© 2008 Science Publications Fractal (Mandelbrot and Julia) Zero-Knowledge Proof of Identity

We proposed a new zero-knowledge proof of identity protocol based on Mandelbrot and Julia Fractal sets. The Fractal based zero-knowledge protocol was possible because of the intrinsic connection between the Mandelbrot and Julia Fractal sets. In the proposed protocol, the private key was used as an input parameter for Mandelbrot Fractal function to generate the corresponding public key. Julia Fractal function was then used to calculate the verified value based on the existing private key and the received public key. The proposed protocol was designed to be resistant against attacks. Fractal based zero-knowledge protocol was an attractive alternative to the traditional number theory zero-knowledge protocol.


INTRODUCTION
Zero-knowledge proof of identity system is a cryptographic protocol between two parties. Whereby, the first party wants to prove that he/she has the identity (secret word) to the second party, without revealing anything about his/her secret to the second party. Following are the three main properties of zeroknowledge proof of identity [1] :

Completeness:
The honest prover convinces the honest verifier that the secret statement is true.

Soundness:
Cheating prover can't convince the honest verifier that a statement is true (if the statement is really false).

Zero-knowledge:
Cheating verifier can't get anything other than prover's public data sent from the honest prover.
In 1985, the first conceived zero-knowledge proof was given by [2] . Soon after that [3] proposed the first zero-knowledge proofs of identity. Among others there are several proposed zero-knowledge protocols such as Guillon-Quisquater proof of identity [4] , zero-knowledge proofs of identity based on ElGamal [5] , etc.
This study proposes a new zero-knowledge proof of identity based on Mandelbrot and Julia Fractal sets. The proposed paper is a proof method to prove and verify the true statements between two communicated parties without revealing the actual secret as described earlier.

Fig. 1: Zero-knowledge cave
Zero-knowledge cave: Zero-Knowledge Cave is a well-known scenario used to describe the idea of zeroknowledge proof which was published by [6] . The scenario depicted two parties in a zero-knowledge proof protocol. The first party is known as a prover (Peggy) to prove the statement, while the second party is known as a verifier (Victor) to verify the statement.
In this story, the circle cave has one entrance and a magic door which is placed inside the cave. The scenario depicted a proof protocol between Peggy and Victor, which help Peggy to prove her knowing the secret word which will open the magic door without revealing the secret word (which can open the door) to Victor. As shown by Fig. 1 the cave paths are labeled as A for the left path and 'B' for the right path. Both Victor and Peggy start from the cave entrance, X. First, Peggy enters the cave and randomly takes either path A or B while Victor must wait outside. Then, Victor will enter the cave to point Y and tell Peggy to appear from either path A or path B (randomly). Therefore, Peggy now can prove that she really knows the secret word by opening the magic door, if necessary and returns back to Y thru the path requested by Victor. For example, assume that Peggy knows the secret word and already she has gone inside the cave by path A and Victor ask her (randomly) to return back by path 'B', then she can open the magic door to appear on path A as requested by Victor. Assume Peggy does not know the secret word then this selection gives Peggy 50% chance of choosing properly. Repeating this protocol many times successfully makes Victor convinced that Peggy does actually know the secret word if Peggy can correctly appear all the time from the requested path specified by Victor.

