implementing-zero-knowledge-proof-for-authentication
$
npx mdskill add mukul975/Anthropic-Cybersecurity-Skills/implementing-zero-knowledge-proof-for-authenticationExecute Schnorr proofs to authenticate secrets without exposure.
- Enables password verification while keeping credentials hidden from servers.
- Depends on Python 3.8+ and cryptographic libraries for execution.
- Decides execution based on compliance needs and security architecture.
- Delivers results by confirming knowledge without transmitting the secret.
SKILL.md
.github/skills/implementing-zero-knowledge-proof-for-authenticationView on GitHub ↗
--- name: implementing-zero-knowledge-proof-for-authentication description: Zero-Knowledge Proofs (ZKPs) allow a prover to demonstrate knowledge of a secret (such as a password or private key) without revealing the secret itself. This skill implements the Schnorr identificati domain: cybersecurity subdomain: cryptography tags: [cryptography, zero-knowledge-proof, authentication, privacy, zkp] version: "1.0" author: mahipal license: Apache-2.0 --- # Implementing Zero-Knowledge Proof for Authentication ## Overview Zero-Knowledge Proofs (ZKPs) allow a prover to demonstrate knowledge of a secret (such as a password or private key) without revealing the secret itself. This skill implements the Schnorr identification protocol and a simplified ZKPP (Zero-Knowledge Password Proof) using the discrete logarithm problem, enabling authentication where the server never learns the user's password. ## When to Use - When deploying or configuring implementing zero knowledge proof for authentication capabilities in your environment - When establishing security controls aligned to compliance requirements - When building or improving security architecture for this domain - When conducting security assessments that require this implementation ## Prerequisites - Familiarity with cryptography concepts and tools - Access to a test or lab environment for safe execution - Python 3.8+ with required dependencies installed - Appropriate authorization for any testing activities ## Objectives - Implement Schnorr's identification protocol for ZKP authentication - Build a non-interactive ZKP using Fiat-Shamir heuristic - Implement zero-knowledge password proof (ZKPP) - Demonstrate completeness, soundness, and zero-knowledge properties - Compare ZKP authentication with traditional password verification ## Key Concepts ### ZKP Properties | Property | Description | |----------|------------| | Completeness | Honest prover always convinces honest verifier | | Soundness | Dishonest prover cannot convince verifier (except negligible probability) | | Zero-Knowledge | Verifier learns nothing beyond the statement's truth | ### Schnorr Protocol 1. **Setup**: Public generator g, prime p, q (order of g) 2. **Registration**: Prover computes y = g^x mod p (public key from secret x) 3. **Commitment**: Prover sends t = g^r mod p (random r) 4. **Challenge**: Verifier sends random c 5. **Response**: Prover sends s = r + c*x mod q 6. **Verify**: Check g^s == t * y^c mod p ## Security Considerations - Use cryptographically secure random number generators - Challenge must be unpredictable (from verifier's perspective) - For non-interactive proofs, use Fiat-Shamir with collision-resistant hash - ZKP alone does not provide forward secrecy; combine with TLS ## Validation Criteria - [ ] Honest prover always verifies successfully (completeness) - [ ] Random response without secret does not verify (soundness) - [ ] Server never receives the secret value - [ ] Non-interactive proof is verifiable offline - [ ] Multiple authentications produce different transcripts - [ ] Protocol resists replay attacks