https://www.justthemetrics.com

Written by Sooraj | Reviewed by { thouny }

With millions of users already onboarded, zkLogin has quickly become the blockchain industry's leading zk-based application.

At its core, zkLogin solves one of the biggest hurdles preventing 99% of the people adopting blockchain-based solutions: the complexity of wallet creation and management.

zkLogin utilizes OAuth protocols from providers like Google and Facebook, making the login process as straightforward as accessing your favorite social media account.

But how does zkLogin manage to give a Web2-like UX for blockchain interactions without compromising privacy and security?

What aspects make this technology so powerful, and why is it going to revolutionize the way we interact with blockchain-based applications?

This newsletter edition explains all of that, so let’s dive in!

The Biggest Pain Point Blocking Mass Adoption

Let's talk about why blockchain hasn't taken off with everyday users yet. 

It's not just about the technology being complex - it's about the whole experience feeling alien to most people.

Think about how we typically use apps and websites: We log in with our email, maybe our Google or Facebook account, and we're in. 

It's simple, familiar, and feels safe.

Now, contrast that with setting up a blockchain wallet. Suddenly, you're faced with a string of random words - your seed phrase - that you're told to write down and never lose. It's like being handed the keys to a high-security vault when all you wanted was to try out a new app.

That's a lot of pressure for someone just dipping their toes into blockchain waters.

This level of responsibility is daunting for many users. The need to securely store these phrases, often recommended to be written down and kept in a physical safe, is a far cry from the password reset buttons users are accustomed to in Web2 applications.

Secondly, the very nature of these phrases is counterintuitive to human memory. Words like "mosquito" or "umbrella" might seem simple, but when combined in a random order, they become a cognitive challenge. For non-native English speakers, this problem is compounded, creating an additional barrier to entry.

This is one of the main reasons why, after 15 years, we are still struggling with the immense complexity presented in the very first interactions with these systems.

This is where the need for a familiar authentication method comes in. 

If we could use the same login processes we're familiar with - like signing in with Google or Apple - to interact with blockchain applications, we'd remove a massive barrier to entry. 

It would make blockchain feel less like a leap into the unknown and more like a natural extension of our existing digital experiences.

The challenge is finding a way to bridge these two worlds without compromising the core principles of blockchain technology.

A solution that maintains the security and decentralization of blockchain while wrapping it in an interface that feels as natural as logging into your email. 

That's the puzzle Mystenlabs has solved with ZkLogin - making blockchain accessible without centralizing control or compromising your privacy and security as a user.

Bridging Web2 and Web3 Authentication

ZkLogin's primary objective is to eliminate the need for users to manage complex cryptographic keys or remember seed phrases.

Its key innovation lies in combining zero-knowledge proofs (ZKPs) with familiar OAuth protocols from Google, Facebook, and Apple, providing billions of internet users an accessible entry point into the blockchain space.

This integration serves three main purposes:

• Maintaining on-chain pseudo-anonymity.

• Enabling secure blockchain interactions without exposing sensitive user data, and 

• Offering a familiar user experience akin to Web2 systems.

At its core, ZkLogin leverages the well-established OpenID and OAuth 2.0 protocols to create a seamless authentication mechanism for blockchain-based applications.

What Are OpenID and OAuth 2.0?

OpenID is an open standard for decentralized authentication, allowing users to be authenticated by cooperating sites using trusted third-party services. This protocol builds upon the OAuth 2.0 framework, which is primarily designed for authorization and enables third-party applications to obtain limited access to HTTP services.

OAuth uses access tokens, which are temporary and specific to the permissions granted, allowing users to grant third-party applications access to their resources without exposing user credentials or passwords.

How A typical OAuth flow looks like

1. Authorization Request: The client initiates the flow by directing the user's browser to Google's authorization server. 

2. Authorization Grant: The user sees Google's consent screen, where they can choose to grant or deny access to the requested scopes. If the user approves, Google's authorization server redirects back to your application's specified redirect URI with an authorization code.

3. Token Request: Your application exchanges the authorization code for access and refresh tokens. Google responds with an access token, and optionally, a refresh token.

4. Token Use: Your application can now use the access token to make authenticated requests to Google APIs on behalf of the user.

OAuth 2.0 is the current version of the protocol, with OpenID Connect being a subset of OAuth 2.0 specifically designed for authentication.

When a user logs in using OAuth (e.g., "Sign in with Google"), the identity provider (like Google) issues a JSON Web Token (JWT) containing claims about the user's identity. 

This JWT then becomes essential for the user to prove ownership of a blockchain address.