Fractal:
In the late 19th century, complex function has been studied by Henri Poincaré Felix Klein, Pierre Fatou and Gaston Julia in exploring Fractal. In the 1960's the study of complex plane was enhanced by the modern computer graphics, which soon gave birth to the field of Fractal geometrics [7] . Among the early work on Fractal geometric was done by Benoit Mandelbrot.
In 1960, the word Fractal was introduced by Benoit Mandelbrot 1960. The word Fractal came from a Latin word fractus meaning broken or fractured. Mandelbrot has defined the term Fractal as a fragment of geometric shape, created interactively from almost similar but smaller components [7,8] . One of the important application of Fractal involves several real applications to create realistic images of nature such as the image of clouds, snow flakes, mountains, river networks, systems of blood vessels, etc. [9,10] .
Julia and Mandelbrot Fractal Sets: The Julia Fractal set (Fig. 2), developed by Gaston Julia [7] , is the set of points on a complex plane and it can be created by iterating the recursive Julia function (Eq. 1). Later in 1982, Benoit Mandelbrot began his study on Julia Fractal set. He was looking for the connection between Mandelbrot set and Julia set by studying the value c from the Julia Fractal equation [11] . As the result, Mandelbrot Fractal was defined as the set of points on a complex plane by applying Eq. 2 iteratively (Fig. 2). Actually, Mandelbrot and Julia sets are both using the same basic Fractal equation as shown by Eq. 1 and 2. But the difference between them is that, Mandelbrot Fractal set iterates z 2 + c with z starting at 0, while and Julia set iterates z 2 +c starting with varying non-zero z. The connection between Mandelbrot Fractal set and  [14] Julia fractal set is that, each point c in the Mandelbrot is actually specifies a geometric structure of a corresponding Julia set. That means if c is a complex point in the Mandelbrot set, there will be a Julia set connected to it. However, if c is not in the Mandelbrot set, then Julia set will become a Cantor dust [12,13] Existing proof of identity algorithm: As mentioned earlier there are a few proof of identity (PI) algorithms that had been proposed. In this Subsection we will show two well-known PI algorithms.
Feige-fiat-shamir proof of identity: Feige-Fiat-Shamir Proof of Identity protocol was the first zero-knowledge proof of identity protocol. This protocol includes two main parties, the prover (Peggy) and the verifier (Victor) in addition to the arbitrator. The working protocol is shown as follows [3,16] : Feige-fiat-shamir proof of identity protocol: Pre-calculation (arbitrator): • An arbitrator generates a random modulus n = p×q, where p and q are a large primes (512-1024 bits) • The arbitrator generates a public key for Peggy, by choosing a number, v, which is a quadratic residue mod n (such that x 2 = v mod n has a solution and v −1 mod n must exist). This number, v, is the public key • The private key is then the smallest s where The identification protocol: • Peggy chooses a random number r where r < n to compute x = r 2 mod n and then Peggy will send x to Victor • Victor sends Peggy a random bit, b • If the bit is 0, Peggy sends Victor r. If the bit is 1, she sends y = (r×s) mod n • If the bit = 0, then Victor will verify that x = r 2 mod n, proving that Peggy knows x • If the bit = 1, then Victor will verify that x = (y 2 ×v) mod n, proving that Peggy knows x v Guillou-quisquater proof of identity: This protocol has been used in smart card applications, as it uses the minimum size of accreditation (i.e., each round). The prover in this protocol must choose the following [4,16] : As we have shown in Fig. 5, Fractal zeroknowledge protocol involves two parties, Peggy and Victor. Peggy tries to prove her identity (secret keys (k and e)) to Victor without telling the secret itself (Eq. 7). Therefore, Peggy must generate the public key (z k e,) based on her private key by using Mandelfn and then sends it to Victor (Fig. 5, Step 1). Victor on the other hand will do the same and send his public key (z n d) to Peggy (Fig. 5, Step 2). The generated public key, z n d, is calculated by using Mandelfn equation as shown by Eq. 8: After exchanging the public keys between Peggy and Victor, Peggy will execute the Juliafn function with her secret keys to compute T (Fig. 5, Step 3) and then she will send T to Victor. Victor then will try to verify Peggy's secret by computing T' (Fig. 5, Step 4). If T = T', then Victor can verify that Peggy knows the secret and then the authentication is succeeded (Eq. 9): Working Example of The Proposed Protocol: This example was coded in C by using GMP to simulate the 64-bit complex numbers. In this example each complex number is being represented by a 64-bit value. Table 1 shows a working example of the proposed protocol. In this example, the global information, c, is initialized to a complex value (-0.1155056) + (-0.359816)i and x is initialized to 3 (The value of x is used to reduce the final calculation (Eq. 9) and can be set to 0, if desired). At the beginning, Peggy and Victor need to choose their private keys ( Table 1, row 1). Then they have to calculate the corresponding public keys as shown by Table 1, Row 2, by using the Mandelbrot function, Mandelfn. These values are z k e (Peggy's public key) and z n d (Victor's public key). Table 1, Row 3, shows both parties exchanging their public keys. Following this process is the calculation of the verified value by using Julia function, Juliafn. Peggy will produce the value, (z n d) k e, after executes the

