Understanding zkLogin

zkLogin simplifies new user onboarding by allowing Web2 OAuth credentials such as Google Sign In
zkLogin is a revolutionary solution designed to streamline user onboarding in blockchain applications by alleviating the complexity associated with traditional wallet setups.
zkLogin in DegenHive

zkLogin operates through a series of six sequential steps, ensuring a seamless and secure authentication process for users:
  1. 1.
    Generate Ephemeral Keys: Upon opening the application, ephemeral key pairs are generated for users, with an expiration period determined by the application settings.
  2. 2.
    Generate a JSON Web Token (JWT): Users are prompted to authenticate via an OAuth provider, resulting in the generation of a JWT. This JWT contains essential information, including the user's public key and an expiration period.
  3. 3.
    Request the User’s Unique Salt: The application retrieves a unique salt from the OAuth provider, which, in conjunction with the JWT and ephemeral key pair, is used to associate OAuth credentials with a Sui address. Various salt management options are available, catering to different builder preferences.
  4. 4.
    Generate a zk Proof: Armed with the JWT, salt, and public key, the application requests a zero-knowledge (zk) proof from a zk proving service. This step rigorously verifies the integrity of the authentication request, ensuring compliance with predefined criteria.
  5. 5.
    Identify User's Sui Address and Construct Transaction: The application identifies the user's Sui address based on the extracted key claim and user salt. A transaction is then constructed, incorporating the ephemeral signature, zk proof, and supplementary inputs from the JWT.
  6. 6.
    Validate the Transaction: Sui validators meticulously scrutinize the transaction, verifying both the zk proof and ephemeral signature for authentication. Upon successful validation, the transaction is logged in Sui, completing the authentication process seamlessly.