I'll turn around, and you grab a handful of jelly beans and put them behind your back. I'll then turn back around, count the number of jelly beans in the jar, and tell you how many are in your hand.
After repeating this 100 times, I will have demonstrated that I can count the number of jelly beans in the jar without telling you how many are in it.
I prefer this example as it is easier to visual knowing how to do a card trick than it is to understand how you would identify the number of beans in a jar. It also allows you to further explain things like collisions as a magic trick can have multiple methods. Or how by observing enough cases of the trick and "thinking" really hard you might be able to figure out how the trick is done. The crappier the magician the easier it is to figure out their trick.
Otherwise, you either get lucky on the first time and then you always know the amount, or you (more likely) loose the first time and then it doesn't matter.
But on rereading, the info to prove isn't "I know how many beans were here to start", it's "I'm capable of counting this jar of beans by looking at it". So if you guess right on the first trial, you still won't know the beans-remaining count, and will have to guess on the next trial too.
This is made super confusing by the claim that it's a ZKP of the initial count. That's narrowly true, but the real question at hand is whether you can count the beans.
Am I missing something?
Since the author allowed the use of video editing in the story anything that isn't seen in person is unconvincing.
Isn't that exactly what they're trying to do? Prove that Mick Ali knows the secret?
I thought the zero-knowledge part is in showing that Mick Ali knows the secret but without knowing/revealing the secret itself.
EDIT: On a second reading I see your point. The paper says "the reporter could not pass on his conviction to the judges".
edit: Or is there an implication that Mick may have also faked it?
The point of zero-knowledge is that an external observer should not be able to be verify the proof, only the parties involved.
Had no idea from the story that was the point of a zkp
I can see how this could provide a justification, but this is not implied in the story at all.
The one part I miss to be able to claim understanding of zero-knowledge protocols is anchoring the story to what one uses (modern) ZKPs for. Hoping to read that connection here in the HN comments.
https://blog.cryptographyengineering.com/2014/11/27/zero-kno...
Zcash is the first open, permissionless cryptocurrency that can fully protect the privacy of transactions using zero-knowledge cryptography. The Zcash client is now available for download as a command-line tool for Linux.
Unfortunately, there are no practical zero-knowledge proofs anyone can use in their heads. For this reason we are left typing them at least into the local device we're using - or having to use a second factor. Passwords can't stay in our head. That's a shame, because there's no theoretical reason for this to be so. Theoretically, easy, practical zero-knowledge proofs we can implement in our heads could exist. But apparently they don't.
The folks at Fermat's Library actually annotated this paper not too long ago: https://fermatslibrary.com/s/how-to-explain-zero-knowledge-p...
> Peggy, being a very private person, does not want to reveal her knowledge (the secret word) to Victor or to reveal the fact of her knowledge to the world in general.
Without that, the example seems overly convoluted.
For anyone who is interested in understanding basic ideas of cryptography, Art of the Problem also has an excellent playlist (Gambling with Secrets, Randomized algorithms) on Youtube: https://www.youtube.com/user/ArtOfTheProblem/playlists
Art of the Problem is probably the transformative channel that made me see how and why Youtube is an excellent tool to learn.
> The press must learn that misguided use of a computer is no more amazing than drunk driving of an automobile.
That's a silly thing to say, especially considering that there is a different and bigger problem: a software system with broken security.
Really? I'm honestly surprised Alice and Bob didn't somehow find their way into this plot...or was that Paul and Carole.
We eventually hit "Do we have no conveyance of knowledge when you cannot simulate with successive attempts?" Which is not what I generally class as children's-story language.
But the statistical argument is even harder - accepting that a low enough probability (more accurately, p value) implies a non-random source of a phenomenon is not obvious. I suspect that the initial usage would be ok, where Ali Baba says he didn't guess wrong 40 times. But the coin flip idea with Mick isn't intuitive and isn't really explained.
The lead-in is interesting, and it's a clever story, but it lost the plot on target audience pretty badly.
Simply: you can authenticate by testing one binary value many times (the cave), but you can shorten the handshake process by adding multiple secrets or multiple possibilities for each secret-test. The goal is to create a result which is highly improbable without secret knowledge, and you can trade off different values (number of secrets, number of handshakes, size of secrets) to achieve that.
I confess I don't understand the last line of that section about 'conveyance'. The process appears robustly ZKP even without successive attempts.
At some point I would like to write a book about crypto for children. Here's a dump of material I have w.r.t. zero-knowledge:
https://github.com/sustrik/crypto-for-kids/blob/master/zero-...
The story clearly misses lively scene of beating Ali Baba as a thief.
