Back to App
Zcrypt Docs

ZK Authentication

Prove you know a secret without revealing it

What is Zero-Knowledge Authentication?

Zero-Knowledge (ZK) authentication is a cryptographic method that allows one party (the prover) to prove to another party (the verifier) that they know a secret, without revealing the secret itself or any information derived from it.

In Zcrypt, this means you can authenticate and prove your identity without ever transmitting your password or secret key over the network, eliminating the risk of interception or server-side breaches.

Traditional vs Zero-Knowledge

Traditional Authentication

  • Password transmitted to server
  • Server stores password hashes
  • Vulnerable to man-in-the-middle
  • Server breach exposes all users
  • Service provider sees credentials

Zero-Knowledge Auth

  • Only proof is transmitted
  • Server never sees the secret
  • Proof cannot be reverse-engineered
  • Server breach reveals nothing
  • Complete privacy maintained

How ZK Authentication Works

1. Secret Generation

When you create an account, your browser generates a unique ZK secret derived from your username and a secure random value. This secret never leaves your device.

zkSecret = HASH(username + randomBytes(32))

2. Proof Generation

When authenticating, your browser generates a Zcrypt proof that demonstrates knowledge of the secret without revealing it. The proof is unique for each login.

proof = Zcrypt.prove(statement, zkSecret, publicInput)

3. Proof Verification

The server verifies the proof mathematically. If valid, it confirms you know the secret without ever seeing it. The proof cannot be reused or forged.

isValid = Zcrypt.verify(proof, publicInput) → true/false

Zcrypt Properties

Zcrypt uses Zcrypts (Zero-Knowledge Scalable Transparent ARguments of Knowledge), which provide several advantages:

Post-Quantum Secure

Resistant to attacks from quantum computers

No Trusted Setup

No initial ceremony required, fully transparent

Fast Verification

Proofs can be verified quickly even on-chain

Scalable

Proof size grows logarithmically with computation

Security Guarantees

Completeness

If you know the secret, you can always generate a valid proof that the verifier will accept.

Soundness

If you don't know the secret, you cannot generate a valid proof (except with negligible probability).

Zero-Knowledge

The proof reveals nothing about the secret except that you know it. No information can be extracted from the proof.

Implementation Example

Here's a simplified example of how ZK authentication is implemented in Zcrypt:

// Client-side: Generate proof
const proof = await generateZKProof({
  secret: userSecret,
  statement: "I know the secret for username X",
  publicInputs: { username, timestamp }
});

// Send only the proof to server
await fetch('/api/auth', {
  method: 'POST',
  body: JSON.stringify({ username, proof })
});

// Server-side: Verify proof
const isValid = await verifyZKProof({
  proof,
  publicInputs: { username, timestamp }
});

if (isValid) {
  // Grant access - server never saw the secret!
  return { authenticated: true };
}

Continue Learning

Explore how ZK authentication integrates with other parts of the system.

Solana Integration →API Reference →