VOOZH about

URL: https://www.nuget.org/packages/ZkpSharp/

⇱ NuGet Gallery | ZkpSharp 2.2.0



ZkpSharp 2.2.0

Suggested Alternatives

Sagynbaev.Tessera

Additional Details

Renamed to Sagynbaev.Tessera

dotnet add package ZkpSharp --version 2.2.0
 
 
NuGet\Install-Package ZkpSharp -Version 2.2.0
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package. 
<PackageReference Include="ZkpSharp" Version="2.2.0" />
For projects that support PackageReference, copy this XML node into the project file to reference the package. 
<PackageVersion Include="ZkpSharp" Version="2.2.0" />
 


 Directory.Packages.props
 

 

 
<PackageReference Include="ZkpSharp" />
 


 Project file
For projects that support Central Package Management (CPM), copy this XML node into the solution Directory.Packages.props file to version the package. 
paket add ZkpSharp --version 2.2.0
The NuGet Team does not provide support for this client. Please contact its maintainers for support. 
#r "nuget: ZkpSharp, 2.2.0"
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package. 
#:package ZkpSharp@2.2.0
#:package directive can be used in C# file-based apps starting in .NET 10 preview 4. Copy this into a .cs file before any lines of code to reference the package. 
#addin nuget:?package=ZkpSharp&version=2.2.0
 


 Install as a Cake Addin
 

 

 
#tool nuget:?package=ZkpSharp&version=2.2.0
 


 Install as a Cake Tool
The NuGet Team does not provide support for this client. Please contact its maintainers for support.

ZkpSharp

A .NET library for Zero-Knowledge Proofs with Stellar Soroban blockchain integration. Prove facts about private data (age, balance, membership, range, time conditions) without revealing the data itself.

👁 NuGet
👁 NuGet Downloads
👁 Build
👁 .NET

Features

Privacy proofs (HMAC-based commitment schemes) -- fast, lightweight:

  • Proof of Age, Balance, Membership, Range, Time Condition
  • HMAC-SHA256 with cryptographic salt

True zero-knowledge proofs (Bulletproofs on secp256k1) -- mathematically sound:

  • Real Pedersen commitments: C = v*G + r*H on the secp256k1 curve
  • Inner product argument for O(log n) proof size (~690 bytes for 64-bit range)
  • Fiat-Shamir transcript for non-interactive proofs
  • Implemented from scratch in pure C# -- zero external crypto dependencies

Privacy SDK -- ready-to-use solutions for real-world scenarios:

  • Confidential transfers (hide amounts, prove solvency)
  • Sealed-bid auctions (commit-reveal with range proof)
  • Private voting (anonymous ballots with verifiable tally)
  • Credential verification (prove income, credit score, age meets threshold without revealing value)

Stellar blockchain integration:

  • Soroban smart contract: full HMAC verification on-chain, structural validation for Bulletproofs
  • SorobanTransactionBuilder for XDR construction
  • StellarBlockchain high-level API for both HMAC and ZK on-chain flows

Installation

dotnet add package ZkpSharp

Quick start

using ZkpSharp.Core;
using ZkpSharp.Security;

var proofProvider = new ProofProvider("your-base64-encoded-32-byte-key");
var zkp = new Zkp(proofProvider);

// Prove age >= 18 without revealing birthdate
var (proof, salt) = zkp.ProveAge(new DateTime(1995, 3, 15));
bool valid = zkp.VerifyAge(proof, new DateTime(1995, 3, 15), salt);

// Prove sufficient balance without revealing actual amount
var (bProof, bSalt) = zkp.ProveBalance(1000.0, 500.0);
bool bValid = zkp.VerifyBalance(bProof, 500.0, bSalt, 1000.0);

For Bulletproofs (true ZKP):

using ZkpSharp.Security;

var zkProvider = new BulletproofsProvider();
var (proof, commitment) = zkProvider.ProveRange(value: 42, min: 0, max: 100);
bool valid = zkProvider.VerifyRange(proof, commitment, min: 0, max: 100);

For Privacy SDK (real-world scenarios):

using ZkpSharp.Privacy;

// Confidential transfer -- amount hidden, proven valid
var ct = new ConfidentialTransfer();
var transfer = ct.CreateTransfer(senderBalance: 10000, transferAmount: 2500);
bool valid = ct.VerifyTransfer(transfer);

// Sealed-bid auction
var auction = new SealedBidAuction(minBid: 100, maxBid: 50000);
var (bid, secret) = auction.PlaceBid(7500);
bool bidValid = auction.VerifyBid(bid);
long? revealed = auction.RevealBid(bid, secret); // 7500

See for a complete walkthrough including Stellar integration.

