Why Do We Still Give Away Our Secrets?

Building a Zero-Knowledge Proof World With Elliptic Curves and Golang

The demo of the code is defined [here].

We will in a world where we continually give away our secret. We blinding send our passwords to systems, and which then create a hash of them. Unfortunately, these days, it is not too difficult to determine the password which caused the hash. The days of rainbow tables are gone too, as most passwords are salted for their hash. But the power of Hashcat and GPUs, makes brute force the natural choice in cracking passwords.

So there must be a better way!

And the better way is not to give away your sensitive information. Why not register a version of your secret, and then just prove that you still know it. For this, we turn to Fiat-Shamir method. One way of implementing it is in discrete logarithms [here], but we can use something even more powerful … elliptic curve cryptography. First Bob and Alice agree on two points on their selected elliptic curve (G and H). Next Bob, takes his secret and hashes it to produce a secret value (x). He then computes xG and xH (which is the points G and H added x times), and sends these to Alice. Alice then registers them: