Initial commit - 611 cybersecurity skills across all subdomains

skills/implementing-zero-knowledge-proof-for-authentication/SKILL.md

@@ -0,0 +1,58 @@
+---
+name: implementing-zero-knowledge-proof-for-authentication
+description: Zero-Knowledge Proofs (ZKPs) allow a prover to demonstrate knowledge of a secret (such as a password or private key) without revealing the secret itself. This skill implements the Schnorr identificati
+domain: cybersecurity
+subdomain: cryptography
+tags: [cryptography, zero-knowledge-proof, authentication, privacy, zkp]
+version: "1.0"
+author: mahipal
+license: MIT
+---
+# Implementing Zero-Knowledge Proof for Authentication
+
+## Overview
+
+Zero-Knowledge Proofs (ZKPs) allow a prover to demonstrate knowledge of a secret (such as a password or private key) without revealing the secret itself. This skill implements the Schnorr identification protocol and a simplified ZKPP (Zero-Knowledge Password Proof) using the discrete logarithm problem, enabling authentication where the server never learns the user's password.
+
+## Objectives
+
+- Implement Schnorr's identification protocol for ZKP authentication
+- Build a non-interactive ZKP using Fiat-Shamir heuristic
+- Implement zero-knowledge password proof (ZKPP)
+- Demonstrate completeness, soundness, and zero-knowledge properties
+- Compare ZKP authentication with traditional password verification
+
+## Key Concepts
+
+### ZKP Properties
+
+| Property | Description |
+|----------|------------|
+| Completeness | Honest prover always convinces honest verifier |
+| Soundness | Dishonest prover cannot convince verifier (except negligible probability) |
+| Zero-Knowledge | Verifier learns nothing beyond the statement's truth |
+
+### Schnorr Protocol
+
+1. **Setup**: Public generator g, prime p, q (order of g)
+2. **Registration**: Prover computes y = g^x mod p (public key from secret x)
+3. **Commitment**: Prover sends t = g^r mod p (random r)
+4. **Challenge**: Verifier sends random c
+5. **Response**: Prover sends s = r + c*x mod q
+6. **Verify**: Check g^s == t * y^c mod p
+
+## Security Considerations
+
+- Use cryptographically secure random number generators
+- Challenge must be unpredictable (from verifier's perspective)
+- For non-interactive proofs, use Fiat-Shamir with collision-resistant hash
+- ZKP alone does not provide forward secrecy; combine with TLS
+
+## Validation Criteria
+
+- [ ] Honest prover always verifies successfully (completeness)
+- [ ] Random response without secret does not verify (soundness)
+- [ ] Server never receives the secret value
+- [ ] Non-interactive proof is verifiable offline
+- [ ] Multiple authentications produce different transcripts
+- [ ] Protocol resists replay attacks

skills/implementing-zero-knowledge-proof-for-authentication/references/standards.md

@@ -0,0 +1,29 @@
+# Standards and References - Zero-Knowledge Proof for Authentication
+
+## Academic References
+
+### Schnorr Identification Protocol
+- **Paper**: "Efficient Signature Generation by Smart Cards" (Claus-Peter Schnorr, 1989)
+- **Standard**: ISO/IEC 9798-5 (Entity authentication using zero-knowledge techniques)
+
+### Fiat-Shamir Heuristic
+- **Paper**: "How To Prove Yourself" (Fiat, Shamir, 1986)
+- **Description**: Converts interactive ZKP to non-interactive using hash function
+
+### RFC 8235 - Schnorr Non-Interactive Zero-Knowledge Proof
+- **URL**: https://www.rfc-editor.org/rfc/rfc8235
+- **Description**: Standardized Schnorr NIZKP
+
+### RFC 5054 - SRP (Secure Remote Password)
+- **URL**: https://www.rfc-editor.org/rfc/rfc5054
+- **Description**: Zero-knowledge password authentication protocol
+
+## Python Libraries
+
+### py-ecc
+- **URL**: https://github.com/ethereum/py_ecc
+- **Description**: Elliptic curve operations for ZKPs
+
+### cryptography
+- **URL**: https://cryptography.io/
+- **Description**: Hash functions, modular arithmetic support

skills/implementing-zero-knowledge-proof-for-authentication/references/workflows.md

@@ -0,0 +1,46 @@
+# Workflows - Zero-Knowledge Proof for Authentication
+
+## Workflow 1: Schnorr Interactive ZKP
+
+```
+Prover (knows secret x)              Verifier (knows y = g^x mod p)
+      |                                      |
+      |-- Commitment: t = g^r mod p -------->|
+      |                                      |
+      |<-- Challenge: c (random) ------------|
+      |                                      |
+      |-- Response: s = (r + c*x) mod q ---->|
+      |                                      |
+      |                              [Verify: g^s == t * y^c mod p]
+      |                              [Accept or Reject]
+```
+
+## Workflow 2: Non-Interactive ZKP (Fiat-Shamir)
+
+```
+Prover:
+  1. Choose random r
+  2. Compute t = g^r mod p
+  3. Compute c = H(g || y || t)  (Fiat-Shamir)
+  4. Compute s = (r + c*x) mod q
+  5. Send proof (t, s) to verifier
+
+Verifier:
+  1. Compute c = H(g || y || t)
+  2. Check g^s == t * y^c mod p
+```
+
+## Workflow 3: Registration and Authentication
+
+```
+[Registration]:
+  User --> [Choose password/secret x]
+       --> [Compute y = g^x mod p]
+       --> [Send y to server]
+  Server --> [Store y (public key only)]
+
+[Authentication]:
+  User <--> Server: [Run Schnorr protocol]
+  Server: [Verifies proof without learning x]
+  Server: [Grants session token on success]
+```