barry/ZKAC
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
42 Commits 3 Branches 0 Tags
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
everbarry 89706607e0 up readme
2026-05-07 23:53:44 +02:00
cli
polish and self-contain file-share demo UI
2026-05-07 18:39:39 +02:00
demo
demo: privacy-harden file share and add guardrail tests
2026-05-07 22:31:37 +02:00
docs
add cli docs
2026-05-06 18:12:31 +02:00
fuzz
v bump
2026-05-06 17:47:35 +02:00
python/zkac
v bump
2026-05-06 17:47:35 +02:00
scripts
update fuzz
2026-05-06 17:42:51 +02:00
src
major bugfixes
2026-05-06 16:35:09 +02:00
tests
p2p grants
2026-05-06 00:08:46 +02:00
.gitignore
cleanup
2026-05-07 22:46:07 +02:00
Cargo.lock
v bump
2026-05-06 17:47:35 +02:00
Cargo.toml
v bump
2026-05-06 17:47:35 +02:00
pyproject.toml
polish and self-contain file-share demo UI
2026-05-07 18:39:39 +02:00
README.md
up readme
2026-05-07 23:53:44 +02:00
uv.lock
polish and self-contain file-share demo UI
2026-05-07 18:39:39 +02:00

README.md

ZKAC

Zero-Knowledge Access Control — anonymous authorization with BBS+ credentials on BLS12-381, over an encrypted session layer (X25519, ChaCha20-Poly1305, replay-safe records).

Philosophy

ZKAC is built around trustless federation: registries and services can live on ordinary network hosts, but the protocol limits what a malicious or curious node can learn or forge. Authorization is proved with transcript-bound zero-knowledge credentials, credential transfer is end-to-end encrypted, and policy state can be verified by clients instead of trusting the hosts view alone. The design sits between conventional client-server trust and heavy global blockchain consensus — see the whitepaper for goals, architecture, and comparisons.

Documentation

Doc Description
Whitepaper Goals, architecture, cryptography, adversary games
Security Threat model, assumptions, operational guidance
CLI guide zkac-node workflows, I2P, storage layout
Python API import zkac types and usage
Fuzzing cargo-fuzz harnesses

Rust crate API (e.g. zkac::Node, zkac::Credential, zkac::RoleRegistry, zkac::IssuerKeyPair, zkac::MAX_BBS_AUTH_PROOF_BYTES) is documented in code and the whitepaper; Python wraps the same core.

Quick start (Python + CLI)

Requires a Rust toolchain. maturin builds the zkac extension.

cd /path/to/ZKAC
uv venv && source .venv/bin/activate
uv sync --extra dev          # maturin + zkac-node CLI
maturin develop              # builds the Python extension (see [tool.maturin] in pyproject.toml)

Smoke-test the library:

python -c "import zkac; print(zkac.role_id('admin').hex())"

Run tests: cargo test and pytest tests/test_zkac.py.

CLI examples

Install the cli package so zkac-node is on your PATH (uv sync --extra dev or uv sync --extra cli as above). Then:

# Identities live under ~/.zkac/<userid>/
zkac-node user create alice
zkac-node user create bob

# Alice hosts the node; everyone pins the servers transport public key (from server logs or ops).
zkac-node serve alice --host 127.0.0.1 --port 9800
zkac-node server pin alice localhost:9800 --key <SERVER_PUBLIC_KEY_HEX>
zkac-node server pin bob localhost:9800 --key <SERVER_PUBLIC_KEY_HEX>

# Bob publishes a contact bundle (share out-of-band with Alice)
zkac-node user show bob --peer 127.0.0.1:9810

# Alice defines roles on a registry, then grants Bob directly
zkac-node registry create alice localhost:9800 --roles analyst,operator
zkac-node p2p-listen bob --host 127.0.0.1 --port 9810   # Bob listens for one grant
zkac-node grant alice --server localhost:9800 --registry <REGISTRY_ID> \
  --role analyst --to "<BOB_CONTACT_BUNDLE>"

zkac-node credentials list bob
zkac-node auth bob --registry <REGISTRY_ID> --role analyst --server localhost:9800

Connectivity and handshake check:

zkac-node net check 127.0.0.1:9800 --handshake --userid alice

More commands (registry, revoke, I2P, zkac-node-i2p-server) are in docs/CLI.md and cli/README.md.

Demo

The file-share demo is a self-contained Textual UI that exercises registries, P2P credential grant, buckets, and permissions — isolated from your default ZKAC home via ZKAC_HOME=~/.ZKAC-FS by default.

uv sync --extra demo
uv run python demo/file_share_server.py --port 9879
uv run python demo/file_share_tui.py

Verification: uv run python demo/file_share_smoke.py and pytest demo/test_demo_privacy_guardrails.py.

Optional: browser-side WASM that mirrors parts of the Rust library — build and integration notes are in wasm/README.md (Rust wasm32-unknown-unknown, wasm-pack).

License

See the repository license file (if present).

Description
Zero-Knowledge Access Control :P
Readme 1.7 MiB
Languages
Rust 54%
Python 45.3%
Shell 0.7%