Hi, [email protected]. I’m curious about zero-knowledge encryption, and I would like to use it in my CS50x final project. My goal is to authenticate users and store their encrypted data on the server so that only the users can decrypt it.
I understand the general concepts of public and private keys, as well as symmetric keys, and how to use them to protect data. However, I don’t understand how to authenticate users. I have searched online for information on implementing the zero proof knowledge authentication flow, but I found either vague high-level descriptions or research papers that require a strong background in mathematics and cryptography to understand and implement.
Could you maybe suggest some resources on this topic? When your search for “how to implement jwt authentication”, you can find many articles that describe the flow with code examples. I’m looking for something similar.
Or should I choose a simpler project?
I believe I understand what you want. “Zero” login. So when a user comes to your site or first boots up your app a private key gets generated locally. It will then do a handshake with the server, where that the server understands that these encrypted messages are from this user, this uniquely identifies the user, and also can be used for e2e.
Reference https://dev.to/spalladino/a-beginners-intro-to-coding-zero-knowledge-proofs-c56
I think he means something like challenge-response type of auth flow that while using user/pass, the password waa never sent to the server?
Similar to a diffie-hellman key exchange maybe? https://en.m.wikipedia.org/wiki/Diffie–Hellman_key_exchange
I believe this has been broken but that is the general gist.
DLP broken? Didn’t heard of that.
Probably saw this in passing. It doesn’t seem to indicate fully broken just this instance.
https://www.reddit.com/r/math/comments/wc4gkx/supersingular_isogeny_diffiehellman_broken/