@cloudflare/zkp-ecdsa
Advanced tools
ZKAttest proofs knowledge of an ECDSA-P256 signature under one of many public keys that are stored in a list without revealing which public key was used to sign the message.
| Usage | Development | Cite This | Future Work |
|---|
Ready to use ZKAttest proofs, follow this short guideline.
Suppose you already have a signature of a message using ECDSA (P-256). Otherwise, create signature as follows:
// Message to be signed.
const msg = new TextEncoder().encode('kilroy was here');
// Generate a keypair for signing.
const keyPair = await crypto.subtle.generateKey(
{ name: 'ECDSA', namedCurve: 'P-256' },
true, [ 'sign', 'verify'],
);
// Sign a message as usual.
const msgHash = new Uint8Array(await crypto.subtle.digest('SHA-256', msg));
const signature = new Uint8Array(
await crypto.subtle.sign(
{ name: 'ECDSA', hash: 'SHA-256' },
keyPair.privateKey, msgHash,
)
);
Then, insert your public key in a ring of keys. This allows to hide your public key behind the ring of keys. (In this example, assume the list was generated with valid keys).
import { keyToInt } from '@cloudflare/zkp-ecdsa'
// Add the public key to an existing ring of keys,
const listKeys = [BigInt(4), BigInt(5), BigInt(6), BigInt(7), BigInt(8)];
listKeys.unshift(await keyToInt(keyPair.publicKey));
Now, create a ZKAttest proof of knowledge showing that
However, the proof does not reveal which public key was used during signing.
import { generateParamsList, proveSignatureList } from '@cloudflare/zkp-ecdsa'
// Create a zero-knowledge proof about the signature.
const params = generateParamsList();
const zkAttestProof = await proveSignatureList(
params,
msgHash,
signature,
keyPair.publicKey,
0, // position of the public key in the list.
listKeys
);
After this, everyone can verify the proof is valid, which means the message was signed by the holder of an ECDSA key pair, but without identifying exactly which one of the keys in the ring was used to produce the proof. Do not disclose the original signature as it is already embedded inside the proof.
import { verifySignatureList } from '@cloudflare/zkp-ecdsa'
// Verify that zero-knowledge proof is valid.
const valid = await verifySignatureList(params, msgHash, listKeys, zkAttestProof)
console.assert(valid == true)
That's all.
This software library is part of the article "ZKAttest: Ring and Group Signatures for Existing ECDSA Keys" published at Selected Areas in Cryptography (SAC 2021) authored by Armando Faz Hernández, Watson Ladd, and Deepak Maram.
A copy of this paper can be downloaded at research.cloudflare.com or at the IACR ePrint 2021/1183.
To cite this library, use one of the following formats and update the version and date you accessed to this project.
APA Style
Faz-Hernández, A., Ladd, W., Maram, D. (2021). ZKAttest: Ring and Group Signatures for Existing ECDSA Keys. In: AlTawy, R., Hülsing, A. (eds) Selected Areas in Cryptography. SAC 2021. Available at https://github.com/cloudflare/zkp-ecdsa. v0.2.5 Accessed Nov 2022.
BibTex Source
@inproceedings{zkattest,
doi = {10.1007/978-3-030-99277-4_4},
title = {ZKAttest: Ring and Group Signatures for Existing ECDSA Keys},
author = {Faz-Hernández, Armando and Ladd, Watson and Maram, Deepak},
booktitle = {Selected Areas in Cryptography},
editor = {AlTawy, Riham and Hülsing, Andreas},
publisher = {Springer International Publishing},
address = {Cham},
isbn = {978-3-030-99277-4},
pages = {68--83},
month = {oct},
year = {2021},
note = {Available at \url{https://github.com/cloudflare/zkp-ecdsa}.
v0.2.5 Accessed Nov 2022},
}
CFF Style
Find attached a CITATION.cff file.
| Task | NPM scripts |
|---|---|
| Installing | $ npm ci |
| Building | $ npm run build |
| Unit Tests | $ npm run test |
| Benchmarking | $ npm run bench |
| Flamegraph Profile | $ npm run flame |
| Code Linting | $ npm run lint |
| Code Formating | $ npm run format |
| Bundling Library | $ npm run bundle |
The project is licensed under the Apache 2.0 License
FAQs
zkp-ecdsa: A Typescript Implementation of ZKAttest
The npm package @cloudflare/zkp-ecdsa receives a total of 706 weekly downloads. As such, @cloudflare/zkp-ecdsa popularity was classified as not popular.
We found that @cloudflare/zkp-ecdsa demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 33 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A look at the top trends in how threat actors are weaponizing open source packages to deliver malware and persist across the software supply chain.
Security News
ESLint now supports HTML linting with 48 new rules, expanding its language plugin system to cover more of the modern web development stack.
Security News
CISA is discontinuing official RSS support for KEV and cybersecurity alerts, shifting updates to email and social media, disrupting automation workflows.