1. Introduction RFID technology is currently a hot research topic. It uses wireless signals for contactless, two-way information transmission, offering great convenience and flexibility, but also increasing the risk of information theft. Unlike secure wired channels, wireless channels are characterized by their openness. Anyone with a receiving device in the corresponding frequency band can eavesdrop on the wireless channel, making it easier to be eavesdropped on and harder to detect than wired channels. The lack of encryption and authentication mechanisms in the EPC (Electronic Product Code) Class 0/O+ standard has sparked widespread and heated debate regarding the protection of consumer privacy. For long-range active RFID systems, the security risks are even greater. Therefore, researching how to achieve efficient identity authentication in RFID systems is essential. Authentication, also called verification, is the process of proving whether a person or thing is real, reliable, or valid. It verifies the authenticity or validity of one or more parameters of the claimant to verify their legitimacy. Authentication takes many forms in real life; for example, the authentication of people is generally done through passwords or physiological characteristics (voice, fingerprints, retina, etc.). This paper mainly discusses the authentication process of RFID systems, which is based on zero-knowledge proof technology. Identity authentication is bidirectional, meaning the RFID card and the terminal must mutually authenticate each other. Currently, in the security issues of RFID systems (such as protecting consumer privacy), attackers primarily use methods to illegally steal RFID card information, rather than counterfeiting RFID cards. Therefore, this paper focuses on the authentication of terminals by RFID cards. 2. Defects of the Two Commonly Used Authentication Systems Authentication is divided into two types: symmetric authentication and asymmetric authentication. Symmetric authentication refers to the host and the claimant sharing some secret information beforehand, or the host knowing the image of some secret information of the claimant. The host achieves authentication by verifying whether the claimant knows this secret. Asymmetric authentication refers to the host not knowing the secret (including the image of the secret) used by the claimant to prove their identity, but only using the public key corresponding to the claimant's secret to authenticate their authenticity. 2.1 Symmetric Authentication System Symmetric authentication is more commonly used in smart cards, employing the DES symmetric encryption algorithm. Before communication, the card needs to verify the terminal. Symmetric authentication is faster and has lower requirements for the performance and resources of smart cards. However, it generally requires a centralized card issuance process before use to facilitate key distribution. Therefore, it is only suitable for a relatively single field (or a single group of people), such as mobile phone cards and bank cards. For the broader e-commerce and logistics management, asymmetric authentication is more suitable. Currently, a series of smart card-based encryption interface specifications have emerged. 2.2 Asymmetric Authentication System Compared with symmetric authentication system, asymmetric authentication system has greater flexibility. It does not fully include a specific cryptographic algorithm, but is often based on the RSA algorithm. The RSA algorithm is a major breakthrough in cryptographic theory. It successfully solved the key distribution problem, but in practical applications, it has the following difficulties: (1) The security strength of the RSA algorithm is based on the difficulty of solving a specific mathematical problem. It can be expressed as a simple mathematical formula. However, with the development of mathematics, many problems that seem difficult to solve now may be solved in the near future. Symmetric cryptographic algorithms such as DES are difficult to express as a definite mathematical form, and their security strength is therefore correspondingly higher. (2) The generation of keys in the RSA algorithm is much more complex than that in symmetric cryptosystems, especially the generation of large prime numbers p and q. If an electronic tag application system uses only a pair of p and q, the entire cryptographic system will fail if they are leaked; if each electronic tag uses different p and q, the task of generating p and q is extremely arduous. (3) Due to the limitations of electronic tag resources, it is very difficult to implement the RSA algorithm in electronic tags, mainly because it is difficult to implement the large number exponentiation modulo operation in the RSA algorithm. Even if it can be implemented, the speed is often slow. For electronic tags, their operations or transactions are completed in a very short time, such as access control systems and vehicle control systems. Therefore, the RSA algorithm sometimes does not meet the requirements of certain electronic tags and their applications, unless the electronic tag has hardware support for the large number exponentiation modulo operation, but this brings about the problem that the cost of electronic tags is high and difficult for users to accept. (4) For RFID systems, passive electronic tags themselves have no power source and can only extract energy from radio frequency signals. Therefore, their power is inevitably limited, making it difficult to complete complex algorithms like RSA. For active electronic tags, they rely on their own batteries for power and can complete this algorithm, but this will seriously affect their lifespan. 