|
L13-PALLADIUM Datasheet, PDF (7/7 Pages) List of Unclassifed Manufacturers – Palladium, Zero Knowledge | |||
|
◁ |
3.4 Applying ZK to Palladium
7
Figure 5: Information gained by Veriï¬er after t iterations of above communication protocol
This gives us a triple (u, b, l) which we claim is indistinguishable from the actual transcript generated
by the Prover-Veriï¬er protocol above. (This is for an honest veriï¬er. If the veriï¬er actually generates
b in some other way, such as making it depend on u, then this simulation needs to be modiï¬ed by
ï¬ltering the output appropriately. Details omitted in this class. But in any case, the Veriï¬er can
simulate the distribution on transcripts, which proves that the protocol is ZK.)
A much more general and wonderful result is also known. Indeed, for any polynomial time program
P , I can convince you (in zero knowledge) that I know x, y, z, etc. such that P (x, y, z, . . . ) = true,
where P () is some polynomial time program. Clearly, this is quite a powerful cryptographic tool.
3.4 Applying ZK to Palladium
The Secure Support Component (SSC) of Palladium is a hardware module that can perform certain
cryptographic operations as well as securely store one or more cryptographic keys. It has the public-
private key pair (SK0, P K0) that is burned into the machine (as we mentioned earlier).
I want to convince a CA in zero-knowledge that I know SK0, P K0, C0, SK1 such that:
- SK0 is the secret key for P K0
- C0 is a certiï¬cate from Dell on P K0
- SK1 is the secret key for P K1 (CA knows P K1)
At this point if the CA is convinced it returns cert(P K1). Thus the CA can certify P K1 without
knowing how to link it to the original public key P K burnt into the SSC by the manufacturer.
|