ICS 247 - Security Algorithms Homework 6, 50 Points
Due: Wednesday, March 12, 2003

  1. 10 points. Give a zero-knowledge proof of graph non-isomorphism, assuming that Alice has unlimited computational power. That is, Alice and Bob have two graphs G1 and G2, which Alice knows are non-isomorphic. Design a zero-knowledge proof that lets Alice show, with probability 1/2, that the graphs are non-isomorphic.
  2. 10 points. A Hamiltoniam cycle in a graph is a cycle that visits each vertex exactly once. Give a zero-knowledge proof that allows Alice to show that she knows a Hamiltonian cycle in a graph G with probability 1/2.
  3. 10 points. Let p and q be large primes, such that q divides p-1. Let G be the subgroup of order q in Z*p, and let g and h be two different generators of this subgroup. Let a secret (x,y) be known by Alice, where x and y are integers in [0,q-1]. Suppose Bob knows p, q, g, h, and z= gx hy mod p. How can Alice give a zero-knowledge proof that she knows (x,y)?
  4. 10 points. Let n=pq, where p and q are distinct primes and let x0 and x1 be two members of Z*n, such that at least one has a square root. Design an interactive protocol whereby Alice can prove to Bob, with probability at least 1/2, that she knows the square root of xi in Z*n, for i=0 or i=1, without revealing i.
  5. 10 points. Charles belongs to the Praying Atheists Club, but he doesn't want anyone to know this, for obvious reasons. Design a zero-knowledge proof of membership, so that Charles can prove (say to a challenge issued by the web site praying-atheists.org) that he belongs to the club, without revealing his actual identity (or even performing a zero-knowledge proof of his identity).