EXHIBIT 03● REAL MODULAR ARITHMETIC
Schnorr Identification Protocol
A classic math-based proof of knowing a secret number without revealing the number · Claus Schnorr 1989
✓ Completeness
✓ Soundness
✓ Honest-Verifier ZK
Prime p
2053
Generator g
5
Secret x (hidden)
17
Public key y = g^x mod p
375
Toy vs Production Parameters
| Dimension | This Exhibit | Production Expectation |
|---|---|---|
| Group size | p = 2053 (tiny) | ~256-bit security groups/curves |
| Challenge size | 1..50 | 128-256 bit challenge domain |
| Threat model | Educational verifier | Adversarial network + side-channel resistance |
| Implementation | Readable browser arithmetic | Audited constant-time cryptographic libraries |
This exhibit turns the cave intuition into actual arithmetic. The prover has a hidden secret number, the verifier sends a surprise challenge, and the prover responds in a way that only works if they truly know the secret.
The verifier can check the math and gain confidence, but the secret itself never gets revealed. Real-world versions use much larger numbers, but this smaller example lets you watch every step of the proof happen in the open.
PROVER (knows x = 17)
STEP 1 — COMMITMENT
Pick random r = ?
R = gr mod p = ?
→ send R to verifier
STEP 3 — RESPONSE
s = (r + c·x) mod (p−1)
s = (? + ?·17) mod 2052 = ?
→ send s to verifier
VERIFIER
STEP 2 — CHALLENGE
Pick random c = ?
← send c to prover
STEP 4 — VERIFY: g^s ≡ R·y^c (mod p)
g^s mod p = ?
R·y^c mod p = ?
Confidence0.00%
— protocol log —
What the verifier learns: Only that the prover knows x. The response s = r + c x changes every round because r is freshly random. Even knowing s and c, computing x requires solving the discrete logarithm — infeasible for large primes. Production Schnorr uses 256-bit parameters (secp256k1, Bitcoin signatures).