Basically, on most conventional username/password auth systems, client HAVE TO send the username/password pair over the network to the backend. With HTTPS it's fine, but if somehow the connection is compromised or leaked, bad things can happen.
This proof-of-concept utilizes Zero Knowledge Proof, more specifically zkSNARKS, to allow the server to verify that the user knows the password to a hash+salt, without revealing the password.
A really quick and dirty POC made in React/Express, with the ZKP powered by circom and snarkjs.
from root folder, do a npm i first.
step 1: install circom globally.
or if you dont want some random things installing, compile to binary, then temporarily add path to that to the PATH env variable for only the node command. I trust that you know how to do that, you probably uses Linux for fun. Or you can google.
https://docs.circom.io/getting-started/installation/
step 2: build the circuit
from circuits folder, run:
node compile.mjsto compile the circuits, and then
node generate_trusted.mjsto generate the trusted setup (keys, ptau,...). then run tests with:
node test.mtsif ran all 3 without errors, you are good to go.
step 3: run the backend and frontend (TODO)
it's react/express, google it or something while i update this.