Surprisingly, the answer is a resounding NO.

zkLogin utilizes clever data isolation techniques to create an impenetrable barrier between your Web2 identity and your Web3 wallet.

So let’s have a look at how that works👇

Achieving Web2-like UX Without Sacrificing User Privacy & Security

Here is the high-level flow of zkLogin-enabled transactions:

Now, Let's Dive into the Details of How zkLogin Works

When a user initiates a login request via an OpenID provider, the wallet generates a new, random ephemeral key pair. This temporary cryptographic key pair consists of a public key and a private key.

At the same time, the OpenID provider generates a JSON Web Token (JWT), a secure, encoded token that encapsulates information about the user and the authentication event.

The JWT consists of three parts: a header, a payload, and a signature.

JWT Structure

• Header: Typically includes the type of token (JWT) and the signing algorithm being used.

• Payload: Contains critical fields such as 'sub' (subject), 'iss' (issuer), 'aud' (audience), and 'nonce', which include claims about the user and additional metadata.

• Signature: Verifies that the sender of the JWT is who it says it is and to ensure that the message wasn't changed along the way.

Embedding Ephemeral Keys in JWT 

The ephemeral public key is then injected into the JWT's nonce field.

The nonce, originally intended to prevent replay attacks by ensuring that each JWT is unique, now also serves as a container for the ephemeral public key. The wallet will later use the ephemeral private key to sign transactions. This is similar to how traditional wallets sign transactions with their private keys.

The ephemeral key pair is generated for a single session and a maximum number of epochs (~days) or transaction and are discarded afterward.

The ephemeral private key, being session-specific, ensures that each transaction is securely tied to a specific login session.

Once the ephemeral public key is embedded in the JWT, the OpenID provider signs the JWT. This signature acts as a digital certificate, linking the user's web2 credentials with the ephemeral key pair.

The signed JWT is then returned to the user's wallet.

Deriving Unique Blockchain Addresses from Web2 Credentials

The returned JWT is then decoded and used together with a salt to create a persistent address. 

The salt is a unique 16-byte value or an integer smaller than 2^128 associated with each user.

The salt is combined with the OAuth subject identifier (sub), issuer (iss), and audience (aud) to generate the zkLogin Sui address. When a user logs out and later logs back in, the system uses the same salt value to derive the blockchain address, ensuring that the user's address remains consistent across sessions.

This process also guarantees that the user's zkLogin Sui address is unique and securely linked to their authenticated session, effectively serving as a form of two-factor authentication (2FA).

The user salt also provides a way to disconnect the OAuth identifier from the on-chain Sui address. This prevents attackers from easily linking Web2 credentials to Web3 credentials.

Zero-Knowledge Proof: The Core of zkLogin

The heart of zkLogin's innovation lies in its ZKP circuit.

After receiving the signed JWT, the user's wallet generates a ZKP in the form of a SNARK. The resulting ZKP is a compact cryptographic proof that can be efficiently verified by blockchain validators.

This ZKP includes the verification of the signature from the OpenID provider. This ensures that the JWT was indeed signed by the legitimate provider and has not been tampered with.

The ZKP is also an attestation (proof) over the ephemeral key pair that proves the ephemeral key pair is valid. This ensures that the ephemeral key pair is unique to the current session and has not been reused.

The zkLogin system also employs optimizations to reduce the computational complexity of the whole process. 

These optimizations keep the circuit as small as possible, aiming to maintain around one million constraints. With optimized provers, this allows for proof generation in approximately 1.5 seconds, which is comparable to the processing time of traditional credit card transactions.

Transaction Signing and Verification

When submitting a transaction, the user wallet signs it with the ephemeral private key corresponding to the public key in the JWT. They also include the ZKP. 

Validators of the blockchain verify the authenticity of the ZKP by checking the RSA signature within the ZKP and ensuring that the ephemeral public key matches the one embedded in the JWT.

This system allows for a stateless verification process. Validators don't need to maintain any long-term information about users beyond their on-chain addresses. Each transaction stands alone, provably linked to an OpenID authentication event without revealing the details of that event.

But this is only the start. 

It can also be leveraged by more experienced crypto-native users, who can use zkLogin as a multisig and 2FA system too.

Leveraging zkLogin as Multisig and 2FA

By allowing users to combine multiple authentication methods, users can now pair their Google or Facebook login with traditional mnemonic phrases, effectively creating a two-factor authentication (2FA) system for blockchain access.

As the technology evolves, we're seeing the integration of biometrics and the potential for combining multiple OAuth providers.

