About zkLogin | Sui Docs

zkLogin is a Sui primitive that lets users send transactions from a Sui address using an OAuth credential, without publicly linking the two.

Why use zk?

Prove what? user sign in with his/her Google account without revealing the account info.

Prove to whom? Sui validators, follow the on-chain code rules, user own this zkLogin address.

What are the public inputs and private inputs?

What is JWT token look like?

Public info:

• iss

Private info:

• aud (actually, this is easy to leak)
• sub
• nonce

How to derive address public key and private key?

Instead of deriving the Sui address based on a public key, the zkLogin address is derived from sub (that uniquely identifies the user per provider), iss (identifies the provider), aud (identifies the application) and user_salt (a value that unlinks the OAuth identifier with the on-chain address).

Normal way to derive/generate Sui address:

mnemonic phrase → private key → public key → address