2 releases
| 0.1.1 | Jan 6, 2026 |
|---|---|
| 0.1.0 | Jan 6, 2026 |
#2212 in Cryptography
440KB
7.5K
SLoC
π ZKS Protocol
Zero Knowledge Swarm β Post-Quantum Encryption with Built-in Anonymity
π Why ZKS?
ZKS Protocol is the first post-quantum secure networking SDK with built-in anonymity through onion routing. Built with 100% safe Rust, it provides unbreakable encryption for the quantum computing era.
| Protocol | Description | Security Model |
|---|---|---|
zk:// |
Direct encrypted connection | Post-quantum secure, low latency |
zks:// |
Swarm-routed anonymous connection | Post-quantum + onion routing |
π Table of Contents
- π Key Features
- π Quick Start
- π Security Architecture
- π¦ Crate Structure
- π§ Anonymous Routing
- π± Platform Support
- π Examples
- π‘οΈ Security
- π€ Contributing
- π License
π Key Features
π Post-Quantum Cryptography
|
π§ Onion Routing
|
β‘ High Performance
|
π Cross-Platform
|
π Quick Start
π Prerequisites
- Rust 1.70+ toolchain
- OpenSSL (for development)
π₯ Installation
Add to your Cargo.toml:
[dependencies]
zks_sdk = "0.1"
tokio = { version = "1", features = ["full"] }
π» Basic Connection (ZK://)
use zks_sdk::prelude::*;
#[tokio::main]
async fn main() -> Result<(), Box<dyn std::error::Error>> {
// Build a post-quantum secure connection
let connection = ZkConnectionBuilder::new()
.url("zk://secure-server.example.com:8443")
.security(SecurityLevel::PostQuantum)
.build()
.await?;
println!("β
Connected with post-quantum encryption!");
// Send encrypted data
connection.send(b"Hello, quantum-proof world!").await?;
// Receive response
let response = connection.recv().await?;
println!("π© Received: {:?}", response);
connection.close().await?;
Ok(())
}
π§ Anonymous Connection (ZKS://)
use zks_sdk::prelude::*;
#[tokio::main]
async fn main() -> Result<(), Box<dyn std::error::Error>> {
// Build an anonymous swarm-routed connection
let connection = ZksConnectionBuilder::new()
.url("zks://hidden-service.example.com:8443")
.min_hops(3) // Route through 3+ relay nodes
.security(SecurityLevel::TrueVernam)
.build()
.await?;
println!("π§
Anonymous connection established!");
println!(" Your IP is hidden from the destination server.");
// Send anonymous message
connection.send(b"Confidential message").await?;
connection.close().await?;
Ok(())
}
π Browser (WebAssembly)
import init, { ZksWasmUtils } from 'zks-wasm';
await init();
// Generate post-quantum keypair
const keypair = ZksWasmUtils.generate_ml_dsa_keypair();
console.log("π Generated ML-DSA keypair");
// Sign a message
const message = new TextEncoder().encode("Hello from the browser!");
const signature = ZksWasmUtils.ml_dsa_sign(message, keypair.signing_key);
console.log("βοΈ Signature created");
// Verify signature
const isValid = ZksWasmUtils.ml_dsa_verify(message, signature, keypair.verifying_key);
console.log("β
Signature valid:", isValid);
π Security Architecture
π Cryptographic Primitives
| Component | Algorithm | Security Level |
|---|---|---|
| Key Exchange | ML-KEM-768 (Kyber) | NIST Level 3 (IND-CCA2) |
| Signatures | ML-DSA-65 (Dilithium) | NIST Level 3 (EUF-CMA) |
| Symmetric Encryption | Wasif-Vernam Cipher | ChaCha20-Poly1305 + XOR |
| Random Entropy | drand beacon + local | TRUE random (not pseudo) |
π‘οΈ Security Levels
pub enum SecurityLevel {
/// Classical cryptography (for testing only)
Classical,
/// Post-quantum secure (recommended for production)
PostQuantum,
/// Maximum security with TRUE random entropy
TrueVernam,
}
| Level | Key Exchange | Encryption | Use Case |
|---|---|---|---|
Classical |
Random | ChaCha20 | Testing/Development |
PostQuantum |
ML-KEM | Wasif-Vernam | Production |
TrueVernam |
ML-KEM + drand | OTP-style | Maximum Security |
π 3-Message Handshake
ββββββββββββββββ ββββββββββββββββ
β Initiator β β Responder β
ββββββββ¬ββββββββ ββββββββ¬ββββββββ
β β
β 1. HandshakeInit β
β ββββββββββββββββββββββββββββββββββββββΊ β
β [ephemeral_pk, nonce] β
β β
β 2. HandshakeResponse β
β ββββββββββββββββββββββββββββββββββββββ β
β [ephemeral_pk, ciphertext, signature] β
β β
β 3. HandshakeFinish β
β ββββββββββββββββββββββββββββββββββββββΊ β
β [confirmation_hash] β
β β
βΌ βΌ
[shared_secret derived] [shared_secret derived]
π¦ Crate Structure
zks/
βββ zks_sdk # High-level SDK (start here!)
