[PATCH] Introducing Zero-Knowledge user authentication

Andreas Gaupmann andreas.gaupmann at fh-hagenberg.at
Wed Nov 23 07:49:40 EST 2005


With this email we release an extension to OpenSSH that was initially 
developed as project for our studies at the Univerity of Applied Sciences in 

First we would like to describe the purpose of using Zero-Knowledge (ZK) for 
user authentication. Traditional authentication methods like 
challenge-response with passwords or public keys leak information about the 
credentials of a user (prover) to the verifying or any other party that can 
access the exchanged messages. Thus, with every finished authentication 
process the adversary has a greater chance of successfully purporting to 
third parties to be the prover. ZK avoids this drawback. The theory is more 
than twenty years old and is accepted by the cryptographic community.

We have chosen the ZK protocol of Ohta-Okamoto for implementation. This 
protocol is not encumbered by any patents.

We have set up a website[1] that gives a short introduction on ZK and on how 
this new user authentication method can be enabled and used. Patches for the 
OpenBSD and portable versions can be downloaded from our website. They are 
not attached to this email because of their size.

We have developed the ZK extension for the 4.0/4.0p1 releases of OpenSSH and 
can currently only offer patches for these releases. We are aware that this 
is not ideal. Depending on the feedback of the OpenSSH community, we would 
also release patches for the newest version and maintain the patch.

Now some notes on the actual implementation. We have used the existing user 
authentications as templates for incorporating the ZK protocol into OpenSSH. 
Like pubkey authentication the user has a key pair. Subsequently, we have 
adjusted the ssh-keygen for generating keys of type OO-ZK that can be used in 
the usual way as identity files and in the authorized keys files. Currently, 
the keygen cannot be used for changing the passphrase or other metadata in 
the key file.

Please have a look at our patch and comment on it. We are interested in your 

Andreas Gaupmann
Christian Schausberger
Ulrich Zehl

[1] http://zk-ssh.cms.ac/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20051122/e8792bd5/attachment.bin 

More information about the openssh-unix-dev mailing list