> The classic example, given in all complexity classes I've ever taken, is the following: Imagine your friend is color-blind. You have two billiard balls; one is red, one is green, but they are otherwise identical. To your friend they seem completely identical, and he is skeptical that they are actually distinguishable. You want to prove to him (I say "him" as most color-blind people are male) that they are in fact differently-colored. On the other hand, you do not want him to learn which is red and which is green.
Here is the proof system. You give the two balls to your friend so that he is holding one in each hand. You can see the balls at this point, but you don't tell him which is which. Your friend then puts both hands behind his back. Next, he either switches the balls between his hands, or leaves them be, with probability 1/2 each. Finally, he brings them out from behind his back. You now have to "guess" whether or not he switched the balls.
By looking at their colors, you can of course say with certainty whether or not he switched them. On the other hand, if they were the same color and hence indistinguishable, there is no way you could guess correctly with probability higher than 1/2.
If you and your friend repeat this "proof" t times (for large t), your friend should become convinced that the balls are indeed differently colored; otherwise, the probability that you would have succeeded at identifying all the switch/non-switches is at most 2−t. Furthermore, the proof is "zero-knowledge" because your friend never learns which ball is green and which is red; indeed, he gains no knowledge about how to distinguish the balls.
Sure. Just find two billiard balls that are indistinguishable unless God exists. Give them to your Bible-blind friend, and try to guess whether he switches them behind his back or not.
Um... you'll need to actually find a proof for it, though. So far as I know, there are no known proofs of God's existence that can't be reasonably explained in other ways.
This is cool. I remember reading about it a while back, but had forgotten all about it. I have a question about the Peggy/Victor example: why do we need to use the probabilistic method?
Here's my alternative zero-knowledge proof that Peggy knows the word:
Victor observes Peggy walk down tunnel A. He stands at the entrance. A short while later, Peggy emerges from tunnel B. Since we know the only way to go down tunnel A and come out tunnel B is by going through the door with the secret word, Peggy must know the word.
Is there something wrong with that? Assuming what I wrote is correct, I think the hamiltonian cycle example further down the page is a much better one.
EDIT: Perhaps Peggy and Victor would have to walk down tunnel A together at the start, so that Victor can observe that the door really is shut. I don't think that invalidates my proposal though.
I don't know that every unit of an undergraduate CS curriculum needs to be an HN submission.
It's a bit silly to hear people way that college curriculum is irrelevant and then spend a drawn out period of time cobbling together a college curriculum.
The perceived hypocrisy vanishes once you remember that not everyone else on HN is the same person. (And as to your actual point: zero-knowledge proofs are interesting, and that's all the excuse that an interesting topic ever needs.)
Also, this community has a lot of smart people with different expertise areas. That means that my basic knowledge of 0knowledge proofs, or other "basic" topic will most likely be heavily augmented when the experts start talking about the deep bits that aren't covered in "cool crypto primitives 101".
The reason people say college is irrelevant is precisely because you can cobble together the curriculum yourself. Obviously there are a lot of complicated benefits and costs both ways that people can debate, but it's not obviously silly.
Kind of. The reason college is usually touted as irrelevant is because while a lot of this type of thing is interesting and to some it is necessary knowledge, most people don't need to know most of the material. (Some of HN may find zero-knowledge proofs interesting, a few might even need to know it, and the vast majority doesn't really care a whole lot. If everyone here was forced to read about it, there would probably be whining and gnashing of teeth.)
The support for that position is because of what you said. Namely, if you find yourself needing it later in life you can just look it up. Because you can stitch together the curriculum when needed, doing it all up front isn't necessary. (So goes the argument; but personally I think it's somewhat short-sighted in some ways.)
The "stitch together the curriculum when needed" argument ignores the possibility that there is significant value to learning an interrelated body of knowledge, even several such interrelated bodies of knowledge, including their relationships to each other, at the same time. Education does not merely consist of acquiring a disarticulated set of independent factoids.
> The classic example, given in all complexity classes I've ever taken, is the following: Imagine your friend is color-blind. You have two billiard balls; one is red, one is green, but they are otherwise identical. To your friend they seem completely identical, and he is skeptical that they are actually distinguishable. You want to prove to him (I say "him" as most color-blind people are male) that they are in fact differently-colored. On the other hand, you do not want him to learn which is red and which is green.
Here is the proof system. You give the two balls to your friend so that he is holding one in each hand. You can see the balls at this point, but you don't tell him which is which. Your friend then puts both hands behind his back. Next, he either switches the balls between his hands, or leaves them be, with probability 1/2 each. Finally, he brings them out from behind his back. You now have to "guess" whether or not he switched the balls.
By looking at their colors, you can of course say with certainty whether or not he switched them. On the other hand, if they were the same color and hence indistinguishable, there is no way you could guess correctly with probability higher than 1/2.
If you and your friend repeat this "proof" t times (for large t), your friend should become convinced that the balls are indeed differently colored; otherwise, the probability that you would have succeeded at identifying all the switch/non-switches is at most 2−t. Furthermore, the proof is "zero-knowledge" because your friend never learns which ball is green and which is red; indeed, he gains no knowledge about how to distinguish the balls.