zkLogin

Koseli harnesses the zkLogin feature from the SUI Blockchain, providing users with a secure and privacy-preserving method to access Web3 decentralized applications (dApps). Utilizing zero-knowledge proofs, zkLogin ensures seamless login experiences for Koseli users, preserving their privacy while accessing their favorite dApps with familiar Web2 accounts such as Google, Facebook, and Twitch.

How zkLogin Works:

1. Ephemeral key pair: For every zkLogin, a short-lived key pair is generated. The private key is used to sign the transaction whereas the public key is included in the nonce field of JWT token and sent to the OAuth providers during web2 login.

2. Web2 Login and JWT Token: Once a user successfully authenticates with OAuth providers, the JWT token gets signed.

3. Wallet Creation: A unique Sui wallet is created based on the user’s ID, dApp application ID, and a secret salt, and assets are held/owned by this wallet for any kind of claims within the app

4. Zero-Knowledge Proof Generation: Zero-Knowledge proof is generated which proves all the following statements:

   1. The signed JWT token is not tampered with.

   2. The signed JWT token consists of the public key and the valid period - epoch.

   3. The key pair is valid.

5. Transaction: The blockchain transaction is formed and signed with the ephemeral private key and broadcasted along with the zk-proof.

6. Transaction Verification: The broadcasted transaction will be executed on-chain only if the zk-proof verifies.

For comprehensive insights into zkLogin and Enoki's role in ensuring a secure login experience, please explore the and .