Cited By
View all- Hasan SGhani ADaud AAkbar HKhan M(2025)A Review on Secure Authentication Mechanisms for Mobile SecuritySensors10.3390/s2503070025:3(700)Online publication date: 24-Jan-2025
zkLogin: Privacy-Preserving Blockchain Authentication with Existing Credentials
Authors: 
Foteini Baldimtsi, Konstantinos Kryptos Chalkias, Yan Ji, Jonas Lindstrøm, Deepak Maram, Ben Riva, Arnab Roy, Mahdi Sedaghat, Joy WangAuthors Info & Claims
Foteini Baldimtsi, Konstantinos Kryptos Chalkias, Yan Ji, Jonas Lindstrøm, Deepak Maram, Ben Riva, Arnab Roy, Mahdi Sedaghat, Joy WangAuthors Info & ClaimsPages 3182 - 3196
Abstract
For many users, a private key based wallet serves as the primary entry point to blockchains. Commonly recommended wallet authentication methods, such as mnemonics or hardware wallets, can be cumbersome. This difficulty in user onboarding has significantly hindered the adoption of blockchain-based applications.
We develop zkLogin, a novel technique that leverages identity tokens issued by popular platforms (any OpenID Connect enabled platform e.g., Google, Facebook, etc.) to authenticate transactions. At the heart of zkLogin lies a signature scheme allowing the signer to sign using their existing OpenID accounts and nothing else. This improves the user experience significantly as users do not need to remember a new secret and can reuse their existing accounts.
zkLogin provides strong security and privacy guarantees. Unlike prior works, zkLogin's security relies solely on the underlying platform's authentication mechanism without the need for any additional trusted parties (e.g., trusted hardware or oracles). As the name suggests, zkLogin leverages zero-knowledge proofs (ZKP) to ensure that the sensitive link between a user's off-chain and on-chain identities is hidden, even from the platform itself.
zkLogin enables a number of important applications outside blockchains. It allows billions of users to produce verifiable digital content leveraging their existing digital identities, e.g., email address. For example, a journalist can use zkLogin to sign a news article with their email address, allowing verification of the article's authorship by any party.
We have implemented and deployed zkLogin on the Sui blockchain as an additional alternative to traditional digital signature-based addresses. Due to the ease of web3 on-boarding just with social login, many hundreds of thousands of zkLogin accounts have already been generated in various industries such as gaming, DeFi, direct payments, NFT collections, sports racing, cultural heritage, and many more.
References
[1]
Foteini Baldimtsi, Konstantinos Kryptos Chalkias, Yan Ji, Jonas Lindstrøm, Deepak Maram, Ben Riva, Arnab Roy, Mahdi Sedaghat, and Joy Wang. 2024. zkLogin: Privacy-Preserving Blockchain Authentication with Existing Credentials. arxiv: 2401.11735 [cs.CR] https://arxiv.org/abs/2401.11735
[2]
Marta Bellés-Mu noz, Miguel Isabel, Jose Luis Mu noz-Tapia, Albert Rubio, and Jordi Baylina. 2022. Circom: A Circuit Description Language for Building Zero-knowledge Applications. IEEE Transactions on Dependable and Secure Computing (2022).
[3]
Eli Ben-Sasson, Iddo Bentov, Yinon Horesh, and Michael Riabzev. 2018. Scalable, transparent, and post-quantum secure computational integrity. Cryptology ePrint Archive, Report 2018/046. https://eprint.iacr.org/2018/046.
[4]
Sam Blackshear, Andrey Chursin, George Danezis, Anastasios Kichidis, Lefteris Kokoris-Kogias, Xun Li, Mark Logan, Ashok Menon, Todd Nowacki, Alberto Sonnino, et al. 2023. Sui lutris: A blockchain combining broadcast and consensus. arXiv preprint arXiv:2310.18042 (2023).
[5]
C2PA. 2023. Content Credentials : C2PA Technical Specification. https://c2pa.org/specifications/specifications/1.4/specs/C2PA_Specification.html#_trust_model Accessed: [Nov 29, 2023].
[6]
Tim Carstens and Hans Martin. 2023. Bridging Web2 and Web3 with Bonsai Pay: A Bonsai-powered Demo Application. https://www.risczero.com/blog/bonsai-pay.