API

Zkp -- HMAC-based privacy proofs

Method Description
ProveAge(DateTime dateOfBirth) Prove age >= 18 (configurable)
VerifyAge(string proof, DateTime dateOfBirth, string salt) Verify age proof
ProveBalance(double balance, double requestedAmount) Prove balance >= requested
VerifyBalance(string proof, double requestedAmount, string salt, double balance) Verify balance proof
ProveMembership(string value, string[] validValues) Prove value is in set
VerifyMembership(string proof, string value, string salt, string[] validValues) Verify membership proof
ProveRange(double value, double minValue, double maxValue) Prove value is in range
VerifyRange(string proof, double minValue, double maxValue, double value, string salt) Verify range proof
ProveTimeCondition(DateTime eventDate, DateTime conditionDate) Prove event after date
VerifyTimeCondition(string proof, DateTime eventDate, DateTime conditionDate, string salt) Verify time proof

All Prove* methods return (string Proof, string Salt). Salts are generated automatically and must be stored alongside proofs.

BulletproofsProvider -- True zero-knowledge proofs

Method Description
ProveRange(long value, long min, long max) ZK range proof
VerifyRange(byte[] proof, byte[] commitment, long min, long max) Verify ZK range proof
ProveAge(DateTime birthDate, int minAge) ZK age proof
VerifyAge(byte[] proof, byte[] commitment, int minAge) Verify ZK age proof
ProveBalance(long balance, long requiredAmount) ZK balance proof
VerifyBalance(byte[] proof, byte[] commitment, long requiredAmount) Verify ZK balance proof
SerializeProof(byte[] proof, byte[] commitment) Serialize for storage
DeserializeProof(string serialized) Deserialize proof

Prove* methods return (byte[] proof, byte[] commitment).

Privacy SDK -- Ready-to-use privacy primitives

Class Method Description
ConfidentialTransfer CreateTransfer(balance, amount) Hide transfer amount, prove solvency
ConfidentialTransfer VerifyTransfer(bundle) Verify without knowing the amount
SealedBidAuction PlaceBid(amount) Commit to hidden bid with range proof
SealedBidAuction VerifyBid(bid) Verify bid is in valid range
SealedBidAuction RevealBid(bid, opening) Reveal and verify bid after auction
SealedBidAuction DetermineWinner(bids, openings) Pick highest valid bid
PrivateVoting CastVote(voteYes) Commit to binary vote (0 or 1)
PrivateVoting VerifyBallot(ballot) Verify vote is valid without seeing it
PrivateVoting Tally(ballots, secrets) Count votes from verified openings
CredentialProof ProveMinimum(value, threshold, label) Prove attribute >= threshold
CredentialProof ProveRange(value, min, max, label) Prove attribute in range
CredentialProof Verify(credential) Verify credential proof

StellarBlockchain -- On-chain verification

Simulation uses Soroban RPC simulateTransaction. Methods without WithSourceAccount require environment variable ZKP_SOURCE_ACCOUNT (funded G... on the same network). Alternatively use VerifyProofWithSourceAccount, VerifyBalanceProofWithSourceAccount, or VerifyZk*WithSourceAccount.

Method Description
VerifyProof(contractId, proof, salt, value) HMAC proof (uses ZKP_SOURCE_ACCOUNT or use VerifyProofWithSourceAccount)
VerifyBalanceProof(contractId, proof, balance, required, salt) HMAC balance proof (same)
VerifyZkRangeProof / VerifyZkAgeProof / VerifyZkBalanceProof ZK on-chain structural check (same)
VerifyProofWithTransactionXdrAsync(xdr) Verify using pre-built XDR
GetAccountBalance(accountId) Get XLM balance for an account 
Environment.SetEnvironmentVariable("ZKP_SOURCE_ACCOUNT", sourceAccountId);

var blockchain = new StellarBlockchain(
 serverUrl: "https://horizon-testnet.stellar.org",
 sorobanRpcUrl: "https://soroban-testnet.stellar.org",
 hmacKey: hmacKey
);

// HMAC proof on-chain verification
bool result = await blockchain.VerifyBalanceProof(contractId, proof, balance, required, salt);

// Bulletproofs ZK on-chain verification
var zkp = new BulletproofsProvider();
var (zkProof, commitment) = zkp.ProveRange(42, 0, 100);
bool zkResult = await blockchain.VerifyZkRangeProof(contractId, zkProof, commitment, 0, 100);

// ZK age verification on-chain
var (ageProof, ageCmt) = zkp.ProveAge(new DateTime(1990, 5, 15), minAge: 18);
bool ageResult = await blockchain.VerifyZkAgeProof(contractId, ageProof, ageCmt, 18);

