School of Computer Science, McGill University, Montréal, Québec, Canada.
Department of Applied Physics, University of Geneva, Genève, Switzerland.
Nature. 2021 Nov;599(7883):47-50. doi: 10.1038/s41586-021-03998-y. Epub 2021 Nov 3.
Protecting secrets is a key challenge in our contemporary information-based era. In common situations, however, revealing secrets appears unavoidable; for instance, when identifying oneself in a bank to retrieve money. In turn, this may have highly undesirable consequences in the unlikely, yet not unrealistic, case where the bank's security gets compromised. This naturally raises the question of whether disclosing secrets is fundamentally necessary for identifying oneself, or more generally for proving a statement to be correct. Developments in computer science provide an elegant solution via the concept of zero-knowledge proofs: a prover can convince a verifier of the validity of a certain statement without facilitating the elaboration of a proof at all. In this work, we report the experimental realization of such a zero-knowledge protocol involving two separated verifier-prover pairs. Security is enforced via the physical principle of special relativity, and no computational assumption (such as the existence of one-way functions) is required. Our implementation exclusively relies on off-the-shelf equipment and works at both short (60 m) and long distances (≥400 m) in about one second. This demonstrates the practical potential of multi-prover zero-knowledge protocols, promising for identification tasks and blockchain applications such as cryptocurrencies or smart contracts.
保护秘密是我们当代信息时代的一个关键挑战。然而,在常见情况下,透露秘密似乎是不可避免的;例如,在银行识别自己以取款时。反过来,在不太可能但并非不现实的情况下,如果银行的安全系统受到攻击,这可能会带来非常不利的后果。这自然引发了一个问题,即透露秘密对于识别自己,或者更一般地说,对于证明陈述是正确的,是否从根本上是必要的。计算机科学的发展通过零知识证明的概念提供了一个优雅的解决方案:证明者可以在不提供证明细节的情况下说服验证者某个陈述的有效性。在这项工作中,我们报告了涉及两个分离的验证者-证明者对的这种零知识协议的实验实现。安全性通过特殊相对论的物理原理来强制实施,并且不需要任何计算假设(例如单向函数的存在)。我们的实现完全依赖于现成的设备,并且在大约一秒钟内可在短距离(60m)和长距离(≥400m)上工作。这证明了多证明者零知识协议的实际潜力,有望用于身份识别任务和区块链应用,例如加密货币或智能合约。