[7]
Melissa Chase and Anna Lysyanskaya. 2006. On Signatures of Knowledge. In CRYPTO 2006 (LNCS, Vol. 4117), Cynthia Dwork (Ed.). Springer, Heidelberg, 78--96. https://doi.org/10.1007/11818175_5
[8]
Alessandro Chiesa, Yuncong Hu, Mary Maller, Pratyush Mishra, Noah Vesely, and Nicholas P. Ward. 2020. Marlin: Preprocessing zkSNARKs with Universal and Updatable SRS. In EUROCRYPT 2020, Part I (LNCS, Vol. 12105), Anne Canteaut and Yuval Ishai (Eds.). Springer, Heidelberg, 738--768. https://doi.org/10.1007/978--3-030--45721--1_26
[9]
Alessandro Chiesa, Ryan Lehmkuhl, Pratyush Mishra, and Yinuo Zhang. 2023. Eos: Efficient Private Delegation of zkSNARK Provers. In 32nd USENIX Security Symposium (USENIX Security 23). 6453--6469.
[10]
Damian. 2024. Oauth-controlled Blockchain accounts | Near Documentation. https://docs.near.org/blog/chain-signatures-use-cases.
[11]
Ariel Gabizon, Zachary J. Williamson, and Oana Ciobotaru. 2019. PLONK: Permutations over Lagrange-bases for Oecumenical Noninteractive arguments of Knowledge. Cryptology ePrint Archive, Report 2019/953. https://eprint.iacr.org/2019/953.
[12]
Sanjam Garg, Aarushi Goel, Abhishek Jain, Guru-Vamsi Policharla, and Sruthi Sekar. 2023. zkSaaS: Zero-Knowledge SNARKs as a Service. In 32nd USENIX Security Symposium (USENIX Security 23). 4427--4444.
[13]
Shafi Goldwasser, Silvio Micali, and Charles Rackoff. 1985. The Knowledge Complexity of Interactive Proof-Systems (Extended Abstract). In 17th ACM STOC. ACM Press, 291--304. https://doi.org/10.1145/22145.22178
[14]
Lorenzo Grassi, Dmitry Khovratovich, Christian Rechberger, Arnab Roy, and Markus Schofnegger. 2021. Poseidon: A new hash function for Zero-Knowledge proof systems. In 30th USENIX Security Symposium (USENIX Security 21).
[15]
Jens Groth. 2016. On the Size of Pairing-Based Non-interactive Arguments. In EUROCRYPT 2016, Part II (LNCS, Vol. 9666), Marc Fischlin and Jean-Sébastien Coron (Eds.). Springer, Heidelberg, 305--326. https://doi.org/10.1007/978--3--662--49896--5_11
[16]
Ulrich Haböck. 2022. Multivariate lookups based on logarithmic derivatives. Cryptology ePrint Archive, Paper 2022/1530. https://eprint.iacr.org/2022/1530.
[17]
Christie Harkin. 2021. Mt. Gox Rehabilitation Plan Worth Billions in Compensation Approved, Finalization to Follow. CoinDesk.
[18]
Ethan Heilman, Lucie Mugnier, Athanasios Filippidis, Sharon Goldberg, Sebastien Lipman, Yuval Marcus, Mike Milano, Sidhartha Premkumar, and Chad Unrein. 2023. OpenPubkey: Augmenting OpenID Connect with User held Signing Keys. Cryptology ePrint Archive, Report 2023/296. https://eprint.iacr.org/2023/296.
[19]
K. Huang. 2022. Why Did FTX Collapse" Here"s What to Know. The New York Times. https://www.nytimes.com/2022/11/10/technology/ftx-binance-crypto-explained.html
[20]
iden3. 2023. rapidsnark. https://github.com/iden3/rapidsnark.
[21]
M. Jones. 2015. JSON Web Algorithms (JWA) Section 3. RFC 7518. Internet Engineering Task Force. https://datatracker.ietf.org/doc/html/rfc7518#section-3 Section 3.
