Documentation - Zk-ShieldNet

Introduction

Welcome to the Zk-ShieldNet documentation. This guide provides everything you need to install, configure, and integrate the Zk-ShieldNet platform into your security operations.

Our platform is built on the principle of privacy-preserving collaboration. The key components you'll interact with are the Edge Sensor, which you deploy in your environment, and our API, which allows you to programmatically access verified intelligence from the network.

Installation

The Zk-ShieldNet Edge Sensor is distributed as a lightweight, self-contained binary built in Rust for performance and security. It can be deployed as a standalone service, a Docker container, or a Kubernetes daemonset.

System Requirements

Linux x86-64 (Kernel 4.14+)
2 CPU Cores
4 GB RAM
Outbound HTTPS (port 443) access to api.zkshield.net

Installation Steps

1. Download the latest release from your customer portal.

wget https://[customer-portal].zkshield.net/releases/v1.2.3/edge-sensor-v1.2.3.tar.gz

2. Unpack the archive and navigate to the directory.

tar -xvf edge-sensor-v1.2.3.tar.gz
cd edge-sensor-v1.2.3

3. Configure your sensor by editing the config.toml file with your unique API key.

# config.toml
api_key = "YOUR_API_KEY_HERE"
log_level = "info"

4. Run the sensor as a service.

sudo ./install.sh
sudo systemctl start zk-sensor

Core Concept: Edge Sensor

The Edge Sensor is the component that lives within your infrastructure. Its sole purpose is to monitor event streams (e.g., syslog, cloud audit logs, EDR logs) for patterns that match security assertions. It is designed to be completely transparent and auditable.

The sensor is open-source, allowing your team to inspect its code and behavior to verify that no sensitive data ever leaves your environment. It communicates with the Zk-ShieldNet network exclusively through the ZK-Encoder.

Core Concept: ZK-Encoder

The ZK-Encoder is the cryptographic heart of the Edge Sensor. When the sensor detects a pattern matching a security assertion, it passes the relevant event data to the ZK-Encoder.

The encoder runs this data through a purpose-built ZK-SNARK circuit. The output is a tiny (~1kB) cryptographic proof. This proof mathematically demonstrates that the event occurred without revealing any details about the event itself. This proof is what gets sent to the network for aggregation and model training.

Core Concept: Threat Graph

The Decentralized Threat Graph is a permissioned ledger that stores validated Indicators of Compromise (IOCs), model hashes, and contributor reputation scores. When a sufficient number of participants submit proofs related to the same novel threat, the corresponding IOC is validated and added to the graph.

This creates a tamper-proof, auditable, and high-fidelity source of threat intelligence that is updated in real-time and shared across the entire network.

API: Authentication

All API requests must be authenticated using a bearer token. You can generate and manage your API keys from your customer portal.

Include your API key in the Authorization header of your requests.

Authorization: Bearer YOUR_API_KEY_HERE

API: Endpoints

Our REST API provides access to the real-time, verified intelligence from the Threat Graph.

Get Latest IOCs

GET /v1/iocs/latest

Returns a list of the most recent IOCs validated by the network.

// Example Response
{
  "iocs": [
    {
      "type": "domain",
      "value": "malicious-domain-123.com",
      "first_seen": "2025-07-17T17:10:00Z",
      "confidence": "high",
      "source_proofs": 35
    },
    {
      "type": "sha256",
      "value": "e3b0c44298fc1c149afbf4c8...",
      "first_seen": "2025-07-17T17:05:00Z",
      "confidence": "high",
      "source_proofs": 52
    }
  ]
}