creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-10 21:24:56 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
794489277cbb1fe862abc0addcd6dc540818db43
Anthropic-Cybersecurity-Skills/skills/implementing-zero-knowledge-proof-for-authentication/scripts/agent.py
T
mukul975 27c6414ca5 Add folder anatomy (scripts/agent.py + references/api-reference.md) for 648 cybersecurity skills 
Complete skill folder anatomy across all cybersecurity skills:
- scripts/agent.py: 80-150 line Python agents using real libraries (impacket,
  boto3, azure-mgmt-*, kubernetes, pefile, yara, scapy, shodan, stix2, etc.)
- references/api-reference.md: real API documentation with method signatures
- LICENSE: MIT license for all skill folders
2026-03-10 21:02:12 +01:00

126 lines
5.4 KiB
Python
Raw Blame History

#!/usr/bin/env python3
"""Agent for implementing zero-knowledge proof authentication using Schnorr protocol."""
import hashlib
import secrets
import json
import argparse
import sys
from datetime import datetime
# Safe prime and generator for discrete log ZKP
SAFE_PRIME = 0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AACAA68FFFFFFFFFFFFFFFF
GENERATOR = 2
def generate_keypair():
"""Generate a ZKP key pair (private key x, public key y = g^x mod p)."""
x = secrets.randbelow(SAFE_PRIME - 2) + 1
y = pow(GENERATOR, x, SAFE_PRIME)
print(f"[*] Generated key pair")
print(f" Public key (y): {hex(y)[:40]}...")
return x, y
def schnorr_prove(private_key):
"""Generate a Schnorr ZKP proof (commitment, challenge, response)."""
k = secrets.randbelow(SAFE_PRIME - 2) + 1
r = pow(GENERATOR, k, SAFE_PRIME)
# Fiat-Shamir heuristic: non-interactive challenge
c_input = f"{GENERATOR}{r}{pow(GENERATOR, private_key, SAFE_PRIME)}"
c = int(hashlib.sha256(c_input.encode()).hexdigest(), 16) % SAFE_PRIME
s = (k - c * private_key) % (SAFE_PRIME - 1)
return {"commitment": r, "challenge": c, "response": s}
def schnorr_verify(public_key, proof):
"""Verify a Schnorr ZKP proof without learning the private key."""
r, c, s = proof["commitment"], proof["challenge"], proof["response"]
lhs = pow(GENERATOR, s, SAFE_PRIME) * pow(public_key, c, SAFE_PRIME) % SAFE_PRIME
valid = lhs == r
print(f" [{'+'if valid else '!'}] Verification: {'PASSED' if valid else 'FAILED'}")
return valid
def zkp_password_register(password):
"""Register a password using ZKP (server stores only public key)."""
salt = secrets.token_hex(16)
pwd_hash = hashlib.pbkdf2_hmac("sha256", password.encode(), salt.encode(), 100000)
x = int.from_bytes(pwd_hash, "big") % (SAFE_PRIME - 2) + 1
y = pow(GENERATOR, x, SAFE_PRIME)
print(f"[*] Registered user (server stores salt + public key, never the password)")
return {"salt": salt, "public_key": y, "private_key": x}
def zkp_password_authenticate(password, registration):
"""Authenticate using ZKP (prove password knowledge without revealing it)."""
salt = registration["salt"]
pwd_hash = hashlib.pbkdf2_hmac("sha256", password.encode(), salt.encode(), 100000)
x = int.from_bytes(pwd_hash, "big") % (SAFE_PRIME - 2) + 1
proof = schnorr_prove(x)
valid = schnorr_verify(registration["public_key"], proof)
return valid
def run_protocol_demo(rounds=5):
"""Demonstrate ZKP authentication protocol with multiple rounds."""
print("[*] ZKP Schnorr Protocol Demo\n")
x, y = generate_keypair()
successes = 0
for i in range(rounds):
print(f"\n[*] Round {i+1}/{rounds}")
proof = schnorr_prove(x)
if schnorr_verify(y, proof):
successes += 1
print(f"\n[*] Protocol: {successes}/{rounds} rounds passed")
print(f"[*] Completeness: {'VERIFIED' if successes == rounds else 'FAILED'}")
# Soundness test: wrong key should fail
wrong_x = secrets.randbelow(SAFE_PRIME - 2) + 1
wrong_proof = schnorr_prove(wrong_x)
forgery = schnorr_verify(y, wrong_proof)
print(f"[*] Soundness (wrong key rejected): {'VERIFIED' if not forgery else 'FAILED'}")
return successes == rounds and not forgery
def run_password_demo(password="SecureP@ss123"):
"""Demonstrate ZKP password authentication."""
print("\n[*] ZKP Password Authentication Demo\n")
reg = zkp_password_register(password)
print("\n[*] Authenticating with correct password...")
ok = zkp_password_authenticate(password, reg)
print(f" Result: {'Authenticated' if ok else 'Rejected'}")
print("\n[*] Authenticating with wrong password...")
bad = zkp_password_authenticate("WrongPassword", reg)
print(f" Result: {'Authenticated' if bad else 'Rejected'}")
return ok and not bad
def main():
parser = argparse.ArgumentParser(description="Zero-Knowledge Proof Authentication Agent")
parser.add_argument("action", choices=["demo-protocol", "demo-password", "keygen", "full-test"])
parser.add_argument("--rounds", type=int, default=5, help="Protocol verification rounds")
parser.add_argument("--password", default="SecureP@ss123", help="Password for ZKP demo")
parser.add_argument("-o", "--output", default="zkp_report.json")
args = parser.parse_args()
report = {"date": datetime.now().isoformat(), "action": args.action}
if args.action == "keygen":
x, y = generate_keypair()
report["public_key"] = hex(y)
elif args.action == "demo-protocol":
report["protocol_valid"] = run_protocol_demo(args.rounds)
elif args.action == "demo-password":
report["password_auth_valid"] = run_password_demo(args.password)
elif args.action == "full-test":
report["protocol_valid"] = run_protocol_demo(args.rounds)
report["password_auth_valid"] = run_password_demo(args.password)
with open(args.output, "w") as f:
json.dump(report, f, indent=2, default=str)
print(f"\n[*] Report saved to {args.output}")
if __name__ == "__main__":
main()
Reference in New Issue View Git Blame Copy Permalink