[22]
Marcel Keller. 2020. MP-SPDZ: A Versatile Framework for Multi-Party Computation. In ACM CCS 2020, Jay Ligatti, Xinming Ou, Jonathan Katz, and Giovanni Vigna (Eds.). ACM Press, 1575--1590. https://doi.org/10.1145/3372297.3417872
[23]
Ahmed Kosba, Charalampos Papamanthou, and Elaine Shi. 2018. xJsnark: A Framework for Efficient Verifiable Computation. In 2018 IEEE Symposium on Security and Privacy (SP). 944--961. https://doi.org/10.1109/SP.2018.00018
[24]
Hugo Krawczyk. 2000. Simple Forward-Secure Signatures From Any Signature Scheme. In ACM CCS 2000, Dimitris Gritzalis, Sushil Jajodia, and Pierangela Samarati (Eds.). ACM Press, 108--115. https://doi.org/10.1145/352600.352617
[25]
Leona Lassak, Elleen Pan, Blase Ur, and Maximilian Golla. 2024. Why Aren"t We Using Passkeys? Obstacles Companies Face Deploying FIDO2 Passwordless Authentication. (2024).
[26]
Deepak Maram, Harjasleen Malvai, Fan Zhang, Nerla Jean-Louis, Alexander Frolov, Tyler Kell, Tyrone Lobban, Christine Moy, Ari Juels, and Andrew Miller. 2021. CanDID: Can-Do Decentralized Identity with Legacy Compatibility, Sybil-Resistance, and Accountability. In 2021 IEEE Symposium on Security and Privacy (SP). https://doi.org/10.1109/SP40001.2021.00038
[27]
Deepak Maram, Harjasleen Malvai, Fan Zhang, Nerla Jean-Louis, Alexander Frolov, Tyler Kell, Tyrone Lobban, Christine Moy, Ari Juels, and Andrew Miller. 2021. Candid: Can-do decentralized identity with legacy compatibility, sybil-resistance, and accountability. In 2021 IEEE Symposium on Security and Privacy (SP). IEEE, 1348--1366.
[28]
David Z. Morris. 2021. Gerald Cotten and Quadriga: Unraveling Crypto?s Biggest Mystery. https://www.coindesk.com/markets/2021/06/29/gerald-cotten-and-quadriga-unraveling-cryptos-biggest-mystery/ Accessed: Oct 27, 2023.
[29]
Alexander Nilsson, Pegah Nikbakht Bideh, and Joakim Brorsson. 2020. A survey of published attacks on Intel SGX. arXiv preprint arXiv:2006.13598 (2020).
[30]
Santiago Palladino. 2019. Sign in with Google to your Identity Contract. https://forum.openzeppelin.com/t/sign-in-with-google-to-your-identity-contract-for-fun-and-profit/1631
[31]
Sanghyeon Park, Jeong Hyuk Lee, Seunghwa Lee, Jung Hyun Chun, Hyeonmyeong Cho, MinGi Kim, Hyun Ki Cho, and Soo-Mook Moon. 2023. Beyond the Blockchain Address: Zero-Knowledge Address Abstraction. Cryptology ePrint Archive, Report 2023/191. https://eprint.iacr.org/2023/191.
[32]
Pete Rizzo. 2017. The Big News Behind the BTC-e Arrest and Mt Gox Connection. https://www.coindesk.com/markets/2017/07/26/the-big-news-behind-the-btc-e-arrest-and-mt-gox-connection/ Accessed: Oct 27, 2023.
[33]
Jeff John Roberts. 2024. Old Bitcoin wallets keep waking up: How many of the 1.8 million "lost" coins are really gone? https://fortune.com/crypto/2024/04/24/bitcoin-wallets-waking-up-lost-coins-satoshi/.
[34]
N. Sakimura, J. Bradley, M. Jones, B. de Medeiros, and C. Mortimore. 2014. OpenID Connect Core 1.0 incorporating errata set 1. OpenID Foundation. Accessed: Oct 27, 2023.
[35]
N. Sakimura, J. Bradley, M. Jones, B. de Medeiros, and C. Mortimore. 2014. OpenID Connect Core 1.0 incorporating errata set 1: Subject Identifier Types. OpenID Foundation. Accessed: Oct 27, 2023.
