Assign dedicated IPs without linking user identity using blind signature cryptography
No component can link user identity to assigned IP address. Complete anonymity guaranteed by cryptographic protocol.
RSA-2048 blind signature protocol ensures service signs tokens without seeing their contents.
AWS Nitro Enclave simulation for secure token generation in isolated environment.
AES-256-GCM, X25519 ECDH, HMAC-SHA256 JWT tokens. Industry-standard primitives.
Reliable database with zero-knowledge schema design. No linkable data stored.
Memory-safe, high-performance implementation. Type-safe from crypto to database.
┌──────────────────────────────────────────────────────────────┐
│ Client │
│ ┌────────────┐ ┌──────────────┐ ┌─────────────┐ │
│ │ Blind Sig │ │ ECDH Keys │ │ VPN Client │ │
│ │ Protocol │ │ Generation │ │ (WireGuard) │ │
│ └────────────┘ └──────────────┘ └─────────────┘ │
└──────────────────────────────────────────────────────────────┘
│ │ │
│ │ │
▼ ▼ ▼
┌─────────────────┐ ┌─────────────────┐ ┌─────────────────┐
│ blind-token │ │ enclave-sim │ │ dip-service │
│ service │ │ │ │ │
│ Port 3001 │ │ Port 3002 │ │ Port 3003 │
└─────────────────┘ └─────────────────┘ └─────────────────┘
│ │ │
│ │ │
▼ │ ▼
┌─────────────────┐ │ ┌─────────────────┐
│ PostgreSQL │ │ │ PostgreSQL │
│ (subscriptions)│ │ │ (ip_pool) │
└─────────────────┘ │ └─────────────────┘
│
▼
┌─────────────────┐
│ vpn-server │
│ Port 51820 │
│ (WireGuard) │
└─────────────────┘
Zero-Knowledge Property: No single component sees both user identity and IP address
Core language
Web framework
Database
Blind signatures
Key exchange
Encryption
Token format
VPN protocol
Blind signature time
Full flow latency
Ops/sec throughput
Test coverage (crypto)
Get running in 5 minutes
# Clone repository
git clone https://github.com/ChronoCoders/zero-knowledge-dip.git
cd zero-knowledge-dip
# Setup database
createdb zkdip
# Build and run
cargo build --release
# Test the system
cd crates/client
cargo run --release -- test