zkLogin: Privacy-Preserving Blockchain Authentication with Existing Credentials

zkLogin: Privacy-Preserving Blockchain Authentication with Existing Credentials

22 Jan 2024 | Foteini Baldimtsi, Konstantinos Kryptos Chalkias, Yan Ji, Jonas Lindström, Deepak Maram, Ben Riva, Arnab Roy, Mahdi Sedaghat, Joy Wang
zkLogin is a novel technique that leverages identity tokens issued by popular platforms (any OpenID Connect enabled platform) to authenticate transactions on blockchains. It uses a signature scheme that allows users to sign transactions using their existing OpenID accounts, improving the user experience by eliminating the need for remembering a new secret. zkLogin provides strong security and privacy guarantees by building on the underlying platform's authentication mechanisms and avoiding the use of additional trusted parties. It employs zero-knowledge proofs (ZKP) to ensure that the link between a user's off-chain and on-chain identities is hidden, even from the platform itself. zkLogin's core primitive can be viewed as an Identity-Based Signature (IBS), where the OpenID provider implicitly functions as the key distribution authority. This enables a number of critical applications, such as creating content credentials without setting up a new Public Key Infrastructure (PKI). For example, a journalist can digitally sign a news article using their email address, allowing verification of the article's authorship. The implementation of zkLogin uses Groth16 as the non-interactive zero-knowledge proof system and circom DSL for circuit specification. The main circuit operations include RSA signature verification and parsing the JWT to read relevant claims. The final circuit has around one million constraints, with SHA-2 being the most expensive at 74% of the constraints. zkLogin addresses several technical challenges, including key rotation, ephemeral key expiration, and formalization. It also introduces features like unlinkability, discoverability, partial reveal, anonymous accounts, and claimability. The system is designed to be user-friendly, leveraging existing authentication methods and minimizing the burden on users.zkLogin is a novel technique that leverages identity tokens issued by popular platforms (any OpenID Connect enabled platform) to authenticate transactions on blockchains. It uses a signature scheme that allows users to sign transactions using their existing OpenID accounts, improving the user experience by eliminating the need for remembering a new secret. zkLogin provides strong security and privacy guarantees by building on the underlying platform's authentication mechanisms and avoiding the use of additional trusted parties. It employs zero-knowledge proofs (ZKP) to ensure that the link between a user's off-chain and on-chain identities is hidden, even from the platform itself. zkLogin's core primitive can be viewed as an Identity-Based Signature (IBS), where the OpenID provider implicitly functions as the key distribution authority. This enables a number of critical applications, such as creating content credentials without setting up a new Public Key Infrastructure (PKI). For example, a journalist can digitally sign a news article using their email address, allowing verification of the article's authorship. The implementation of zkLogin uses Groth16 as the non-interactive zero-knowledge proof system and circom DSL for circuit specification. The main circuit operations include RSA signature verification and parsing the JWT to read relevant claims. The final circuit has around one million constraints, with SHA-2 being the most expensive at 74% of the constraints. zkLogin addresses several technical challenges, including key rotation, ephemeral key expiration, and formalization. It also introduces features like unlinkability, discoverability, partial reveal, anonymous accounts, and claimability. The system is designed to be user-friendly, leveraging existing authentication methods and minimizing the burden on users.
Reach us at info@study.space
Understanding zkLogin%3A Privacy-Preserving Blockchain Authentication with Existing Credentials