This repository implements a Zero-Knowledge Proof (ZKP) authentication protocol as a Proof-of-Concept application. The ZKP protocol is a viable alternative to password hashing in an authentication schema. The main goal of this project is to support one-factor authentication, which involves exact matching of a number (registration password) stored during registration and another number (login password) generated during the login process.
Click here to watch the demo presentation.
- golang (v1.20)
- protoc compiler (v23.3)
- docker (v20.10.21)
- docker-compose (v20.20.2)
- VSCode or any other suitable IDE
Refer here for the complete overview of the protocol and the project structure.
To achieve the implementation of the Zero-Knowledge Proof (ZKP) authentication protocol, the following approach is taken:
- The gRPC server and client APIs are constructed based on the given
protobuf
schema using theprotoc
compiler.
- The Chaum-Pedersen Zero Knowledge Proof Protocol is implemented and tested in isolation. Please note that in order to support Big integers, the variables
r1
,r2
,c
, ands
in the Zero-Knowledge Proof (ZKP) authentication protocol have been changed fromint64
tostring
. This change was necessary becauseint64
data type has a fixed range of representable numbers (-2^63
to2^63-1
), and it may not be able to handle large integers that are required for cryptographic operations. By using thestring
data type, the ZKP protocol can now accommodate big integers without any limitation on their size. This ensures that the protocol remains secure and accurate even when dealing with large cryptographic values. With this update, the ZKP authentication protocol is better equipped to handle the complexities of cryptographic operations and provide a more reliable and secure user authentication process.For implementaion details of the protocol, refer here.
- The gRPC server is built using the
protoc
generatedzkp_auth_grpc.pb.go
andzkp_auth.pb.go
files. For detailed information, check here.
- The gRPC client is developed using the
protoc
generatedzkp_auth_grpc.pb.go
andzkp_auth.pb.go
files. For more information, click here.
- Comprehensive testing is performed on the built gRPC server and client to ensure their functionality. For more details, see here.
- A command-line interface (CLI) application is developed to provide a user-friendly interface for the ZKP authentication protocol. For more details about the CLI, check here.
- The
main
package serves as the entry point for the entire program, orchestrating the ZKP authentication protocol's execution. Refer here for more details on the same.
For a more in-depth understanding of each step, please refer to the relevant documentation provided in the links.
- Clone the repository:
git clone https://github.com/username/zkp-authentication.git
- Change into the project directory:
cd zkp-authentication
- Build the binaries:
go build .
- Start the ZKP authentication server:
./zkp-authentication --server
- Use the CLI to register a new user:
./zkp-auth register -u <username> -p <password>
- Use the CLI to log in with the registered user:
./zkp-auth login -u <username> -p <password>
Alternatively, if you don't wish to build the binaries, then
- Start the ZKP authentication server:
go run main.go --server
- Use the CLI to register a new user:
go run main.go register -u <username> -p <password>
- Use the CLI to log in with the registered user:
go run main.go login -u <username> -p <password>
To run all the test files in this project, run the following command in your local development terminal:
make test
Upon running this command, you should see all the test cases passing, ensuring the proper functioning of all components within our project. Successful test results indicate that the application is operating as expected and meeting the desired requirements.
To run using Docker, ensure that Docker is installed on your machine and follow these steps:
- Build the Docker images and containers:
cd deploy/local
docker compose up
If you encounter issues with building the containers due to IP address overlap, it is likely caused by conflicting IP addresses in the network. To resolve this, you can change the subnet address used for the containers to ensure uniqueness. By selecting a different subnet address, you can avoid conflicts and successfully build the containers.
- Enter the Docker
local-zkp-auth-client
container:
docker exec -it local-zkp-auth-client sh
Repeat steps 5, and 6 under the Usage section to test for various usernames and password.
- Stop and remove the Docker containers:
docker compose down
For the API documentation, refer to the docs directory containing individual API documentation about the gRPC server and client APIs.
Alternatively, if you wish to build your own docs, run:
godoc
and navigate to http://localhost:6060/pkg/github.com/srinathLN7/zkp_auth/internal/?m=all in your browser. You will find the links to all three packages: server, client, and cpzkp (Chaum-Pedersen ZKP).
To enhance the Zero-Knowledge Proof (ZKP) authentication protocol, the following improvements can be implemented:
-
Implement Mutual TLS Authentication:
- Introduce Mutual TLS-based authentication between the gRPC server and client to establish a secure and trusted communication channel. This ensures that both parties can verify each other's identities and encrypt the data exchanged during communication.
-
Deployment Scripts for AWS:
- Develop deployment scripts to automate the process of deploying the gRPC server and client containers to the Amazon Web Services (AWS) platform. This streamlines the deployment process and facilitates scalability and reliability.
-
Chaum-Pedersen ZKP using Elliptic Curve Cryptography (ECC):
- Enhance the Chaum-Pedersen Zero Knowledge Proof Protocol by implementing it using Elliptic Curve Cryptography (ECC).
-
Integration of SQL/NoSQL Database:
- Integrate a SQL or NoSQL database into the ZKP authentication protocol to enable persistent data storage. Storing user data in a database ensures that user information is retained across server restarts and provides better support for user management and authentication.
-
Enhanced Character Support:
- Currently, the transformation of the user password into a secret value
x
is performed using theStringToUniqueBigInt
function in theutil
library. This function relies on ASCII characters and uses base 256 to encode the password string. However, to accommodate passwords containing characters beyond the ASCII range, we can extend the character support by utilizing a wider range of characters for encoding.
- Currently, the transformation of the user password into a secret value
This branch contains some suggestions to improve the codebase in main
branch
Done
- Updated the
SERVER_ADDRESS
environment variable for both thezkp-auth-server
andzkp-auth-client
containers to use the service namezkp-auth-server
as the hostname. Docker Compose's built-in DNS resolution will automatically resolve this hostname to the IP address of the corresponding container. - Remove unnecessary declaration of channel
c
incmd.go
file insideRootCmd
function. log.Fatal
,log.Fatalf
internally callsos.Exit(1)
. Hence allos.Exit(1)
statements can be removed afterlog.Fatal
andlog.Fatalf
statements.
Tobe Done
- Introduce custom grpc error
ErrUSerNotFound
with status code404
in theerror.go
file to cover the case where the client invokeslogin
before registering a user. - Combine the two test files
server_test.go
andclient_test.go
inside theinternal/test
directory into one single filegrpc_test.go
. Consider renaming the functionsetupGRPCClient
tosetupGRPCTest
.
This project is licensed under the MIT License.