Recently, Sui announced the launch of zkLogin , which is the easiest way to introduce users to the chain. zkLogin is a native feature of Sui that allows users to log into Web3 applications using existing Web2 authentication from the likes of Google and Twitch, eliminating the need for users to remember or record private keys.
Creating a wallet is often cited as a significant deterrent for new users in the blockchain industry, and some protocols offer third-party services to ease the user onboarding process. These solutions require trusting hardware or services outside of the protocol, and zkLogin leverages Sui’s native zero-knowledge cryptography to achieve this functionality.
For details, see: https://www.youtube.com/watch?v=CZSH9B7j-AY where Kostas Chalkias, co-founder and chief cryptographer of Mysten Labs, explains what zkLogin is and how it works.
The hard road to attracting users
Builders often miss important opportunities to attract potential users because of complicated login processes. When potential users hear about an exciting new game or app on the blockchain, it often involves a much more complicated process than they are used to in order to try it. Blockchain apps require them to connect a wallet, forcing new users to choose a wallet, install it, and then go through the unfamiliar steps of creating an account using a mnemonic phrase. Many users will give up, resulting in a large number of users being lost as soon as they get started.
App developers trying to simplify user onboarding are limited by:
(1) Develop and manage custodial wallets, increasing engineering and regulatory overhead
(2) Integrate third-party authentication solutions, introducing additional dependencies and trust in hardware or services outside the protocol.
Currently, no blockchain provides a native way to integrate Web2 authenticators for use in protocol-level applications.
Introducing zkLogin
zkLogin is a new Sui-native feature that allows users to securely create accounts and submit transactions using their Web2 authentication. Using zero-knowledge cryptography, zkLogin is built into the protocol level, meaning there are no external dependencies other than the Web2 authentication provider.
zkLogin provides end users with great convenience without sacrificing security. It uses ephemeral key pairs and zero-knowledge cryptography to connect responses from the Web2 authentication provider to a specific Sui account. When using zkLogin, the only data submitted to the chain is the zero-knowledge proof and the ephemeral signature. It does not require any user information to be submitted to the chain. Additionally, the Web2 authentication provider does not know that the user is using the blockchain, ensuring privacy.
To maintain simplicity for users, zkLogin opaquely generates a unique Sui address associated with the application that provides the zkLogin option. The user does not see this address and does not need to save it as it becomes part of the login flow through the Web2 authentication provider. Web3 users can still use their existing wallets to access zkLogin-enabled applications. At launch, zkLogin supports Google, Facebook, and Twitch as Web2 authentication providers, and subsequent versions will support more options, thereby expanding the size of the potential user base.
zkLogin allows users to log into Sui applications using third-party credentials without sacrificing security
Why use zkLogin?
- Geared towards mass adoption : Any user with a compatible Web2 authentication provider can log in using familiar account details and start interacting with the application within seconds.
- Embed blockchain capabilities into Web2 experiences : The simplicity of Web2 authentication transaction signatures creates new opportunities to make blockchain capabilities part of everyday applications.
- Enable multi-device experiences : zkLogin takes full advantage of Sui’s encryption flexibility and is an ideal place to build multi-device solutions that simultaneously leverage biometric authentication.
- Strong user privacy : No personal information is stored on the chain, and the only things submitted to the chain are zero-knowledge proofs and ephemeral signatures.
Get started with zkLogin
Sui is an L1 blockchain that makes digital asset ownership fast, secure and accessible to everyone. zkLogin is one of the Sui primitives designed to help onboard the next billion Web3 users. Today, zkLogin supports Google, Facebook, and Twitch as Web2 authentication providers, and subsequent versions will support more options, thereby expanding the size of the potential user base.
Developers can now start implementing zkLogin on the Sui development network, with it expected to be brought to mainnet in the coming weeks. The zkLogin documentation explains how to install the SDK, set up the Web2 authentication process, and manage user logins, so get started today !
Launching Ceremony
To achieve greater efficiency in zero-knowledge proof calculations, the Sui Foundation will host a ceremony to generate a Common Reference String (CRS) that any Sui application can utilize. To sample this string requires a circuit description and some confidentially generated random numbers. Trust in the process is built on two key principles:
1. The sampling process is carried out carefully
2. Confidential random numbers are reliably discarded
This involves multiple parties and leverages distributed protocols to ensure that the final setup meets the expected security and privacy guarantees, a principle that holds true even if only one of the parties adheres to the protocol.
zkLogin function
Zero-knowledge proof : Used to protect sensitive user data, zero-knowledge proof makes the blockchain believe that user information has been verified. This is achieved by using a JWT token (issued by the OAuth provider, containing user credentials) as a private witness in the circuit. This circuit internally verifies the provider's RSA signature and user information. At the same time, this provides a better app experience as users no longer need to maintain complex mnemonic phrases or passwords during the onboarding process.
