This project implements a Zero-Knowledge Proof (ZKP) authentication protocol based on the Chaum-Pedersen Protocol. The system is implemented in Rust, using gRPC for client-server communication, and supports both Discrete Logarithm (DL) and Elliptic Curve (EC) cryptography.
zkp_auth/
├── aws/ # AWS deployment configurations
├── client/ # Client implementation
│ └── src/
│ └── auth/ # Client authentication logic
├── crypto/ # Cryptographic implementations
│ └── src/
│ ├── dl/ # Discrete Logarithm cryptography
│ └── ec/ # Elliptic Curve cryptography
├── proto/ # Protocol Buffer definitions
├── server/ # Server implementation
│ └── src/
│ └── auth/ # Server authentication logic
├── tests/ # Integration tests
├── util/ # Utility functions and shared code
└── docker-compose.yml # Docker setup for local deployment
- ZKP Protocol implementation (Chaum-Pedersen)
- gRPC-based client-server communication
- Support for both Discrete Logarithm and Elliptic Curve flavors
- Integration tests for authentication protocol and client-server interaction
- BigNum support for large number operations
- Modular, clean, and maintainable code architecture
- Docker containerization for both client and server
- AWS deployment configuration
- Uses large prime numbers for the group order (q) and modulus (p)
- Implements the Chaum-Pedersen protocol using modular exponentiation
- Parameters:
- q: 256-bit prime
- p: 257-bit prime where p = 2q + 1
- g, h: Generators of the group of order q
- p is chosen to be a safe prime of q for simplicity
- Uses the secp256k1 curve (same as Bitcoin)
- Implements the Chaum-Pedersen protocol using elliptic curve point multiplication
- Parameters:
- Curve: secp256k1
- G, H: Points on the curve serving as generators
The original protobuf definition was modified to support BigNum operations and to include an AuthAlgo enum:
enum AuthAlgo {
DL = 0;
EC = 1;
}
message RegisterRequest {
string user = 1;
bytes y1 = 2; // Changed from int64 to bytes
bytes y2 = 3; // Changed from int64 to bytes
AuthAlgo auth_algo = 4; // Added to specify the authentication algorithm
}
// Similar changes for other messages
These changes allow for:
- The transmission of large numbers as byte arrays, supporting both DL and EC implementations.
- For DL: bytes represent BigNum values
- For EC: bytes represent compressed EC points
- Specification of the authentication algorithm (DL or EC) in each request
Tonic is used for implementing the gRPC server and client. tonic-build is used to generate Rust code from the protobuf definitions.
To resolve potential VS Code issues:
- Install protobuf:
brew install protobuf
- Add to VS Code settings:
"rust-analyzer.cargo.buildScripts.enable": true
- Restart VS Code to enable code completion for generated modules
The docker-compose.yml
file sets up two services:
-
zkp_auth_server
: The authentication server- Runs the server on 0.0.0.0:50051
-
zkp_auth_client
: The client application- Sets defaults for environment variables username and auth algo
- Runs the client, connecting to the server, executing the authentication flow
EcProver
/DlProver
: Implement the prover's side of the ZKP protocolEcVerifier
/DlVerifier
: Implement the verifier's side of the ZKP protocolEcAuthClient
/DlAuthClient
: Respective auth client implementationEcAuthServer
/DlAuthServer
: Respective auth server implementation
- Authentication protocol tests in
crypto/src/dl/
andcrypto/src/ec/
- Integration tests in
tests/
directory
- Rust 1.79 or later
- OpenSSL
- Protobuf compiler
To set up the project and install all dependencies:
- Clone the repository
- Navigate to the project root
- Run the following command to install all workspace dependencies:
cargo build
To run the server:
cargo run --package server --bin server -- 0.0.0.0 50051
This command starts the server listening on all interfaces (0.0.0.0
) on port 50051.
To run the client:
cargo run --package client --bin client -- username dl 0.0.0.0 50051
The client's main.rs
implements a complete authentication flow:
- Parses command-line arguments for username, auth algo (dl or ec), server host, and port.
- Establishes a connection with the server.
- Performs user registration, generating a secret
x
on the fly. - Initiates an authentication challenge.
- Completes the authentication process.
For local testing using Docker:
docker-compose up --build
For AWS deployment, refer to the AWS CDK stack in the aws/
directory.
- Modularity: Separate DL and EC implementations for independent development.
- Abstraction: Generalized Chaum-Pedersen protocol for both DL and EC.
- Security: Leveraging established OpenSSL library.
- Flexibility: Runtime choice between DL and EC algorithms.
- Trusted parameter setup and distribution.
- In-memory, non-persistent user registrations.
- Simplified error handling for demonstration purposes.
- Persistent storage for user registrations.
- Enhanced error handling and logging.
- Dynamic parameter distribution: Implement secure method for server to distribute updated parameters to clients.