// ZK balance verification on-chain
var (balProof, balCmt) = zkp.ProveBalance(10000, 5000);
bool balResult = await blockchain.VerifyZkBalanceProof(contractId, balProof, balCmt, 5000);

SorobanTransactionBuilder -- Manual transaction construction

var builder = new SorobanTransactionBuilder(Network.Test());

// HMAC proof verification
string xdr = builder.BuildVerifyProofTransaction(contractId, proof, data, salt, hmacKey);

// ZK proof verification
string zkXdr = builder.BuildVerifyZkRangeProofTransaction(contractId, proof, commitment, min, max);
string ageXdr = builder.BuildVerifyZkAgeProofTransaction(contractId, proof, commitment, minAge);
string balXdr = builder.BuildVerifyZkBalanceProofTransaction(contractId, proof, commitment, required);

Soroban contract

The Rust smart contract (contracts/stellar/contracts/proof-balance/) exposes the following functions:

Function Description
verify_proof HMAC-SHA256 proof verification
verify_balance_proof Balance proof with numeric comparison
verify_batch Batch verification of multiple proofs
verify_zk_range_proof Bulletproofs structural validation (full EC verification off-chain)
verify_zk_age_proof ZK age proof structural validation
verify_zk_balance_proof ZK balance proof structural validation

See for contract details and for deployment instructions.

Architecture

Application
 |
 +-- Privacy SDK (ready-to-use solutions)
 | +-- ConfidentialTransfer (hidden amounts + solvency proofs)
 | +-- SealedBidAuction (commit-reveal with range proofs)
 | +-- PrivateVoting (anonymous ballots + verifiable tally)
 | +-- CredentialProof (threshold / range proofs for any attribute)
 |
 +-- Zkp (HMAC-SHA256 commitment proofs)
 +-- BulletproofsProvider (real ZKP)
 | +-- RangeProof (Bulletproofs prover/verifier)
 | +-- PedersenCommitment (v*G + r*H on secp256k1)
 | +-- InnerProductProof (recursive halving)
 | +-- Transcript (Fiat-Shamir heuristic)
 | +-- Point / Scalar / FieldElement (secp256k1 math)
 |
 +-- StellarBlockchain
 +-- SorobanTransactionBuilder --> XDR
 +-- SorobanRpcClient --> Soroban RPC --> ZkpVerifier Contract

Cryptography

The Bulletproofs implementation is built from scratch in pure C#:

  • Elliptic curve: secp256k1 (same curve as Bitcoin) with Jacobian coordinate arithmetic
  • Commitment scheme: Pedersen commitments C = v*G + r*H where G is the standard generator and H is derived via hash-to-curve
  • Range proof: Bulletproofs protocol with logarithmic proof size (O(log n) inner product argument)
  • Non-interactive: Fiat-Shamir heuristic via SHA-256 transcript
  • No unsafe dependencies: All field/scalar/point operations implemented in managed C# using System.Numerics.BigInteger

Security

  • Key management: Use environment variables for development. Use Azure Key Vault, AWS Secrets Manager, or HashiCorp Vault in production.
  • Salts: Never reuse. ZkpSharp generates cryptographically secure random salts automatically.
  • Bulletproofs blinding: Each proof uses a fresh random blinding factor r, making commitments computationally hiding.
  • Contract verification: Always verify deployed contract code matches source.
  • On-chain limitations: Full Bulletproofs verification (secp256k1 EC math) runs off-chain via BulletproofsProvider.VerifyRange(). The Soroban contract performs structural validation only (point prefix checks, IPA length) and emits a transcript binding hash for off-chain auditing. HMAC proofs are fully verified on-chain.

Documentation

Document Description
Step-by-step setup and usage guide
Soroban contract deployment
Capabilities and limitations
Feature status and migration guide
Version history

FAQ

Why aren't Bulletproofs fully verified on-chain?

Soroban provides native support for BLS12-381 curve operations, but the Bulletproofs protocol is defined over secp256k1. Implementing full secp256k1 point arithmetic inside a Soroban contract would exceed compute budgets and add significant complexity with no upstream support. Our contract performs structural validation (compressed point format, IPA length, range bounds) and emits a transcript binding hash as an on-chain anchor. Full cryptographic verification runs off-chain via BulletproofsProvider.VerifyRange(). This is a platform limitation, not a design shortcut.

Why implement Bulletproofs from scratch instead of using an existing library?

The .NET ecosystem has no mature, maintained Bulletproofs library. Existing options are either abandoned, incomplete, or rely on unsafe native interop. We implemented the protocol from first principles using standard, well-documented primitives: secp256k1 curve parameters (same as Bitcoin), SHA-256 for Fiat-Shamir, and System.Numerics.BigInteger for field arithmetic. The implementation is covered by 44 cryptographic tests including soundness checks (tampered proofs, out-of-range values, serialization round-trips).

