How Does Peggy Prove Her Age, Without Giving Away Her Age?
How Does Peggy Prove Her Age, Without Giving Away Her Age?
The method defined in this article is here, and is well known in the literature. So let’s have a bit of fun with it, in order that we can illustrate why we should move to a world where we do not send out our core data, but just prove that we know things.
Introduction
In this modern world, we give away far too much data, and much of the data that is passed is untrusted (and lacks verification). In a future blockchain-focused world, we should be able to verify and trust all of our transactions and thus build a more trustworthy world.
So how do we prove something, without giving away our data? Now let’s met Peggy, who is having a problem. She looks young and keeps getting rejected from pubs, even though she is 19 years old. So Peggy turns up at the “Crypto Nights” bar, but the bar has very strict on age requirements and Victor, who guards the door, makes sure that everyone is 18 or over.
So Peggy says that she is over 18, but Victor asks for proof of her age. “Well, I don’t want to tell you! You will go an tell everyone how old I am!”, she says, and Victor replies, “Well you are not getting in!”.
So Peggy, with her angry face on, says to Victor, “Whom would you trust to verify that I am old enough?”, and Victor, with an equally angry face, says, “Well, I trust the Trent in the government to verify it!”.
Now, Peggy goes to Trent and tells him that she has to prove that she is 18 or over. Trent then sends a random seed value to her and generates a signed proof statement that she can give to Victor. Peggy now encrypts her age and passes this, and the proof from Trent, to Victor. He checks a few things, and, smiles, and lets her in. Victor, though, has no idea how old Peggy is. She goes on to enjoy the amazing experience of Crypto Nights, with its random-generator lava lamps and quantum laser jumps.
A basic method to prove her age
Here is the basic method that Peggy used:
For this problem, we will use a hash chain, where we can continually hash values. For example, we might start with a seed of “123456”, and the first time we create the hash we get Hash(“123456”), we can then take the output of this and then hash again. In this way we now have the value of “123456” hashed twice. It will be almost impossible to find the original seed as we are taking a hash of a hash. This type of approach is common in One Time Passwords (OTPs), where we start with a random seed and then keep hashing to generate a range of one-time passwords.
Implementation
Let’s first look at the code to implement the method that Peggy used [try]:
A sample run gives [try]:
Peggy's Age: 19
Age to prove: 18
....
Proof: dbb7949e5e9b9dc539ed99be75523d25
Encr Age: 16e6fc992d94d5ee14d47fcdf4da11f9
Verified Age: 16e6fc992d94d5ee14d47fcdf4da11f9
You have proven your age ... please come in
In this case, I have used MD5 to keep the output simpler, but we can use SHA-1, SHA-256 and so on, in order to improve the security of the method. Initially, Trent generates the seed value and produces the value of proof, which he sends to Peggy. Peggy then generates an encrypted_value. Peggy sends these to Victor, and he takes the proof and performs some hashes, and then compares the result with Peggy’s encrypted_age, and, if they are the same, she has verified that she is old enough to enter the Crypto Nights, and enjoy its randomization events.
Now, the proof is calculated by hashing the seed (S) by (1+ActualAge-Age_to_Prove) times:
proof = HASH^(1+ActualAge-Age_to_Prove){S}
So if Peggy is 19 years old, and she must prove she is 18, then we will hash the seed two times. Trent will sign the proof with his private key.
Now Peggy creates her validation by hashing the seed (which is secret to her and Trent) by (ActualAge+1)
encrypted_age = HASH^(ActualAge+1) {S}
In this case, she will hash the seed 20 times.
Now she passes these two values to Victor (proof and encrypted_age). And now Victor checks the signature on the proof and then hashes this value AgeToProve.
verify = HASH^(AgeToProve) {proof}
In this case, he will hash 18 times. He then checks the result against Peggy’s value, and if they are the same, he lets her in.
The method defined in this article is here.
Conclusions
For a sound zero-knowledge proof implementation, we need to show:
- Completeness. Peggy will always be able to prove to Victor that she is old enough.
- Soundness. Peggy cannot trick Victor into thinking she is old enough.
- Zero-knowledge. Victor has no idea about how old Peggy is.
Overall we need to stop giving away our data, and also start to define whom we trust to verify our information. If your systems still ask and store sensitive information, then think about changing them. We are moving to a citizen-focused world, and our existing methods just don’t cope well.
Get Best Software Deals Directly In Your Inbox