Setup Ceremony : zkLogin utilizes the Groth16 zkSNARK system to take advantage of its significantly compact proof size and efficiency of the verification process. This requires a one-time computationally expensive setup operation.
The following organizations/people are invited to participate
- Experts (max 50 participants): Blockchain, cryptography and technology experts
- Validation Nodes (up to 100 participants): Entities that have participated in securing the Sui network
Contribution steps
1. Participants use the invitation code to join the queue
2. When it’s your turn, choose one of the following ways to contribute:
- Browser - user friendly
- Docker — technical
3. When contributing, the following steps must be performed on time to avoid non-compliance
- Download the latest contribution files from partner servers and verify them
- Input entropy — preferably choose discardable entropy (e.g. random cursor movement)
- Run contributed code
- Sign contributed code
- Upload contributions
4. Finally, the next participant is ready to contribute.
Finish
After final contributions, the CRS and verification scripts will be publicly available for review on the Sui Foundation website.
The Sui Foundation will conduct verification to ensure the integrity of the ceremony and others are welcome to participate.
Ultimately, the final CRS will be used to generate attestation keys and verification keys. Sui documentation will provide guidance on usage, best practices, and examples.
Frequently Asked Questions
1. How do I confirm that my contribution has been correctly included in the CRS?
Contributors will receive a hash of the last contribution they were contributing to, as well as the resulting hash of their completed contribution, displayed on the screen and emailed. After the ritual is complete, they can compare these hashes to publicly available records on the website.
2. How do I confirm that all contributors’ final contributions have been included in the CRS?
All contributions will be publicly available after the ceremony, and contributors can confirm that the public contribution hash is consistent with the hash they had during the contribution phase. After the ceremony, anyone can check that these hashes were calculated correctly and that each contribution was correctly incorporated into the final parameters.
3. What is the difference between "contribute using the browser" and "contribute using Docker"?
The browser option is more user-friendly for participants since everything happens in the browser. The Docker option requires Docker setup, but is more transparent—the Docker files and contributor source code are open source, and the entire process is verifiable. Additionally, the browser option uses snarkjs, while the Docker option uses Kobi's implementation. This provides software diversity and contributors can choose any method they trust to contribute.
4. What is the function of the activation code?
The activation code is used to verify the contributor's email with the linked server and to sign their contributions.
5. Why not open access to the ceremony to the wider community?
Attracting a wider range of community participants would be ideal, especially in terms of decentralization which would enhance trust in the ceremony. However, compared to other public ceremonies (such as Ethereum's ), which often take months, we are more pressed for time and hope that zkLogin will be available to developers soon. At the same time, by engaging Sui validator nodes, we aim to achieve a similar level of security as the network itself. At the same time, the inclusion of cryptography and technical experts provides further assurance that any issues will be detected promptly. Since these rituals are scalable, we always have the option to incorporate more contributions in the future.
6. Why can't I use existing ZK parameters, and is there a way to share the cost with others?
We are using the community's Perpetual Powers of Tau as a first stage reference, which is circuit agnostic. Our ritual is only for the phase 2 part specific to the zkLogin circuit.
7. Is this a trusted setup that should only be used by large organizations for their products?
zkLogin is a primitive of Sui, which is why the Sui Foundation is responsible for it. Our goal is to achieve widespread adoption across the globe, not just within large organizations and enterprises.
8. Will you publish names/affiliations of contributors?
Participants can choose whether they want their names and affiliations to be published. While we expect participants to publicly support participation, they can participate anonymously. If you choose to remain anonymous, the Sui Foundation will know the details of the participant but will not disclose them publicly.
About Sui Network
Sui is an L1 public chain redesigned and built based on first principles, aiming to provide creators and developers with a development platform capable of hosting the next billion users in Web3. Applications on Sui are based on the Move smart contract language and are horizontally scalable, allowing developers to support a wide range of application development quickly and at low cost. Get more information: https://linktr.ee/sui_apac
Official website | English Twitter | Chinese Twitter | Discord | English Telegram group | Chinese Telegram group