Why Bulletproofs and not Groth16 / zkSNARKs?

Bulletproofs are ideal for range proofs: they require no trusted setup ceremony, produce compact proofs (~690 bytes for a 64-bit range), and rely on standard discrete-log assumptions. zkSNARKs (Groth16) require a per-circuit trusted setup and are better suited for general-purpose computation proofs. Groth16 support is on the roadmap for future releases.

Is this production-ready?

The cryptographic core is functionally complete and covered by tests, but it has not undergone an independent security audit. For testnet deployments, PoCs, and non-financial applications, the library is ready to use. For production systems handling real value, we recommend a third-party cryptographic audit before deployment. The HMAC-based proof system (which does not involve custom cryptography) is suitable for production use as-is.

How does this compare to HMAC-based proofs?

HMAC proofs Bulletproofs
Zero-knowledge No (commitment scheme) Yes (mathematically proven)
Verifier learns Nothing if key is secret Nothing about the secret value
Security basis HMAC key secrecy Discrete logarithm hardness
Proof size 32 bytes ~690 bytes
Speed < 1 ms ~200-500 ms (prove), ~50 ms (verify)
On-chain verification Full (HMAC recomputation) Structural only (full EC off-chain)
Best for Fast checks, internal systems Regulatory compliance, trustless scenarios

Publishing to NuGet (maintainers)

  1. Commit and tag the release (e.g. v2.2.0), ensure PackageVersion in ZkpSharp/ZkpSharp.csproj matches.
  2. Build and pack: dotnet pack ZkpSharp/ZkpSharp.csproj -c Release
  3. Create an API key on nuget.org with scope Push for package ZkpSharp.
  4. Push (replace YOUR_API_KEY):
dotnet nuget push ZkpSharp/bin/Release/ZkpSharp.*.nupkg --api-key YOUR_API_KEY --source https://api.nuget.org/v3/index.json
dotnet nuget push ZkpSharp/bin/Release/ZkpSharp.*.snupkg --api-key YOUR_API_KEY --source https://api.nuget.org/v3/index.json

The NuGet badge in this README updates after indexing (usually within minutes).

Contributing

  1. Fork the repository
  2. Create a branch (git checkout -b feature/your-feature)
  3. Run tests (dotnet test)
  4. Submit a pull request

License

MIT License. See for details.

Contact

| GitHub Issues | NuGet

Product Versions Compatible and additional computed target framework versions.
.NET net8.0 net8.0 is compatible.  net8.0-android net8.0-android was computed.  net8.0-browser net8.0-browser was computed.  net8.0-ios net8.0-ios was computed.  net8.0-maccatalyst net8.0-maccatalyst was computed.  net8.0-macos net8.0-macos was computed.  net8.0-tvos net8.0-tvos was computed.  net8.0-windows net8.0-windows was computed.  net9.0 net9.0 was computed.  net9.0-android net9.0-android was computed.  net9.0-browser net9.0-browser was computed.  net9.0-ios net9.0-ios was computed.  net9.0-maccatalyst net9.0-maccatalyst was computed.  net9.0-macos net9.0-macos was computed.  net9.0-tvos net9.0-tvos was computed.  net9.0-windows net9.0-windows was computed.  net10.0 net10.0 was computed.  net10.0-android net10.0-android was computed.  net10.0-browser net10.0-browser was computed.  net10.0-ios net10.0-ios was computed.  net10.0-maccatalyst net10.0-maccatalyst was computed.  net10.0-macos net10.0-macos was computed.  net10.0-tvos net10.0-tvos was computed.  net10.0-windows net10.0-windows was computed. 
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.

NuGet packages

This package is not used by any NuGet packages.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version Downloads Last Updated
2.2.0 166 3/29/2026 2.2.0 is deprecated because it is no longer maintained and has critical bugs.
1.4.0 120 3/3/2026
1.3.2 715 12/3/2025
1.3.1 691 12/3/2025
1.3.0 1,285 12/3/2025 1.3.0 is deprecated because it has critical bugs.
1.1.1 228 1/2/2025
1.1.0 188 1/2/2025
1.0.0 199 1/2/2025

v2.2.0: Soroban RPC simulateTransaction parsing (results[0].xdr), full TX envelopes for all Verify* paths via ZKP_SOURCE_ACCOUNT or *WithSourceAccount, ZK WithAccount builders, optional testnet smoke tests, Stellar CLI docs refresh, soroban-sdk 25.3. See CHANGELOG.md.