3. Novel Zero-Knowledge Authentication Protocols In real life, the common way for A to prove to B that he knows a secret is to tell B what he knows, but in doing so, B will also know the secret. How to make B believe that A knows the secret without revealing it is the problem that zero-knowledge proofs aim to solve. With zero-knowledge proofs, A can make anyone believe that he knows the secret without disclosing it. Zero-knowledge proofs allow researchers to prove to the world that they know the proof of a specific theorem without revealing the proof. This method also has many commercial applications. Research on zero-knowledge proofs has garnered significant attention from researchers worldwide and remains highly active internationally. Basic zero-knowledge proof algorithms are based on isomorphic graphs and Hamiltonian circuits. A zero-knowledge proof protocol refers to a situation where a prover P, a Turing machine with infinite computational power, proves a claimed conclusion to a Turing machine V (the verifier), which has only polynomial computational power. During this process, the verifier V receives no additional information beyond believing P's claim and is allowed to violate the protocol. Strictly speaking, assuming P and V are two probabilistic Turing machines, P has infinite computational power, and V's computational power is polynomial, a proof protocol is called a zero-knowledge proof protocol if it satisfies the following three conditions: Completeness: If P's claim is true, V accepts P's conclusion with an overwhelming probability; Validity: If P's claim is false, V rejects P's conclusion with an overwhelming probability; Zero-knowledge property: Regardless of the means V uses, when P's claim is true and does not violate the protocol, V receives no additional information beyond accepting P's conclusion. Following the emergence of this concept, research on its theoretical and practical applications immediately commenced comprehensively. Zero-knowledge proof systems have gradually formed a system, becoming one of the fundamental methods for constructing secure cryptographic systems, alongside one-way functions, one-way trapdoor functions, and pseudo-random number generators. Zero-knowledge interactive proof systems have gained widespread application in identity verification, digital signatures, and resistance to chosen-ciphertext attacks. Identity verification using zero-knowledge interactive proofs is significantly faster than that using RSA. The Feige-Fiat-Shamir algorithm, the first algorithm based on zero-knowledge proofs, emerged in the 1980s. In 2000, Nyang and Song proposed a zero-knowledge proof-based authentication protocol for smart cards, sparking widespread research into its applications. Currently, an effective zero-knowledge authentication protocol can be applied to RFID systems. This protocol is based on discrete logarithms, an important one-way function commonly used in modern cryptography, characterized by its low communication and computational requirements. Assuming P is a prime number, Zp is the integer ring modulo p, and Kp is defined as the largest divisor of p-1, whose prime factors are at least v = [log₂p]. We will consider a language set L, whose elements are strings a = (I; β, p), where β is a string Znp = Zp / {O}, βkp 1 (mod p), I ∈ Znp is I.βs 1 (mod p), and for all s ∈ Zp-1, we have L = {(I; β, p) | p is a prime number, β, I ∈ Z*p; βkp 1 (mod p); I.βs 1 (mod p)}. We call I the public number and s the secret number. Suppose H is a subset of Z*p (.) with kp, then the public numbers are elements of H, noting that for any β ∈ H, β ≠ 1, and has an order of at least v = [10g2p]. We stipulate that |p| denotes the binary length of p, and a ∈ RA indicates that element a is randomly selected from set A using a consistent assignment. Protocol (P, V): Input x = (I; β, p), V verifies that p is a prime number, then calculates kp, verifying I ∈ H, βkp 1 (mod p). If any condition fails, then V stops and exits. Step 1: P sends to V: z = βr (mod p), where r ∈ RZp-1; Step 2: V sends to P: q, where q ∈ RZ|p|; Step 3: P verifies q ∈ Z|p|; if the verification is successful, it sends to V: y (r + qs) (mod (p-1)), where s is βs.I (mod p); Step 4: V verifies y ∈ Zp-1, Z βy.Iq (mod p). If this verification fails, then the protocol stops. Step 5: The above steps are repeated independently t times, and V accepts, where t = t(|p|) is almost constant. This protocol is a membership proof in the language set L. When x ∈ L, the certifier will (almost) always accept, and when x is not a member of L, the certifier will (almost) always reject. 4. Completeness, Validity, and Zero-Knowledge of the Algorithm Completeness: When x∈L, βr.Iq βr.βφ. Iq Z(βs,I)q Z.(Mod p), V always accepts the check in step 4. Validity: When x ∈L, if IH or βk, ≠ 1 (mod p), V always rejects; if I∈H, βkp 1 (mod p), even an infinitely powerful, dishonest prover cannot answer the several sequences q in step 3. Therefore, when there is no s such that βs 1 (mod p), after t consecutive iterations, the probability of V accepting is negligible. Intuitively, zero-knowledge proof means the prover doesn't reveal any new knowledge to the authenticator because the authenticator can simulate the protocol communication themselves. The authenticator can guess their own question q and obtain Z and y from the prover. That is, they can use the same allocation in the actual protocol to generate a string (Z, q, y) that satisfies the conditions in step 4. The key to this simulation is that given q and y, it is easy to obtain an appropriate Z. Of course, the simulated proof will not guarantee x∈L to the authenticator. Therefore, the protocol meets the conditions for zero-knowledge authentication. 5. Performance Analysis: V is a polynomial limited to |n|, therefore |v| = O(log|n|). For communication and computational complexity, we only consider the case where the group element G and H are the modulo, and the group operation can be expressed in a modular manner. We assume H = *m, the input length is θ(|m|), and the protocol performance will be measured in the manner of |m|. In each loop of the protocol, steps 1 and 3 communicate |m| bits, and step 2 communicates |v| bits. For repetitions of t, we have t(2|m| + |v|) bits. Since |v| = O(log |m|) when t Δlogs|m|, the number of bits communicated is |m|logε|m|. 6. Conclusion: The application of identity authentication mechanisms in RFID technology is an inevitable trend. This paper proposes applying an authentication protocol based on zero-knowledge proofs to RFID technology. This protocol has low computational complexity, small communication volume, and high security, and the key is not easily eavesdropped. With the continuous deepening of research and people's increasing attention to information security and personal privacy, it will certainly have broad application prospects.