mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-12 22:24:56 +03:00

Files

T

mukul975 cb8d79e068 Map all 754 skills to MITRE ATT&CK v19.1

- Add validated mitre_attack frontmatter to all 754 skills (286 distinct
  techniques), verified against MITRE ATT&CK v19.1 via the official
  mitreattack-python library: 0 revoked, deprecated, or invalid IDs
- Curate precise per-skill technique IDs for forensics, malware-analysis,
  threat-intel, and red-team skills (e.g. DCSync -> T1003.006,
  Kerberoasting -> T1558.003, Pass-the-Ticket -> T1550.003)
- Reconcile v19.1 tactic restructuring: Defense Evasion split into
  Stealth (TA0005) and Defense Impairment (TA0112); revoked T1562.*
  family and T1070.001/.002 remapped to active equivalents (T1685.*)
- Normalize word-split tags across 35 skills (remove filename-derived
  stopword tags, add semantic cybersecurity tags)
- Add api-reference.md for 3 skills that were missing it
- Update README ATT&CK section with accurate v19.1 tactic distribution

2026-06-01 12:13:29 +02:00

3.1 KiB

Raw Permalink Blame History

name, description, domain, subdomain, tags, version, author, license, nist_csf, mitre_attack

name

description

domain

subdomain

Implementing Zero-Knowledge Proof for Authentication

Overview

Zero-Knowledge Proofs (ZKPs) allow a prover to demonstrate knowledge of a secret (such as a password or private key) without revealing the secret itself. This skill implements the Schnorr identification protocol and a simplified ZKPP (Zero-Knowledge Password Proof) using the discrete logarithm problem, enabling authentication where the server never learns the user's password.

When to Use

When deploying or configuring implementing zero knowledge proof for authentication capabilities in your environment
When establishing security controls aligned to compliance requirements
When building or improving security architecture for this domain
When conducting security assessments that require this implementation

Prerequisites

Familiarity with cryptography concepts and tools
Access to a test or lab environment for safe execution
Python 3.8+ with required dependencies installed
Appropriate authorization for any testing activities

Objectives

Implement Schnorr's identification protocol for ZKP authentication
Build a non-interactive ZKP using Fiat-Shamir heuristic
Implement zero-knowledge password proof (ZKPP)
Demonstrate completeness, soundness, and zero-knowledge properties
Compare ZKP authentication with traditional password verification

Key Concepts

ZKP Properties

Property	Description
Completeness	Honest prover always convinces honest verifier
Soundness	Dishonest prover cannot convince verifier (except negligible probability)
Zero-Knowledge	Verifier learns nothing beyond the statement's truth

Schnorr Protocol

Setup: Public generator g, prime p, q (order of g)
Registration: Prover computes y = g^x mod p (public key from secret x)
Commitment: Prover sends t = g^r mod p (random r)
Challenge: Verifier sends random c
Response: Prover sends s = r + c*x mod q
Verify: Check g^s == t * y^c mod p

Security Considerations

Use cryptographically secure random number generators
Challenge must be unpredictable (from verifier's perspective)
For non-interactive proofs, use Fiat-Shamir with collision-resistant hash
ZKP alone does not provide forward secrecy; combine with TLS

Validation Criteria

Honest prover always verifies successfully (completeness)
Random response without secret does not verify (soundness)
Server never receives the secret value
Non-interactive proof is verifiable offline
Multiple authentications produce different transcripts
Protocol resists replay attacks

3.1 KiB Raw Permalink Blame History