fe68752cc7
Harden fs auth and storage for a trustless-server model: proof-only hello, opaque tagged bucket metadata, safer connection logging, and inbox UI without raw ids. Add demo/test_demo_privacy_guardrails.py and README notes. Stop tracking demo __pycache__ and fs_data artifacts. Co-authored-by: Cursor <cursoragent@cursor.com>
ZKAC
Zero-Knowledge Access Control — BBS+ anonymous credentials on BLS12-381 with an encrypted session layer (X25519, ChaCha20-Poly1305, replay protection).
Documentation
- Changelog — releases and breaking API notes
- Python API — types and usage for
import zkac - Security model — threat model, assumptions, operational guidance
- Fuzzing —
cargo-fuzzharnesses
Rust
[dependencies]
zkac = { path = "..." }
Public API highlights: zkac::Node, zkac::Credential, zkac::RoleRegistry, zkac::IssuerKeyPair, zkac::MAX_BBS_AUTH_PROOF_BYTES.
Python
Requires a Rust toolchain. maturin builds the zkac extension; it is not on your PATH until you install it.
uv venv && source .venv/bin/activate
# Pick one way to get the `maturin` command:
uv sync --extra dev # installs maturin into this venv
# or: uv pip install maturin
# or: uvx maturin develop # no install; runs maturin once from PyPI
maturin develop # features come from [tool.maturin] in pyproject.toml
# Console script ``zkac-node`` lives in ``cli/``; install it into the venv:
uv sync --extra cli # or ``--extra demo`` (Flask demos + zkac-node)
python -c "import zkac; print(zkac.role_id('admin').hex())"
Run tests: cargo test and pytest tests/test_zkac.py.
Local web UI over the CLI: demo/cli_web_server.py (see demo/README.md). Optional in-browser WASM for the Flask demo: wasm/README.md and ./demo/build_wasm.sh (needs rustup + wasm32-unknown-unknown).
License
See repository license file (if present).