Hi, [email protected]. I’m curious about zero-knowledge encryption, and I would like to use it in my CS50x final project. My goal is to authenticate users and store their encrypted data on the server so that only the users can decrypt it.
I understand the general concepts of public and private keys, as well as symmetric keys, and how to use them to protect data. However, I don’t understand how to authenticate users. I have searched online for information on implementing the zero proof knowledge authentication flow, but I found either vague high-level descriptions or research papers that require a strong background in mathematics and cryptography to understand and implement.
Could you maybe suggest some resources on this topic? When your search for “how to implement jwt authentication”, you can find many articles that describe the flow with code examples. I’m looking for something similar.
Or should I choose a simpler project?
So… to store encrypted data that only the user can decrypt you don’t need any fancy zero knowledge algorithms. Just have the user keep the encryption key.
For authentication you could use one of these algorithms. OPAQUE seems to be popular. I’m not an expert but it seems like it has several neat zero-knowledge style properties.
But probably forget about implementing it without a strong background in cryptography.
Thanks, I will take a look! Implementing the encryption algorithm itself wasn’t my goal, I was hoping to find and reuse an existing library. You know, like we don’t implement our own algorithms to hash passwords or generate keys.