Scholar 

  28. Group of Applied Physics. Google Maps https://goo.gl/maps/qhriiVPu8ktAqfZd9 (2020).

Download references

Acknowledgements

Financial supports by the Swiss National Science Foundation (starting grant DIAQ, NCCR-QSIT) and the European project OpenQKD are gratefully acknowledged by N.B., S.D., R.H., W.X. and H.Z. P.A., C.C. and N.Y. are grateful to Québec’s FRQNT and Canada’s NSERC for making this work financially possible.

Author information

Authors and Affiliations

  1. School of Computer Science, McGill University, Montréal, Québec, Canada

    Pouriya Alikhani & Claude Crépeau

  2. Department of Applied Physics, University of Geneva, Genève, Switzerland

    Nicolas Brunner, Sébastien Designolle, Raphaël Houlmann, Weixu Shi & Hugo Zbinden

  3. Department of Electronic Science, National University of Defense Technology, Changsha, China

    Weixu Shi

  4. Department of Computer Science and Software Engineering, Concordia University, Montréal, Québec, Canada

    Nan Yang

Authors
  1. Pouriya Alikhani
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Nicolas Brunner
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Claude Crépeau
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Sébastien Designolle
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Raphaël Houlmann
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Weixu Shi
    View author publications

    You can also search for this author in PubMed Google Scholar

  7. Nan Yang
    View author publications

    You can also search for this author in PubMed Google Scholar

  8. Hugo Zbinden
    View author publications

    You can also search for this author in PubMed Google Scholar

Contributions

P.A. and C.C. generated the graph used. N.B. and H.Z. supervised the research. C.C. and N.Y. came up with the protocol and C.C. was the theoretical leader. S.D. ensured the link between theory and experiment. R.H. was responsible for the experimental implementation, with support by S.D. and H.Z. W.X. contributed at early stage of the project. S.D. and C.C. wrote the initial draft, with the other authors providing editorial comments.

Corresponding authors

Correspondence to Claude Crépeau or Sébastien Designolle.

Ethics declarations

Competing interests

The authors declare no competing interests.

Additional information

Peer review information Nature thanks Thomas Vidick and the other, anonymous, reviewer(s) for their contribution to the peer review of this work. Peer reviewer reports are available.

Publisher’s note Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Extended data figures and tables

Extended Data Fig. 1 Illustration of a round of the protocol.

The colours are consistent with those of Fig. 1a and depict a typical round where the verifiers ask the same edge to the provers, here \(\{1,2\}\), but where \(b\ne b\text{'}\) so that they check in the end that \({a}_{0}+a{\text{'}}_{0}\) ≢ \({a}_{1}+a{\text{'}}_{1}({\rm{m}}{\rm{o}}{\rm{d}}\,3)\). In this example we have \({{\ell }}_{1}^{0}=2,{{\ell }}_{1}^{1}=1,{{\ell }}_{2}^{0}=0,{{\ell }}_{2}^{1}=1\); note that, despite the adjacency of the vertices 1 and 2, the equality \({{\ell }}_{1}^{1}={{\ell }}_{2}^{1}\) is legal as the labellings \({{\ell }}_{k}^{b}\) do not need to be colourings.

Extended Data Fig. 2 Illustration of the hardware used in our two implementations.

a, b, The GPS version (a) and the triggered version (b). The essential difference is the method used for synchronizing the verifiers’ questions. In a the connection is wireless as it uses communication with satellites at the expense of a higher imprecision thus further verifier–prover pairs. In b the connection is physical and oriented from the first to the second verifier; the former sends a trigger through the fibre and delays their action by the time needed for this signal to reach the latter. With a better accuracy this second method allows for shorter distances between the verifier–prover pairs, here 60 m but arguably improvable.

Supplementary information

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Alikhani, P., Brunner, N., Crépeau, C. et al. Experimental relativistic zero-knowledge proofs. Nature 599, 47–50 (2021). https://doi.org/10.1038/s41586-021-03998-y

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1038/s41586-021-03998-y

Search

Advanced search

Quick links

Nature Briefing AI and Robotics

Sign up for the Nature Briefing: AI and Robotics newsletter — what matters in AI and robotics research, free to your inbox weekly.

Get the most important science stories of the day, free in your inbox. Sign up for Nature Briefing: AI and Robotics