How to explain zero-knowledge protocols to your children (1998) [pdf]

In the same spirit and format of OP&#x27;s link, I also enjoy Thompson&#x27;s paper &quot;Reflections on Trusting Trust.&quot; It&#x27;s so dead simple yet was an ah-ha moment for me. Materials like this are the reason why I love security and cryptography (despite never had the chance to work on cryptography full-time).<p>For anyone who is interested in understanding basic ideas of cryptography, Art of the Problem also has an excellent playlist (Gambling with Secrets, Randomized algorithms) on Youtube: <a href="https:&#x2F;&#x2F;www.youtube.com&#x2F;user&#x2F;ArtOfTheProblem&#x2F;playlists" rel="nofollow">https:&#x2F;&#x2F;www.youtube.com&#x2F;user&#x2F;ArtOfTheProblem&#x2F;playlists</a><p>Art of the Problem is probably <i>the</i> transformative channel that made me see how and why Youtube is an excellent tool to learn.

If I try to keep in mind that the target audience is children, then the paragraph just before <i>The Jealous Reporter</i> is where I feel the clarity in prose really starts to fall apart. Introducing the concept of probability without really explaining its significance...or the notion of something being genuine...all this random court mumbo jumbo...simulation and parallel stuff...filming high-rise apartments with caves stuffed in them to achieve something that may not be optimal...even dropped authentication somewhere in there.<p>Really? I&#x27;m honestly surprised Alice and Bob didn&#x27;t somehow find their way into this plot...or was that Paul and Carole.

Zero-knowledge proofs are an extremely practical problem. If you could convince an algorithm that you know a password, without having to type it, you would be impervious to keyloggers or any loss of your password - you would never have to change your password, either.<p>Unfortunately, there are no practical zero-knowledge proofs anyone can use in their heads. For this reason we are left typing them at least into the local device we&#x27;re using - or having to use a second factor. Passwords can&#x27;t stay in our head. That&#x27;s a shame, because there&#x27;s no theoretical reason for this to be so. Theoretically, easy, practical zero-knowledge proofs we can implement in our heads <i>could</i> exist. But apparently they don&#x27;t.

Awesome little paper. I wish there were more papers like this! BTW, you guys might enjoy <a href="https:&#x2F;&#x2F;betterexplained.com" rel="nofollow">https:&#x2F;&#x2F;betterexplained.com</a> - the author explains math concepts in new more intuitive ways.<p>The folks at Fermat&#x27;s Library actually annotated this paper not too long ago: <a href="https:&#x2F;&#x2F;fermatslibrary.com&#x2F;s&#x2F;how-to-explain-zero-knowledge-protocols-to-your-children" rel="nofollow">https:&#x2F;&#x2F;fermatslibrary.com&#x2F;s&#x2F;how-to-explain-zero-knowledge-p...</a>

I find the cave example non-intuitive.<p>At some point I would like to write a book about crypto for children. Here&#x27;s a dump of material I have w.r.t. zero-knowledge:<p><a href="https:&#x2F;&#x2F;github.com&#x2F;sustrik&#x2F;crypto-for-kids&#x2F;blob&#x2F;master&#x2F;zero-knowledge-proofs.md" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;sustrik&#x2F;crypto-for-kids&#x2F;blob&#x2F;master&#x2F;zero-...</a>

I don&#x27;t like this example of a ZKP. It seems like AliBaba could conclusively prove knowledge of the secret by simply being seen to enter on the left and return on the right. No interaction necessary, and it&#x27;s conclusively proven in only one iteration.<p>Am I missing something?

&gt; The pursuer arrived, and was all upset to find only Ali Baba under the sacks at the dead end of the passage. The thief had escaped.<p>The story clearly misses lively scene of beating Ali Baba as a thief.

Why wouldn&#x27;t you just record Mick going in one direction and coming out the other? I had to reread it to understand that they weren&#x27;t doing that. (I get that that is how this ties things together, but from a story perspective it feels like a weird move to me.)<p>edit: Or is there an implication that Mick may have also faked it?

I enjoyed the story, and got it!<p>The one part I miss to be able to claim understanding of zero-knowledge protocols is anchoring the story to what one uses (modern) ZKPs for. Hoping to read that connection here in the HN comments.

The idea reminds me of Dori-Mic and the Universal Machine: <a href="http:&#x2F;&#x2F;www.dori-mic.org&#x2F;" rel="nofollow">http:&#x2F;&#x2F;www.dori-mic.org&#x2F;</a>

My understanding broke down when they introduced the Israeli connection, I couldn&#x27;t understand what point was being made.

My favorite example of this from my college encryption class is: let&#x27;s say that there&#x27;s a giant jar of jelly beans, and I tell you that my super power is that I can count how many jelly beans are in that jar. I don&#x27;t want to tell you how many there are, and you might not even believe me if I did, so here is the test we&#x27;ll run:<p>I&#x27;ll turn around, and you grab a handful of jelly beans and put them behind your back. I&#x27;ll then turn back around, count the number of jelly beans in the jar, and tell you how many are in your hand.<p>After repeating this 100 times, I will have demonstrated that I can count the number of jelly beans in the jar without telling you how many are in it.