O
O
OpenId3 Docs
Search
K

ZK Engine

Main Idea

DAuth uses ZKP to make the authentication decentralized and trustless. ZKP engine runs on the user client side, attested key information of user authentication results based on the JWT token signed by the identity providers by using ZKSnark algorithm.

The Pre-setting

DAuth is using third-party circuits and proven keys. The circuits are generated from the proof of the processes of OAuth and SMTP. Here is an example of a proof of Google OAuth.
function C(x, w) {
return ( sha256(w) == x )
&& ( sign( idtoken ) == s );
}
C is the circuit of a proof that x is the hash of user's google account w and s is signature of the idtoken .
DAuth also use third-party generator G and secret parameterlambdato generate proving key and verification key.
(pk, vk) = G(C, lambda)

The JWT

After successfully authenticating with their social account, users will receive a JWT (JSON Web Token) from the DAuth OAuth Engine. This will be transmitted via a secure, encrypted channel.

The Proof

Once user login with Google through DAuth Network, a ZK proof will be calculated inside the secure enclave of a DAuth node.
prf = P(pk, x, w, idtoken, s)

The Verification

The verification could be calculated on-chain or off-chain.
vf = V(vk, x, s, prf)
Using the zk-SNARKs in the auth contract would look something like this:
function authentication(bytes32 accountHashValue, bytes googleCertificate, bytes zkProof, bytes idtokenSignature) {
bool authProofIsCorrect = zksnarkverify(vk, accountHashValue, idtokenSignature, zkProof);
if(authProofIsCorrect) {
authRecovrd[msg.sender] += 1 ;
nounce[accountHashValue] += 1;
emit(accountHashValue, requestId);
}
}
Once the ZK proof of social authentication has been verified in the contract, an event will be emitted. Any wallet that provides social account authentication can confirm a user's contract wallet transactions by listening to this event, instead of relying on off-chain services for centralized user authentication.