zkLogin

Bringing secure, frictionless user onboarding to Sui.
Get Started

Overview

Traditionally engaging with on-chain dApps has required a cumbersome onboarding experience consisting of

  • Installing a wallet
  • Maintaining a seed phrase
  • Storing private keys to sign transactions

zkLogin replaces this process, enabling seamless authorization of on-chain transactions utilizing familiar credentials (e.g. Google, Facebook), while leveraging zero-knowledge proofs to ensure privacy of sensitive user data.

Ceremony

In order to achieve greater efficiencies in the computation of zero-knowledge proofs, the Sui Foundation is hosting a ceremony to generate a Common Reference String (CRS) that any application on Sui can utilize. To sample this string, both the circuit description and some confidentially generated random numbers are needed. Trust in the process is grounded in two key principles:

1. The sampling process is executed faithfully.
2. The confidential random numbers are discarded reliably.


We engage a multitude of parties and utilize a distributed protocol to ensure that the final setup meets the intended security and privacy guarantees. This holds true even if only one of these parties follows the protocol honestly.

Functionality

Zero Knowledge Proofs: Leveraged to protect sensitive user data, Zero Knowledge Proofs convince the blockchain that user information is verified. This is achieved by using the JWT token (issued by the OAuth provider and containing the user's credentials) as a private witness in a circuit. This circuit internally verifies the provider’s RSA signature and user information. Concurrently, this offers a better application experience since the user no longer needs to maintain complex mnemonics or passwords during onboarding.

Setup Ceremony: zkLogin leverages a Groth16 zkSNARK system to take advantage of its notably succinct proof size and verifier efficiency. This comes at the one-time cost of a computationally expensive setup operation.

The Following Groups are Invited to Participate

Experts (up to 50 participants)
Blockchain, cryptography and technology experts
Validators (up to 100 participants)
Entities that have already participated in securing the Sui Network

Steps to Contribute

Participants join queue with an invitation code
When it's your turn, choose to contribute via –
  1. Browser – User Friendly
  2. Docker – Technical
When contributing the following steps must be taken in a timely manner to avoid being discarded

  1. Download latest contribution file from coordinator server and verify
  2. Enter entropy – Prefer easily discardable entropy (e.g. Random cursor moves)
  3. Run contribution code
  4. Sign contribution code
  5. Upload contribution
Finally, next participant is teed up to contribute

Finalization

After final contributions, the CRS and a verification script will be published on the Sui Foundation website for public examination.

The Sui Foundation will run the verification to ensure ceremony integrity, with others welcome to join.

Eventually, the final CRS will be used to generate the proving key and verifying key. Sui docs will be updated with guidance on usage, best practice and examples.

Frequently asked questions

How can I confirm that my contribution was correctly incorporated into the CRS?

Contributors will receive both the hash of the previous contribution they are working on and the resulting hash after their contribution, displayed on-screen and sent via email. After the ceremony is completed, they can compare these hashes with the transcripts publicly available on the ceremony site.

How can I confirm the finalized contribution from all contributors is incorporated into the CRS?

All contributions will be publicly available after the ceremony. Contributors can confirm that their contribution hash is consistent with what they had during their contribution phase. After the ceremony, anyone is able to check that the hashes are computed correctly and each contribution is properly incorporated in the finalized parameters.

What are the differences between “contribute with browser” and “contribute with Docker”?

The browser option is more user-friendly for contributors to participate as everything happens in the browser. The Docker option requires Docker setup but is more transparent—the Dockerfile and contributor source code are open-sourced and the whole process is verifiable. Moreover, the browser option utilizes snarkjs while the Docker option utilizes Kobi’s implementation. This provides software variety and contributors can choose to contribute by whichever method they trust.

What is the function of the activation code?

The activation code authenticates the contributor's email with the ceremony server and is also used to sign their contribution.

Why is ceremony participation not available to the broader community?

Involving a broader community of participants would be ideal, particularly because it bolsters the decentralization aspect of the trusted ceremony. However, our timeline is more aggressive compared to other public ceremonies, like that of Ethereum (https://ceremony.ethereum.org/), which are designed to span months. We want zkLogin to be available to developers as soon as possible. Simultaneously, by involving Sui validators, we aim to achieve a security level akin to the network itself. Including cryptography and technology experts provides further assurance that any issues will be flagged. Since these ceremonies are extensible, we always have the option to incorporate more contributions in the future.

Why can't we use existing ZK parameters and is there any way to amortize with others?

We are using the community Perpetual Powers of Tau for Phase 1, which is circuit-agnostic. Our ceremony is only for the zkLogin circuit-specific Phase 2 portion.

Is this a trusted setup that can only be used by a large organization for its products?

zkLogin is a Sui primitive, which is why the Sui Foundation is responsible for it. Our goal is for it to achieve widespread global adoption, extending beyond just large organizations and enterprises.

Will you publish the contributors' names/affiliations?

Participants can choose if they want their name and affiliation to be published. While we'd prefer participants to publicly endorse participation, they can participate anonymously. If choosing to be anonymous, the Sui Foundation will have knowledge of participant details, but there won't be any public disclosure.

Tab 2 title 1

Tab 2 Content for title 1 lorem ipsum dalor valor ganor.