# Zero-Knowledge User Authentication: An Old Idea Whose Time Has Come

**Authors:** Laurent Chuat, Sarah Plocher, Adrian Perrig

arXiv: 1907.12398 · 2020-09-15

## TL;DR

This paper explores how zero-knowledge proofs can enhance user authentication by improving security and usability, leveraging ubiquitous smartphone hardware for practical, privacy-preserving login schemes.

## Contribution

It introduces an augmented PAKE protocol utilizing zero-knowledge proofs and message authentication codes, making secure, private authentication feasible with common smartphone features.

## Key findings

- Enhanced security and privacy in user authentication
- Practical implementation using smartphone hardware
- Improved usability over traditional methods

## Abstract

User authentication can rely on various factors (e.g., a password, a cryptographic key, biometric data) but should not reveal any secret or private information. This seemingly paradoxical feat can be achieved through zero-knowledge proofs. Unfortunately, naive password-based approaches still prevail on the web. Multi-factor authentication schemes address some of the weaknesses of the traditional login process, but generally have deployability issues or degrade usability even further as they assume users do not possess adequate hardware. This assumption no longer holds: smartphones with biometric sensors, cameras, short-range communication capabilities, and unlimited data plans have become ubiquitous. In this paper, we show that, assuming the user has such a device, both security and usability can be drastically improved using an augmented password-authenticated key agreement (PAKE) protocol and message authentication codes.

## Full text

_Full body text omitted from this summary view._ Fetch the complete paper as Markdown: https://tomesphere.com/paper/1907.12398/full.md

## Figures

2 figures with captions in the complete paper: https://tomesphere.com/paper/1907.12398/full.md

## References

21 references — full list in the complete paper: https://tomesphere.com/paper/1907.12398/full.md

---
Source: https://tomesphere.com/paper/1907.12398