Considering provide online authenticator for password verification using zero-knowledge password proof

rooch-network / rooch

VApp Container with Move Language

https://rooch.network

Apache License 2.0

128 stars 54 forks source link

Considering provide online authenticator for password verification using zero-knowledge password proof #1015

Open feliciss opened 7 months ago

feliciss commented 7 months ago

Currently, there's a verifier in-store for verifying local password.

When intreating with Rooch server, from one or multiple clients, it is considered to borrow an online password verifier, perfectly using zero-knowledge password proof (ZKPP) defined in IEEE P1363.2.

Reference:

https://en.wikipedia.org/wiki/Zero-knowledge_password_proof

feliciss commented 7 months ago

We can use EKE (https://en.wikipedia.org/wiki/Encrypted_key_exchange) as method and IETF RFC 6124 ( https://datatracker.ietf.org/doc/html/rfc6124) as referential implementations to implement above schemes.

jolestar commented 6 months ago

Which service provides an online password verifier currently?

feliciss commented 6 months ago

Which service provides an online password verifier currently?

I'm not familiar with the ones in the blockchain field, but I know there are several online password managers, e.g. 1Password that use an entry password to unlock all passwords.

We can do so by unlocking seed phrases.

jolestar commented 6 months ago

Which service provides an online password verifier currently?

I'm not familiar with the ones in the blockchain field, but I know there are several online password managers, e.g. 1Password that use an entry password to unlock all passwords.

We can do so by unlocking seed phrases.

The 1Password only supports password management and does not provide zk online password verifier service. So, if only rooch supported zk password verifier, but no one provided password services, it would be useless.

feliciss commented 6 months ago

Which service provides an online password verifier currently?

I'm not familiar with the ones in the blockchain field, but I know there are several online password managers, e.g. 1Password that use an entry password to unlock all passwords. We can do so by unlocking seed phrases.

The 1Password only supports password management and does not provide zk online password verifier service. So, if only rooch supported zk password verifier, but no one provided password services, it would be useless.

Got it.