# ZKAC

**Zero-Knowledge Access Control** — BBS+ anonymous credentials on BLS12-381 with an encrypted session layer (X25519, ChaCha20-Poly1305, replay protection).

## Documentation

- **[Python API](docs/PYTHON_API.md)** — types and usage for `import zkac`
- **[Security model](docs/SECURITY.md)** — threat model, assumptions, operational guidance
- **[Fuzzing](docs/FUZZING.md)** — `cargo-fuzz` harnesses

## Rust

```toml
[dependencies]
zkac = { path = "..." }
```

Public API highlights: `zkac::Node`, `zkac::Credential`, `zkac::RoleRegistry`, `zkac::IssuerKeyPair`, `zkac::MAX_BBS_AUTH_PROOF_BYTES`.

## Python

Requires Rust toolchain and [maturin](https://www.maturin.rs/).

```bash
uv venv && source .venv/bin/activate
maturin develop --features python
python -c "import zkac; print(zkac.role_id('admin').hex())"
```

Run tests: `cargo test` and `pytest tests/test_zkac.py`.

## License

See repository license file (if present).