A simulation of interactive and non-interactive zero knowledge proof protocols (Schnorr's Protocol and Flat-Shamir heuristic) for password authentication.
- Interactive and Non-interactive ZKP modes
- Rejection of invalid/tampered proofs
- Domain separation in hashing (
zkp|) to avoid collisions - Reads from
/dev/urandomfor secure randomness
Clone the repository and build the project.
git clone https://github.com/xshthkr/nolook.git
cd nolook
makeThe binary will be in the bin directory.
./bin/nolookCaution
There is a suspected bug where an overflow causes the verification to yield invalid. Will be fixing that soon.
- Commitment: Alice picks random
r, sendst = g^r mod pto Bob - Challenge: Bob replies with random
c - Response: Alice computes
s = (r - c·x) mod qand sends it - Verification: Bob checks
g^s ?= t·y^c mod p
There is no Bob interacting with Alice. Challenge c is derived via:
c = Hash("zkp|" + g "|" + y + "|" + t) % q;The rest of the protocl remains the same.
- Linux (uses
/dev/urandom) - OpenSSL (
libssl-devoropensslheaders) for SHA256 - C99 or later
- 64-bit system (uses
uint64_t)
- Schnorr's Original Paper: Efficient Signature Generation by Smart Cards
- Secure Remote Password protocol: Stanford