Zero-knowledge protocols #
ZKDocs provides comprehensive, detailed, and interactive documentation on zero-knowledge proof systems and related primitives.
At Trail of Bits, we audit many implementations of non-standardized cryptographic protocols and often find the same issues. As we discovered more instances of these bugs, we wanted to find a way to prevent them in the future. Unfortunately, for these protocols, the burden is on the developers to figure out all of the low-level implementation details and security pitfalls.
We hope that ZKDocs can fill in this gap and benefit the larger cryptography community.
We aim to be both self-contained and comprehensive in the topics related to zero-knowledge proof systems, from descriptions of simple systems like Schnorr’s identification protocol, to complex proof systems like Paillier-Blum modulus. We also cover cryptographic primitives such as: random sampling, Fiat-Shamir transformation, and Shamir’s Secret Sharing.
We describe each protocol in great detail, including all necessary setup, sanity-checks, auxiliary algorithms, further references, and potential security pitfalls with their associated severity.
The protocol descriptions are interactive, letting you modify variable names. This allows you to match the variable names in ZKdocs’ specification to the variable names in your code, making it easier to find bugs and missing assertions.
- Click on $\varX$ to highlight the variable across the document. Try it!
- Type or paste with $\varX$ highlighted to edit $\varX$’s name. Press
Escapeto stop editing.
- Press the button to reset the names of all variables on the current page (variable names are independent across different pages)
We will continue to add more proof systems like Range proofs, STARK, and Bulletproofs.