Analysis of Zero-Key Authentication and Zero-Knowledge Proof

Abstract

Recently passwordless authentication such as zero-key authentication or zero-knowledge access control is becoming popular among businesses prioritizing their users' and employees' security and digital experience. A challenge-response mechanism and public key infrastructure (PKI) cryptography are employed to perform the zero-key authentication or zero- knowledge access control that authorizes user access to an online service without a password or any shared secret required. Using a large quantum computer, a quantum algorithm could break the hard mathematical problems underlying PKI. The National Institute of Standards and Technology (NIST) has launched a program and competition to standardize one or more post-quantum cryptographic (PQC) algorithms to fight against quantum attacks. In this paper, we have conducted the first-ever mathematical analysis of lattice-based and polynomial-based PQC by introducing the relationship between automorphism and homomorphism. This analysis can help enterprises and organizations leverage NIST-selected PQC algorithms to safeguard their online services from quantum attacks. We performed the simulation to illustrate brute force broken probability for polynomial-based or multivariate-based PQC to validate our mathematical analysis of PQC.