Successful deterrence based on three aspects – Capability, Threatening message and Transmitting the message to the opponent. Therefore, One of the critical issues in cyber deterrence is the ability to proof your capability to attack or to defence. If you can prove you can do it, the other side will be more convinced, and deterred.
Applying Deterrence by punishment force you to prove to the other side that you can compromise or damage his systems.
Applying Deterrence by denial force you to prove that you can defend your systems from a potential attack.
In both cases, the cost of the attack in the eyes of your opponent is rising. And with rising costs, he will think twice before carrying out one. However, why should one expose his secretive cyber weapon or defence structure before he has to use them?
Most of the Cyber weapons are disposable. Such are the defence solutions. If you expose your cyber weapon, your opponent will build a defence solution. If you do so with your defence structure, a hacker will find a way to bypass it. But what if there is a way to show your opponent your capabilities without reviling your secrets?
One method that potently could serve this propose is Zero knowledge proof [ZKP]. It’s a way in cryptography to prove to the other side that you hold the secret without exposing it to him.
Altho the Zero knowledge proof is used in cryptography, the abstract idea can play a role in Cyber deterrence to strengthen the capability projection of the player.
In that scenario, the first step is to convince him that I have such ability. But how can it be done? If I use it, deterrence will fail. If I don’t, it will leave a great deal of uncertainty, and deterrence will fail. It seems as “Catch 22” scenario.
However, if we add to this situation a Zero knowledge proof mechanism that will allow me to convince him that I have the ability without reviling it, deterrence can succeed.
There is no doubt it’s an initial idea. For now, the Zero knowledge proof is used in cryptography and reuse it as a cyber weapon or defence structure proof mechanism requires further research. But it gives hope to the possibility of applying a successful deterrence in the future cyber domain.
Written by Ami Rojkes Dombe
(Security Affairs – Zero knowledge proof, cyber weapon)