npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

@cloudflare/zkp-ecdsa

v0.2.5

Published

zkp-ecdsa: A Typescript Implementation of ZKAttest

Downloads

3,579

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

lerwincflerwincflbarthonetlbarthonetcf-media-managercf-media-managerjacobbednarzjacobbednarzcelsocelsocf-radarcf-radardash_service_accountdash_service_accountg4brymg4brymsnigdha34snigdha34wrangler-publisherwrangler-publishermarksteynmarksteynchiminatorchiminatorsgoodhew_cfsgoodhew_cfterinjokesterinjokesthird774third774jsteinbergerjsteinbergerjasnelljasnellasapzacyasapzacypcostanzopcostanzogregbrimblegregbrimblegeelengeelenrexscariarexscariadcruz_cfdcruz_cfxuranwangxuranwangjculveyjculveysejokersejokervasturianovasturianocf-ci-writecf-ci-writesegments-writesegments-writethibmeuthibmeuxortivexortivegurjindergurjindercf-ci2cf-ci2lvalentalvalentaworengaworenga

Keywords

ecdsazero-knowledgecryptographycrypto

Readme

NPM NPM DOI

NPM

zkp-ecdsa: A Typescript Implementation of ZKAttest

ZKAttest proofs knowledge of an ECDSA-P256 signature under one of many public keys that are stored in a list without revealing which public key was used to sign the message.

| Usage | Development | Cite This | Future Work | |--|--|--|--|

Usage

Ready to use ZKAttest proofs, follow this short guideline.

Step 1

Suppose you already have a signature of a message using ECDSA (P-256). Otherwise, create signature as follows:

// Message to be signed.
const msg = new TextEncoder().encode('kilroy was here');

// Generate a keypair for signing.
const keyPair = await crypto.subtle.generateKey(
    { name: 'ECDSA', namedCurve: 'P-256' },
    true, [ 'sign', 'verify'],
);

// Sign a message as usual.
const msgHash = new Uint8Array(await crypto.subtle.digest('SHA-256', msg));
const signature = new Uint8Array(
    await crypto.subtle.sign(
        { name: 'ECDSA', hash: 'SHA-256' },
        keyPair.privateKey, msgHash,
    )
);

Step 2

Then, insert your public key in a ring of keys. This allows to hide your public key behind the ring of keys. (In this example, assume the list was generated with valid keys).

import { keyToInt } from '@cloudflare/zkp-ecdsa'

// Add the public key to an existing ring of keys,
const listKeys = [BigInt(4), BigInt(5), BigInt(6), BigInt(7), BigInt(8)];
listKeys.unshift(await keyToInt(keyPair.publicKey));

Step 3

Now, create a ZKAttest proof of knowledge showing that

  • the signature was generated using the private key, AND
  • the public key is in the ring.

However, the proof does not reveal which public key was used during signing.

import { generateParamsList, proveSignatureList } from '@cloudflare/zkp-ecdsa'

// Create a zero-knowledge proof about the signature.
const params = generateParamsList();
const zkAttestProof = await proveSignatureList(
    params,
    msgHash,
    signature,
    keyPair.publicKey,
    0, // position of the public key in the list.
    listKeys
);

Step 4

After this, everyone can verify the proof is valid, which means the message was signed by the holder of an ECDSA key pair, but without identifying exactly which one of the keys in the ring was used to produce the proof. Do not disclose the original signature as it is already embedded inside the proof.

import { verifySignatureList } from '@cloudflare/zkp-ecdsa'
// Verify that zero-knowledge proof is valid.
const valid = await verifySignatureList(params, msgHash, listKeys, zkAttestProof)
console.assert(valid == true)

That's all.

Citation

This software library is part of the article "ZKAttest: Ring and Group Signatures for Existing ECDSA Keys" published at Selected Areas in Cryptography (SAC 2021) authored by Armando Faz Hernández, Watson Ladd, and Deepak Maram.

A copy of this paper can be downloaded at research.cloudflare.com or at the IACR ePrint 2021/1183.

To cite this library, use one of the following formats and update the version and date you accessed to this project.

APA Style

Faz-Hernández, A., Ladd, W., Maram, D. (2021). ZKAttest: Ring and Group Signatures for Existing ECDSA Keys. In: AlTawy, R., Hülsing, A. (eds) Selected Areas in Cryptography. SAC 2021. Available at https://github.com/cloudflare/zkp-ecdsa. v0.2.5 Accessed Nov 2022.

BibTex Source

@inproceedings{zkattest,
  doi       = {10.1007/978-3-030-99277-4_4},
  title     = {ZKAttest: Ring and Group Signatures for Existing ECDSA Keys},
  author    = {Faz-Hernández, Armando and Ladd, Watson and Maram, Deepak},
  booktitle = {Selected Areas in Cryptography},
  editor    = {AlTawy, Riham and Hülsing, Andreas},
  publisher = {Springer International Publishing},
  address   = {Cham},
  isbn      = {978-3-030-99277-4},
  pages     = {68--83},
  month     = {oct},
  year      = {2021},
  note      = {Available at \url{https://github.com/cloudflare/zkp-ecdsa}.
               v0.2.5 Accessed Nov 2022},
}

CFF Style

Find attached a CITATION.cff file.

Development

| Task | NPM scripts | |--|--| | Installing | $ npm ci | | Building | $ npm run build | | Unit Tests | $ npm run test | | Benchmarking | $ npm run bench | | Flamegraph Profile | $ npm run flame | | Code Linting | $ npm run lint | | Code Formating | $ npm run format | | Bundling Library | $ npm run bundle |

Future Work

  • Accelerate proof verification.
  • Implement the proof in other programming languages.
  • Remove dependency on native Bignum.

License

The project is licensed under the Apache 2.0 License