Theory Question: Why isn't RSA a 0-knowledge Proof
Simple question, why isn't the hard problem of proving that I know a secret key (d) for a given (e,n) (public key and modulus) a zero-knowledge proof? Is some amount of information leaked during challanges? _______________________ Regards, Is this true or only clever? -Augustine Birrell Joseph Reagle http://farnsworth.mit.edu/~reagle/home.html reagle@mit.edu 0C 69 D4 E8 F2 70 24 33 B4 5E 5E EC 35 E6 FB 88
Zero knowledge means that the recipient obtains no information that they could not have obtained without knowing the secret information corresponding to the key. If I authenticate myself to you by giving a signature on a nonce you chose you have obtained information that you could not have obtained otherwise. If it wasn't for the fact that it is IAP and you apear to be a grad student I might wonder about somone doing their course assignments via the net... :-) Phill
participants (2)
-
hallam@w3.org -
Joseph M. Reagle Jr.