zkLogin is a novel blockchain authentication method that allows users to authenticate transactions using existing OpenID Connect credentials, eliminating the need for new secrets. It leverages zero-knowledge proofs (ZKP) to ensure privacy, hiding the link between a user's off-chain and on-chain identities. The system uses a signature scheme that enables users to sign transactions with their existing OpenID accounts, improving user experience by avoiding the need to remember new secrets. zkLogin is implemented on the Sui blockchain and has been adopted by various industries, including gaming, DeFi, and NFTs. It provides strong security and privacy guarantees by relying on existing authentication mechanisms and avoiding additional trusted parties. The system uses a tagged witness signature to prove the validity of a JWT and the presence of an ephemeral public key in the nonce. This allows for the reuse of a single ZKP across multiple transactions and offloads ZKP generation to a secure server. zkLogin also enables the creation of content credentials, allowing users to sign digital content with their existing identities. The system addresses challenges such as key rotation, ephemeral key expiration, and privacy concerns by embedding time and other policy information into the nonce. It also supports unlinkability, discoverability, and partial reveal of user identities. The system is secure against chosen tag and message attacks and ensures that signatures cannot be forged without the corresponding witness. zkLogin's implementation uses Groth16 as the proving system and is optimized for efficient verification. The system is designed to be user-friendly, leveraging existing authentication systems to provide a seamless experience for blockchain users.zkLogin is a novel blockchain authentication method that allows users to authenticate transactions using existing OpenID Connect credentials, eliminating the need for new secrets. It leverages zero-knowledge proofs (ZKP) to ensure privacy, hiding the link between a user's off-chain and on-chain identities. The system uses a signature scheme that enables users to sign transactions with their existing OpenID accounts, improving user experience by avoiding the need to remember new secrets. zkLogin is implemented on the Sui blockchain and has been adopted by various industries, including gaming, DeFi, and NFTs. It provides strong security and privacy guarantees by relying on existing authentication mechanisms and avoiding additional trusted parties. The system uses a tagged witness signature to prove the validity of a JWT and the presence of an ephemeral public key in the nonce. This allows for the reuse of a single ZKP across multiple transactions and offloads ZKP generation to a secure server. zkLogin also enables the creation of content credentials, allowing users to sign digital content with their existing identities. The system addresses challenges such as key rotation, ephemeral key expiration, and privacy concerns by embedding time and other policy information into the nonce. It also supports unlinkability, discoverability, and partial reveal of user identities. The system is secure against chosen tag and message attacks and ensures that signatures cannot be forged without the corresponding witness. zkLogin's implementation uses Groth16 as the proving system and is optimized for efficient verification. The system is designed to be user-friendly, leveraging existing authentication systems to provide a seamless experience for blockchain users.