Understanding zkLogin

zkLogin simplifies new user onboarding by allowing Web2 OAuth credentials such as Google Sign In

zkLogin is a revolutionary solution designed to streamline user onboarding in blockchain applications by alleviating the complexity associated with traditional wallet setups.

zkLogin operates through a series of six sequential steps, ensuring a seamless and secure authentication process for users:

  1. Generate Ephemeral Keys: Upon opening the application, ephemeral key pairs are generated for users, with an expiration period determined by the application settings.

  2. Generate a JSON Web Token (JWT): Users are prompted to authenticate via an OAuth provider, resulting in the generation of a JWT. This JWT contains essential information, including the user's public key and an expiration period.

  3. Request the User’s Unique Salt: The application retrieves a unique salt from the OAuth provider, which, in conjunction with the JWT and ephemeral key pair, is used to associate OAuth credentials with a Sui address. Various salt management options are available, catering to different builder preferences.

  4. Generate a zk Proof: Armed with the JWT, salt, and public key, the application requests a zero-knowledge (zk) proof from a zk proving service. This step rigorously verifies the integrity of the authentication request, ensuring compliance with predefined criteria.

  5. Identify User's Sui Address and Construct Transaction: The application identifies the user's Sui address based on the extracted key claim and user salt. A transaction is then constructed, incorporating the ephemeral signature, zk proof, and supplementary inputs from the JWT.

  6. Validate the Transaction: Sui validators meticulously scrutinize the transaction, verifying both the zk proof and ephemeral signature for authentication. Upon successful validation, the transaction is logged in Sui, completing the authentication process seamlessly.

Last updated