**A short horror story about web app data leaks and how to prevent them**

66,627 reads

by Cossack LabsOctober 26th, 2017

*Explaining crypto is hard, explaining crypto in simple words is harder. Explaining Zero Knowledge Proof to a child? Easy! So here you go — ZKP explained with some Halloween candy.*

**Previously in the series:** Explain Like I’m 5: End-to-end Encryption

Zero Knowledge Protocol (or Zero Knowledge Password Proof, ZKP) is a way of doing authentication where no passwords are exchanged, which means they cannot be stolen. This is cool because it makes your communication so secure and protected that nobody else can find out what you’re communicating about or what files you are sharing with each other.

ZKP allows you proving that you know some secret (or many secrets) to somebody at the other “end” of communication without actually revealing it. The very term “zero knowledge” originates from the fact that no (“zero”) information about the secret is revealed, but the second party (called “Verifier”) is (rightfully) convinced that the first party (called “Prover”) knows the secret in question. Why would you need to prove you know the secret without telling it? When you don’t trust the other person, but still need to persuade them that you know it. So what does the process look like?

Let’s illustrate it with the help of Bob and Alice who got some chocolate bars for Halloween.

They would like to know if they received the same amount of candy, without disclosing their number of chocolates because they don’t want to share.

Let’s assume they can have exactly 10, 20, 30, or 40 chocolate bars in their trick-or-treat bags.

To compare the number of chocolate bars they got without sharing the actual number, Bob gets 4 lockable boxes and puts a label in each that says 10, 20, 30 or 40 (chocolate bars).

Then Bob throws away all the keys except for the key to the box that corresponds to the number of chocolate bars he’s got (let’s say he has 20 chocolate bars) and leaves.

Alice takes 4 small pieces of paper and writes “+” on one of them and “-” on all the others.

Then she slips the “+” piece through a slot into the box with the number that corresponds to the number of candies she’s got (let’s say she has 30 candy bars) and slips the pieces of paper with “-” on them into the rest of the boxes and also leaves.

Bob returns and opens the one box he still has the key to — the one that corresponds to the amount of candy he’s got — and sees if it contains “+” or “-”.

If it is a “plus”, Alice has the same number of chocolate bars in her bag. If the slip of paper says “-”, it means that they have a different amount of candy (but still will not share with each other).

We know that Bob’s bag contains 20 chocolate bars and Alice’s — 30 chocolate bars. By opening the box and finding the piece of paper with a “minus” on it, Bob learns that he and Alice have different amount of candy. But he has no way of finding out whether Alice has more or fewer chocolate bars.

Alice also returns and sees that Bob has a piece of paper with a “minus” on it. So he has a different amount of candy. But both Alice and Bob still don’t know how many chocolate bars each of them has. They only know that they don’t have the same amount.

Such example, in a slightly different form, is widely known as Yao’s Millionaire’s Problem where two millionaires want to find out if they have the same amount of money without disclosing the exact amount. This is one simple example of how ZKP works.

*Thanks for reading. For a proper grown-up cryptographic explanation of Zero Knowledge Protocol, head over to our* *blog**.*

*Got something to add? We’d love to hear from you! Please reach out to us via* *[email protected]* *or* *@cossacklabs**.*

L O A D I N G

. . . comments & more!

. . . comments & more!