Zero knowledge proof as an enabler for Cyber weapon information sharing

Pierluigi Paganini December 26, 2015

About the Zero knowledge proof and the ability to proof capability to attack or to defence implementing the cyber deterrence.

Successful deterrence based on three aspects – Capability, Threatening message and Transmitting the message to the opponent. Therefore, One of the critical issues in cyber deterrence is the ability to proof your capability to attack or to defence. If you can prove you can do it, the other side will be more convinced, and deterred.

Applying Deterrence by punishment force you to prove to the other side that you can compromise or damage his systems.

Applying Deterrence by denial force you to prove that you can defend your systems from a potential attack.

In both cases, the cost of the attack in the eyes of your opponent is rising. And with rising costs, he will think twice before carrying out one.  However, why should one expose his secretive cyber weapon or defence structure before he has to use them?

cyber weapon Zero knowledge proof

Most of the Cyber weapons are disposable. Such are the defence solutions. If you expose your cyber weapon, your opponent will build a defence solution. If you do so with your defence structure, a hacker will find a way to bypass it. But what if there is a way to show your opponent your capabilities without reviling your secrets?

One method that potently could serve this propose is Zero knowledge proof [ZKP]. It’s a way in cryptography to prove to the other side that you hold the secret without exposing it to him.

Altho the Zero knowledge proof is used in cryptography, the abstract idea can play a role in Cyber deterrence to strengthen the capability projection of the player.

Let’s assume I have a cyber weapon that can destroy the opponent electric grid, and I want to use it to prevent him from destroying mine [I assume that he has an unknown, such weapon].

In that scenario, the first step is to convince him that I have such ability. But how can it be done? If I use it, deterrence will fail. If I don’t, it will leave a great deal of uncertainty, and deterrence will fail. It seems as “Catch 22” scenario.

However, if we add to this situation a Zero knowledge proof mechanism that will allow me to convince him that I have the ability without reviling it, deterrence can succeed.

There is no doubt it’s an initial idea. For now, the Zero knowledge proof is used in cryptography and reuse it as a cyber weapon or defence structure proof mechanism requires further research. But it gives hope to the possibility of applying a successful deterrence in the future cyber domain.

Additional reading

http://pages.cs.wisc.edu/~mkowalcz/628.pdf

http://blog.cryptographyengineering.com/2014/11/zero-knowledge-proofs-illustrated-primer.html

Written by Ami Rojkes Dombe

Ami is An Israeli-based writer, tech corresponded of the Israel Defense magazine. Covers the Israeli cyber industry, defense industries and the ICT scene. Passions include futuristic technologies, science and geopolitical aspect of technology. MA in political science with thesis in Cyber deterrence.

Pierluigi Paganini

(Security Affairs – Zero knowledge proof, cyber weapon)



you might also like

leave a comment