[throw2500]

The page seems a bit too heavily weighted towards SNARKs in particular and cryptocurrency applications in general. There's no mention of ZKPPs, for instance.

Not all crypto is "crypto".

[tylersmith]

You are right that ZKPPs are a type of ZKP. Wikipedia appears to disagree with us, but I maintain we're right for any reasonable definition of ZKP.

That said, this page is implicitly focused on ZK computational proofs for general computations. It's also fairly out of date at this point.

[rocqua]

I would guess they are even Zero Knowledge Proofs of Knowledge. With the witness being the actual password.

On second thought, whilst that might be colloquially true. It might not meet the actual definition. An extractor might be hard to build.

[Ar-Curunir]

What are "ZKPPs"?

[X6S1x6Okd1st]

Possibly Zero Knowledge Password Proof?

[someguyorother]

That sounds right.

A zero-knowledge password proof is a way for one party to prove to another the knowledge of a password, without revealing anything else about the password.

Such a protocol prevents an attacker (eavesdropper or man in the middle) from brute-forcing the password offline even if they capture the whole exchange, so insecure passwords become much less of a risk as long as the verifier rate-limits login attempts on its end.

Some of these also have the property that a malicious verifier can't fake a success unless it already knows the password, thus making password phishing pretty much pointless: the only thing a phisher can verify is whether the user uses some predetermined password, and if not, the user is immediately made aware that the site expected another password.

IIRC, the most recently developed ZKPP is OPAQUE: https://blog.cryptographyengineering.com/2018/10/19/lets-tal...