What is a password, but an indirect assurance that I am who I claim to be? Okay, here's my thought process...
1. What my bank wants me to prove is that I'm the owner of the account. I can't do that from home, but I can submit a password that only the account owner knows. The password is not me, but it's something I know.
2. So big deal, this Zero Knowledge says I'm NOT going to send the password, but instead I'll answer a set of questions, say, "What color is the front door of the bank?" and I answer "green"; "What's the max MPH that my car's speedometer can indicate?" and I answer "120"; and so on...
I really don't see the difference, categorically. It's just a set of questions instead of one question ("What's the password?"). That is, it's just asking for a series of simpler "passwords", instead of one tough password.
So what am I missing, that makes this approach fundamentally different, and worthy of a Turing prize?
1) It sounds like there is a mathematical engine on the asking side that drives the next question based on some “public key”. (The Bank)
2) The computer submitting the answer (The Customer) doesn’t know in advance which question will be asked, but given a question it knows how to compute an answer - something it can derive based on the question in #1 but only because it has a secret key.
3) Even after listening to several days worth of transactions, an attacker (The Hacker) seeking the password still couldn’t figure it out.
So, a horribly rough allegory might be the old idea of someone giving a page, paragraph and word ordinal. Both the bank and the customer would have a rare book and would be able to synchronize but an observer without the book wouldn’t be able to guess what the next answer should be, even after listening to several challenges and responses.