Problem: To help protect Internet users’ privacy, cryptographers have developed zero-knowledge proofs, which allow users to demonstrate that they know, say, a password or bank-account number without actually revealing what it is. IBM, Intel, and Hewlett-Packard have used these proofs as the basis for a new Internet security protocol, similar to the Secure Sockets Layer that protects e-commerce transactions. But while the proofs themselves are secure, it’s hard to be sure that the protocols based on them are free of glitches that could allow them to be hacked.
Solution: Software designed by Michael Backes, a professor in the information security and cryptography group at Saarland University in Saarbrücken, Germany, can prove in less than a second whether an Internet protocol is truly secure. The program, the first one that’s been able to test protocols based on zero-knowledge proofs, creates simplified mathematical representations of the proofs and evaluates how they work within the protocol. The result is that it can efficiently check to see whether individual instructions in a protocol might let an interloper into the system. –Neil Savage