βββ zks_crypt # Wasif-Vernam cipher, drand integration
βββ zks_pqcrypto # ML-KEM-768, ML-DSA-65
βββ zks_proto # Handshake protocol, URL parsing
βββ zks_wire # Swarm networking, NAT traversal
βββ zks_types # Common type definitions
βββ zks_wasm # WebAssembly bindings
| Crate | Description | Key Features |
|---|---|---|
zks_sdk |
High-level developer API | Connection builders, prefabs |
zks_crypt |
Core cryptographic operations | Wasif-Vernam, scrambling, drand |
zks_pqcrypto |
Post-quantum primitives | ML-KEM, ML-DSA, Zeroizing |
zks_proto |
Protocol implementation | 3-message handshake, messages |
zks_wire |
Network layer | STUN, NAT traversal, swarm |
zks_types |
Shared types | Error types, crypto params |
zks_wasm |
Browser support | JS bindings via wasm-bindgen |
π§ Anonymous Routing
The zks:// protocol provides onion routing through a decentralized swarm network:
ββββββββββ βββββββββββ βββββββββββ βββββββββββ ββββββββββββββ
β Client βββββΊβ Entry βββββΊβ Middle βββββΊβ Exit βββββΊβ Destinationβ
β β β Relay β β Relay β β Relay β β β
ββββββββββ βββββββββββ βββββββββββ βββββββββββ ββββββββββββββ
β β β β β
βββencryptedβββΊβββencryptedβββΊβββencryptedβββΊβββplaintextββββΊβ
Features
- Multi-hop routing: Configurable number of relay hops (default: 3)
- Layered encryption: Each hop can only decrypt its layer
- Traffic analysis resistance: Optional scrambling mode
- Peer discovery: Automatic swarm network formation
π± Platform Support
| Platform | Status | Notes |
|---|---|---|
| Linux | β Full Support | Primary development platform |
| macOS | β Full Support | Intel and Apple Silicon |
| Windows | β Full Support | Windows 10/11 |
| WebAssembly | β Full Support | Chrome, Firefox, Safari |
| iOS | π Planned | Via Rust FFI |
| Android | π Planned | Via Rust FFI |
π Examples
The examples/ directory contains complete working examples:
# Basic encrypted connection
cargo run --example basic_connection
# Anonymous swarm-routed connection
cargo run --example anonymous_connection
# Secure file transfer
cargo run --example file_transfer
π What Can You Build?
| Application | Protocol | Description |
|---|---|---|
| Encrypted Messenger | zks:// |
Quantum-proof end-to-end chat |
| Secure File Sharing | zk:// |
Unbreakable file transfer |
| Anonymous APIs | zks:// |
Hide client IP addresses |
| VPN Replacement | zks:// |
Better than VPN + Tor combined |
| Whistleblowing Platform | zks:// |
Source protection |
| Healthcare/Finance | zk:// |
HIPAA/PCI compliance |
π‘οΈ Security
Security Model
- Post-quantum resistance: All key exchanges use NIST-standardized algorithms
- Forward secrecy: Session keys are derived per-connection
- Zero trust: End-to-end encryption with mutual authentication
- Memory safety: 100% safe Rust, no
unsafecode in core crates
Responsible Disclosure
Please report security vulnerabilities to: security@zks-protocol.org
See SECURITY.md for our full security policy.
π§ͺ Testing
# Run all tests
cargo test --workspace
# Run specific crate tests
cargo test -p zks_sdk
cargo test -p zks_crypt
# Run integration tests
cargo test --test integration_tests
π€ Contributing
Contributions are welcome! Here's how to get started:
- Fork the repository
- Create a feature branch (
git checkout -b feature/amazing-feature) - Commit your changes (
git commit -m 'Add amazing feature') - Push to the branch (
git push origin feature/amazing-feature) - Open a Pull Request
Please ensure your code:
- β Follows Rust best practices
- β Includes appropriate tests
- β Has documentation for public APIs
- β Passes all CI checks
π License
This project is licensed under the GNU Affero General Public License v3.0 (AGPL-3.0).
See LICENSE for the full license text.
π Contact
- GitHub Issues: Report bugs and request features
- Security: security@zks-protocol.org
Built with β€οΈ for a quantum-safe future
Protecting your privacy today, and tomorrow.
Dependencies
~25β50MB
~819K SLoC