This project implements a secure client-server setup demonstrating Zero-Knowledge Range Proofs, adhering closely to specified requirements. It features secure authentication, range proof verification, and all necessary technical components. Below is a guide to what the project includes and how to set it up and run it.
This project implements a secure client-server system where the client proves to the server that a secret value lies within a specific range without revealing the actual value. The whole thing uses elliptic curve cryptography for the zero-knowledge proofs.
Key features include:
- Mutual authentication using ECDSA signatures and a client serial ID
- Range proof generation and verification following the exact math from the problem statement
- Support for multiple range proof requests in a single session
- Session timeouts for security
- Proper error handling and logging throughout
- Configurable range parameters and proof attempts
Server (C++):
- Boost Asio for networking
- Trezor Crypto for all cryptographic operations
- Nanopb for protocol buffer serialization
- CMake for build system
- Spdlog for logging
Client (TypeScript/Node.js):
- Node.js crypto module for signing operations
- Net module for TCP connections
- Protobufjs for protocol buffers
- Elliptic library for ECC math
- Pino for logging
Both sides use secp256k1 curve and SHA256 hashing as specified.
Before you start, clone the repo with submodules:
git submodule update --init --recursivePlease ensure you have Node.js installed as we use it for the client also. If not, you can use a package manager like NVM to install it.
curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.3/install.sh | bash
nvm install --lts
nvm use --ltsFirst, you'll need to generate the cryptographic keys. I included a script for that:
node keygen.jsThis creates ECDSA key pairs for client and server, plus a client serial ID, and puts them in the right directories.
The server is in C++ and needs some dependencies. On Ubuntu, you can install them with:
sudo apt install python3-pip pipx python3-venv cmake build-essential
pipx install conan
# Check conan is set up correctly
conan --version
conan profile new default --detectThe server uses CMake and needs some dependencies. I set it up with Conan for package management:
cd server
./setup.sh # Sets up Python environment and installs requirements
./build.sh # Runs Conan install and builds with CMakeThe client is Node.js based. Install dependencies and build the protobuf files:
cd client
npm install
npm run build:proto # Generates TypeScript protobuf definitionsStart the server first:
cd server
./start.shThen run the client:
cd client
cp .env.example .env # Create your config file
npm startThe client will connect to localhost:8080, authenticate, and send multiple range proof requests. You'll see detailed logs on both sides showing the authentication process and proof verification results.
The client reads config from a .env file. You can adjust:
- Range bounds (MIN_VAL, MAX_VAL)
- Secret value to prove (SECRET)
- Number of proof attempts (TOTAL_ATTEMPTS)
- Server connection details
Check client/.env.example for the full list of options.
The implementation follows the problem statement's range proof algorithm exactly, implementing the four-square decomposition and ECC commitments. The math checks out for both the linear range proof (proving x ∈ [a,b]) and the square commitments.
Security-wise, the implementation includes protections like message size limits, session state validation, and proper cleanup. The authentication flow matches the spec: client signs serial ID hash, server challenges with random nonce, client signs that too.
The code follows OOP principles with classes for Client, Server, Session, and Crypto utilities. Error handling is comprehensive, and logging helps with debugging.
If the secret value is outside the configured range, the proof will fail as expected - that's how you can test the validation.
proto/comms.proto- Protocol buffer definitions for all messagesserver/src/- Server implementation (main.cpp, server.cpp, crypto.cpp)client/src/- Client code (index.ts, client.ts, crypto utils)keygen.js- Key generation script- Build scripts in server/ for CMake setup
The implementation is production-ready with proper build systems, dependency management, and comprehensive logging.