Zero-Knowledge Protocol
The cryptographic handshake that secures your users without exposing their secrets.
1
Client Setup
The user enters their password. The client derives a private value from it using the username and salt. The browser also generates a non-exportable device key.
2
Identity Registration
The client computes a cryptographic verifier from the private value. Only the verifier is sent to the server—never the password or private key.
3
Login Request
To authenticate, the client requests a challenge. The server generates a fresh nonce and returns the user's public SRP parameters.
4
Proof & Verification
The client computes a zero-knowledge proof and signs it with the device key. The server verifies both cryptographically before issuing a session token.
Roles & Responsibilities
◈ZKAuth Handles
- Identity storage (public commitments only)
- Zero-knowledge proof verification
- Session token issuance (JWT)
- Device key binding
- Delegation management
⚙Your Backend Handles
- User profile data (name, email, prefs)
- Authorization & permissions (RBAC)
- Business logic & workflows
- Resource access control
- Application sessions