[36]
Apple Platform Security. 2024. iCloud encryption. https://support.apple.com/guide/security/icloud-encryption-sec3cac31735/web
[37]
Adi Shamir. 1984. Identity-Based Cryptosystems and Signature Schemes. In CRYPTO'84 (LNCS, Vol. 196), G. R. Blakley and David Chaum (Eds.). Springer, Heidelberg, 47--53.
[38]
Technology Review. 2023. Cryptography, AI, and the labeling problem: How C2PA aims to establish digital provenance. Technology Review (28 07 2023). https://www.technologyreview.com/2023/07/28/1076843/cryptography-ai-labeling-problem-c2pa-provenance/
[39]
URL. - a. Dauth. https://www.dauth.network/.
[40]
URL. - b. Face Wallet. https://facewallet.xyz/
[41]
URL. - c. Magic. https://magic.link.
[42]
URL. - d. Privy. https://docs.privy.io.
[43]
URL. - e. RISC Zero. https://github.com/risc0/risc0.
[44]
URL. - f. Web3Auth. https://web3auth.io.
[45]
URL. 2024. Aptos Keyless | Aptos Docs. https://aptos.dev/en/build/guides/aptos-keyless.
[46]
Muthuramakrishnan Venkitasubramaniam. 2023. Ligetron: Lightweight Scalable End-to-End Zero-Knowledge Proofs. Post-Quantum ZK-SNARKs on a Browser. In 2024 IEEE Symposium on Security and Privacy (SP). IEEE Computer Society, 86--86.
[47]
Yaman Yu, Tanusree Sharma, Sauvik Das, and Yang Wang. 2024. " Don't put all your eggs in one basket": How Cryptocurrency Users Choose and Secure Their Wallets. In Proceedings of the CHI Conference on Human Factors in Computing Systems. 1--17.
[48]
Fan Zhang, Deepak Maram, Harjasleen Malvai, Steven Goldfeder, and Ari Juels. 2020. Deco: Liberating web data using decentralized oracles for tls. In Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security. 1919--1938.
Index Terms
- zkLogin: Privacy-Preserving Blockchain Authentication with Existing Credentials
Recommendations
Privacy-Enhancing Proxy Signatures from Non-interactive Anonymous Credentials
DBSec 2014: Proceedings of the 28th Annual IFIP WG 11.3 Working Conference on Data and Applications Security and Privacy XXVIII - Volume 8566Proxy signatures enable an originator to delegate the signing rights for a restricted set of messages to a proxy. The proxy is then able to produce valid signatures only for messages from this delegated set on behalf of the originator. Recently, two ...
Extending ECC-based RFID authentication protocols to privacy-preserving multi-party grouping proofs
Since the introduction of the concept of grouping proofs by Juels, which permit RFID tags to generate evidence that they have been scanned simultaneously, various new schemes have been proposed. Their common property is the use of symmetric-key ...
Privacy preserving smartcard-based authentication system with provable security
In this paper, we suggest a new privacy preserving smartcard-based password authenticated key exchange SC-PAKE with provable security. Only the user who has two secrets smartcard and password can go through authentication with key exchange while ...
Comments
Information & Contributors
Information
Published In
December 2024
5188 pages
ISBN:9798400706363
DOI:10.1145/3658644
- General Chairs:
- Bo Luo,
- Xiaojing Liao,
- Jun Xu,
- Program Chairs:
- Engin Kirda,
- David Lie
Copyright © 2024 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Sponsors
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 09 December 2024
Check for updates
Author Tags
Qualifiers
- Research-article
Conference
CCS '24
Sponsor:
CCS '24: ACM SIGSAC Conference on Computer and Communications Security
October 14 - 18, 2024
UT, Salt Lake City, USA
Acceptance Rates
Overall Acceptance Rate 1,261 of 6,999 submissions, 18%
Upcoming Conference
CCS '25
- Sponsor:
- sigsac
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- View Citations1Total Citations
- 341Total Downloads
- Downloads (Last 12 months)341
- Downloads (Last 6 weeks)121
Reflects downloads up to 28 Feb 2025
Other Metrics
Citations
Cited By
View all- Hasan SGhani ADaud AAkbar HKhan M(2025)A Review on Secure Authentication Mechanisms for Mobile SecuritySensors10.3390/s2503070025:3(700)Online publication date: 24-Jan-2025
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in