SECURE AUTHORIZATION OF BANKING TRANSACTIONS BASED ON THE SCHNORR SCHEME
DOI:
https://doi.org/10.28925/2663-4023.2026.33.1181Keywords:
banking transaction, Schnorr scheme, zero-knowledge proof, Man-in-the-Middle attack, replay attackAbstract
The method of secure authorization of banking transaction based on the Schnorr scheme represents a cryptographic approach to verifying user authenticity using Zero-Knowledge Proof (ZKP) protocols. The proposed approach is focused at minimizing the risks of compromising confidential data during the execution of transaction in open or partially trusted environments. The method is based on the Schnorr identification protocol, which relies on the computational hardness of the discrete logarithm problem and enables authentication without transmitting the user’s secret key. The authorization model includes the interaction process between three components of the transaction, namely the client, the transaction execution environment, and the banking side. The transaction execution environment is considered to be critical and untrusted component. The protocol consists of a sequence of stages: first, the initial parameters (p, g) are generated; then the public key value (y) is formed; based on it, a proof value (t) is created; on the bank`s side, a challenge (e) is generated followed by the computation of the parameter s, and subsequently the correctness of the verification relation is checked by the bank. A distinctive feature of the approach is the absence of private key transmission and the use of random values, which prevents the recovery of secret parameters even if part of the data is intercepted. Within the scope of the study, simulations of Man-in-the-Middle (MITM) and replay attacks were performed in older to evaluate the robustness of the proposed approach. In the case of a Man-in-the-Middle attack, it is shown that modification of the parameter t leads to a violation of the verification relation, making successful transaction authorization impossible. To counter replay attacks, a timestamp (TS) mechanism and transaction parameter uniqueness were integrated into the model, eliminating the possibility of reusing intercepted data. The constructed model is based on cryptographic strength, reduction of the impact of vulnerabilities in the transaction execution environment, and ensuring the fundamental principles of digital security, namely data integrity, confidentiality, and authenticity. The proposed method demonstrates its effectiveness in scenario with a high level of threats, such as in the financial sector, where transaction protection is a critical component
Downloads
References
Internet Engineering Task Force (IETF). (2017). Schnorr non-interactive zero-knowledge proof (RFC 8235). https://datatracker.ietf.org/doc/html/rfc8235
Bellare, M., & Palacio, A. (2002). GQ and Schnorr identification schemes:Proofs of security against impersonation under active and concurrent attacks.In Advances in cryptology – CRYPTO 2002 (Lecture Notes in Computer Science, Vol. 2442, pp. 162-177).Springer. https://doi.org/10.1007/3-540-45708-9_11
Goldwasser, S., Micali, S., & Rackoff, C. (1989). The knowledge complexity of interactive proof systems. SIAM Journal on Computing, 18(1), 186-208. https://doi.org/10.1137/0218012
Pointcheval, D., & Stern, J. (2000). Security arguments for digital signatures and blind signatures. Journal of Cryptology, 13(3), 361-396. https://doi.org/10.1007/s001450010003
Conti, M., Dragoni, N., & Lesyk, V. (2016). A survey of man-in-the-middle attacks. IEEE Communications Surveys & Tutorials, 18(3), 2027-2051. https://doi.org/10.1109/COMST.2016.2548426
Ben-Sasson, E., Chiesa, A., Garman, C., Green, M., Miers, I., Tromer, E., & Virza, M. (2014). Zerocash: Decentralized anonymous payments from Bitcoin. In Proceedings of the IEEE Symposium on Security and Privacy (pp. 459-474). IEEE. https://doi.org/10.1109/SP.2014.36
Published
How to Cite
Issue
Section
License
Copyright (c) 2026 Вікторія Шлапак, Сергій Семенюк
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
