🔐 ZK-Auth Pattern 2

Docs →

Zero-Knowledge authentication — no password ever leaves your browser.
Argon2id runs client-side; a STARK proof is sent to the server. The pepper stays exclusively on the server — the client never computes or sees the credential commitment.

Username

Password

⚙ Argon2id parameters

Time cost (iterations, min 3)

Memory (KB, min 65536)

Hash length (bytes)

Pattern 2 security guarantees:
• Your password never leaves the browser.
• The server stores only C = Poseidon(h₁, serverPepper) — not the hash.
• The server pepper is computed exclusively server-side after STARK verification.
• A STARK proof attests that Argon2id was run with the correct parameters.
• PoW grinding (2²⁴) and 35 FRI queries target ≥ 2¹²⁸ soundness.

← Back to demo · Architecture docs

🔍 Backend & Database Insight

1. What you just sent to the server (Client ➔ Server)

Your browser computed h₁ = Argon2id(password, salt) and generated a ZK-STARK proof. The password NEVER left your browser. Only the proof and public inputs (like the MiMC hash output) were transmitted.

2. Server Verification Process

The server validated the STARK proof. Once verified, it took the mimc_output and hashed it with its private pepper to compute C = Poseidon(mimc_output, serverPepper). The proof and the initial hash (h₁) are then discarded.

3. Live Database View (What is actually stored)

Below is a live fetch of your row in the SQLite database. Notice that neither your password nor the direct hash (h₁) is stored.