Skip to content

Latest commit

 

History

History
226 lines (163 loc) · 5.28 KB

README.md

File metadata and controls

226 lines (163 loc) · 5.28 KB

ZKP Authentication System - Python Implementation

Python implementation of the Chaum-Pedersen Zero-Knowledge Proof authentication system.

Features

  • Zero-Knowledge Authentication: Server verifies user identity without learning the password
  • Chaum-Pedersen Protocol: Non-interactive proofs via Fiat-Shamir transform
  • RESTful API: Flask-based HTTP server with session management
  • CLI Client: Easy-to-use command-line interface
  • Pure Python: No external cryptographic libraries needed for core ZKP operations

Requirements

  • Python 3.8 or higher
  • pip (Python package manager)

Installation

Install Dependencies

cd python
pip install -r requirements.txt

Or install in development mode:

cd python
pip install -e .

Usage

Starting the Server

# From the python directory
cd server
python main.py

# Specify custom port and database
python main.py --port 9000 --db custom_users.db

# Use 4096-bit parameters (generation mode)
python main.py --bits 4096 --params-mode generate

# Show help
python main.py --help

Using the Client

Register a New User

cd client
python cli_client.py register alice mypassword123

Login (Authenticate)

python cli_client.py login alice mypassword123

This will return a session token.

Verify Session Token

python cli_client.py verify <your-session-token>

Custom Server Connection

python cli_client.py register alice password --host 192.168.1.100 --port 9000
python cli_client.py login alice password --host 192.168.1.100 --port 9000

Running Tests

cd python
pytest tests/

Or with verbose output:

pytest -v tests/

API Endpoints

Same across all implementations:

  • GET /params - Fetch group parameters p, q, g, h (hex)
  • POST /register - Register by submitting client-computed y1, y2, salt
  • POST /challenge - Request a one-time nonce for authentication
  • POST /authenticate - Submit proof {a1, a2, s, nonce} to obtain a token
  • GET /verify - Verify session token

See the main API documentation in ../docs/API.md for details.

Project Structure

python/
├── zkp/
│   ├── __init__.py
│   └── chaum_pedersen.py    # Core ZKP implementation
├── db/
│   ├── __init__.py
│   └── user_database.py     # SQLite database layer
├── server/
│   ├── __init__.py
│   ├── auth_server.py       # Flask REST API server
│   └── main.py              # Server entry point
├── client/
│   ├── __init__.py
│   └── cli_client.py        # CLI client
├── tests/
│   └── test_zkp.py          # Test suite
├── requirements.txt
├── setup.py
└── README.md

Key Differences from C++ Version

  1. Safe Prime Generation: Uses sympy library for prime number generation
  2. HTTP Server: Uses Flask instead of cpp-httplib
  3. Simplicity: Pure Python implementation without external crypto libraries
  4. Performance: Slower prime generation but easier to understand and modify

Security Features

  • 2048-bit safe prime generation
  • Random salt per user (256-bit)
  • SHA-256 for hashing and challenge computation
  • Timestamp validation (5-minute window)
  • Session expiry (1 hour)
  • No password storage or transmission

Performance Notes

Initial startup may take some time (30-60 seconds) while generating the 2048-bit safe prime parameters. This is a one-time operation per server instance. For practical scenarios or use, consider:

  1. Pre-generating parameters and storing them
  2. Using smaller primes for testing (e.g., 1024-bit)
  3. Implementing parameter caching

Example Session

# Terminal 1: Start server
cd python/server
python main.py
# Wait for "Server starting on port 8080..." message

# Terminal 2: Use client
cd python/client

# Register
python cli_client.py register alice secret123
# Output: Success: User registered successfully

# Login
python cli_client.py login alice secret123
# Output:
# Success: Authentication successful
# Token: a1b2c3d4e5f6...

# Verify
python cli_client.py verify a1b2c3d4e5f6...
# Output:
# Success: Session is valid
# Valid: True

Development

Running in Development Mode

# Install in editable mode
pip install -e .

# Run server
zkp-server --port 8080

# Run client
zkp-client register alice password

Adding New Features

The modular structure makes it easy to extend:

  • Add new endpoints in server/auth_server.py
  • Extend ZKP functionality in zkp/chaum_pedersen.py
  • Add database methods in db/user_database.py

Troubleshooting

ImportError: No module named 'zkp'

Make sure you're running from the correct directory or install the package:

pip install -e .

Slow Parameter Generation

The first time you start the server, it generates 2048-bit safe primes which can take 30-60 seconds. This is normal and only happens once per server startup.

Connection Refused

Make sure the server is running and listening on the correct port.

License

This project was developed as POC for research purposes.

References

  • Chaum, D., & Pedersen, T. P. (1992). "Wallet databases with observers"
  • Fiat, A., & Shamir, A. (1986). "How to prove yourself: Practical solutions to identification and signature problems"