Security analysis of the proposed protocol: Fractal
Cryptography is based on a NP-hard problem [12,13,17] . Therefore, the attack on the proposed zero-knowledge proof of identity protocol is computationally impossible because of the iteration parameter k (or n) and the variation constant e (or d), which are unknown to the public. Also, this will prevent attacks on the private values, given that d and e are represented appropriately. We suggest that the value of d and e be represented by a 128-bit value which should give 2 128 possibilities for every value of n (or k) that are being attacked with a brute force attack [12] .
Statistical analysis: Statistical analysis helps to demonstrate the strength of cryptography algorithms [18] . It is well known that many zero-knowledge proof of identity protocols have been successfully proved and analyzed by using statistical analysis. Therefore, an ideal zero-knowledge proof of identity should be resistant to the brute force of any statistical attack. Statistical analysis has been performed to prove the strength of the proposed zero-knowledge proof of identity based on Mandelbrot and Julia Fractal sets by calculating the correlations coefficient analysis of two adjacent points.

Correlation test for the proposed zero-knowledge proof of identity:
The correlation test is a statistical analysis tool. It is used to find the correlation value between two distributed points. In this Subsection, the correlation between two adjacent points has been used to perform the statistical analysis on the proposed Fractal zero-knowledge proof of identity. Correlation coefficient was calculated by using Eq. 10, 11, 12, 13 and 14: cov(x, y) E(x -E(x)(y -E(y)) = where, x and y are the values of two adjacent points. In numerical computations, the following discrete formulas have been used: This Subsection presents the correlation values for several tests on the verified key values. The verified secret values have been calculated by using general numbers for the global value and the receiver's private keys. We have calculated 256 correlation pairs by using Eq. 11 to find the correlation average. The correlation tests are based on the changing of the sender's private keys value 128 times on the key, e, as well as 128 times on the private key, n (Fig. 6a). Also, Fig. 6b shows the absolute values of the correlation tests. As shown by Fig. 7, we have designed the correlation coefficient tests by changing only one bit at a time for the key value and compared them with a predetermine control value. The key e is initialized to 1 (000…001) and then the bit 1 is moved one bit at a time to the left. All the  Table 2: Typical interpretation of the correlation coefficient (r) [19] Correlation range Interpretation of "r" ±(0-0.20) No correlation ±(0.20-0.40) Low degree of correlation ±(0.40-0.60) Moderate degree of correlation ±(0.60-0.80) Marked degree of correlation ±(0.80-1.0) High correlation generated values of e's will then compared with the control value of 000…001. For the private value n, we have initialized n to 3 (rather than 1) which make the iterations more efficient on the first correlation test and then the value of n is also changed one bit at a time as explained earlier. The absolute value for the average correlation results between two adjacent points for the verified secret key values is 0.123898 (Fig. 3). Since the correlation average is very close to zero and between 0 and 0.20, we can conclude [19] that there is no correlation between the distributed points for the verified secret key value ( Table 2). The uncorrelated result highlights the difficulty to attack the secret key by analyzing the correlation between verified secret keys. Adding the key e during the iteration of Mandelbrot and Julia functions introduces the needed complexity of the proposed protocol. Furthermore, we can identify that the security of the proposed Fractal zero-knowledge proof of identity is based on the chaos NP-hard problem and the randomness of the output generated as shown by the correlation test.