This level of customization allows users to tailor their security setup to their specific needs and risk tolerance.

The system's flexibility doesn't stop there. 

Users can also have discoverable addresses based on their email or username, similar to popular payment apps. Transactions can be sent to users who don't yet have an account, to be claimed later.

Why Blockchain Gaming Stands to Benefit Most from zkLogin

Traditional blockchain games have often struggled with onboarding new players due to the complexity of wallet creation and management. zkLogin removes this barrier, allowing players to jump into blockchain games using familiar login methods.

This ease of access is particularly crucial for competitive gaming scenarios where every second counts. 

With zkLogin's integration into a fast blockchain, game developers can create experiences that compete with traditional online games in terms of responsiveness and user experience. 

Furthermore, zkLogin's approach to identity management opens up new possibilities for cross-game asset ownership and player reputation systems, all while maintaining user privacy through zero-knowledge proofs.

Because of all these reasons, blockchain platforms like Aptos are implementing features inspired by zkLogin, enabling users to sign in with their Google accounts.

This is Why you Need a Fast Blockchain for zkLogin

The effectiveness of zkLogin is intrinsically tied to the speed and efficiency of the underlying blockchain. That’s why Sui is a perfect blockchain to implement this system.

Unlike traditional aggregated zero-knowledge proof systems that batch thousands of transactions, zkLogin requires a separate zero-knowledge proof for each account interaction. This approach demands a blockchain capable of handling high transaction volumes with minimal latency.

A fast blockchain is essential for zkLogin to deliver a seamless user experience comparable to Web2 applications. When users authenticate through zkLogin, they expect near-instantaneous responses.

Any significant delay would create friction in the user experience, potentially deterring adoption. Moreover, as zkLogin aims to support a wide range of applications, from DeFi to gaming, the underlying blockchain must be capable of handling diverse transaction types and volumes without compromising on speed or security.

Mitigating the Risk of OAuth Service Provider Dependency with zkLogin

The main risk with zkLogin is the potential for a single point of failure if the authentication provider, such as Google, shuts down or experiences issues. 

The multisig capabilities mentioned earlier play a crucial role here to mitigate this risk. 

Firstly, allowing users to combine multiple authentication methods, such as mnemonics, Google or Facebook credentials, ensures that users have alternative ways to access their accounts even if one method fails. This multi-sig approach provides a robust backup system.

Secondly, it's essential to cater to different user profiles and their varying needs for convenience and security. For users with significant on-chain assets, traditional mnemonic-based wallets may remain the preferred choice due to their familiarity and proven security.

The core aim of zkLogin is to serve as an accessible entry point, hiding the complexities of the underlying technology and providing a user-friendly experience similar to logging into everyday applications.

The Next Frontier of zkLogin: Beyond Simple Onboarding

As of now, zkLogin is the most used zk-based application in the entire blockchain space, acting as a gateway that has already onboarded millions of users into the blockchain space.

As zkLogin continues to gain traction, its evolution is likely to focus on several key areas.

First, we can expect to see an expansion of supported OAuth providers, moving beyond Google and Facebook to include a wider array of identity verification services. This expansion will provide users with more options and reduce reliance on any single provider.

Another area of development is likely to be the integration of more advanced biometric authentication methods. As smartphones and other devices continue to improve their biometric capabilities, zkLogin could leverage these advancements to offer even more secure and convenient authentication options.

One exciting possibility is the ability to send money to someone without them needing an account.

Similar to services like Venmo and Revolut, users could send funds to an email address, and the recipient would only need to log in with their Google account using a provided salt to claim the money. This opens up opportunities for sending money to people unfamiliar with blockchain technology.

Additionally, zkLogin could enable payments to domains, allowing domain owners to prove ownership without revealing sensitive information. 

The protocol may also facilitate sending money to phone numbers or other identifiers in the future. 

Zero-knowledge proofs could enable airdrops to specific audiences based on partial information, such as a Brazilian or British domain name, without revealing full email addresses on-chain. This enhances both claimability and discoverability for targeted airdrops

zkLogin is without a doubt a great success already, and it’s s evolution will likely see it becoming a cornerstone protocol for secure, private, and user-friendly blockchain interactions. 

It’s a solution that empowers developers to create innovative solutions on the blockchain and helps users seamlessly engage with decentralized applications, unlocking the full potential of Web3 technologies while maintaining the familiarity and convenience of traditional authentication methods.

DISCLAIMER: None of this is financial advice. This newsletter is strictly educational and is not investment advice or a solicitation to buy or sell assets or make financial decisions. Please be careful and do your own research.