Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.zkterm.io/llms.txt

Use this file to discover all available pages before exploring further.

Overview

zkAuth provides passwordless authentication using social login (Google, GitHub, X) with STARK proofs on Starknet for verification. No passwords, no seed phrases - just seamless Web3 authentication. Status: In Development

How It Works

  1. Social Login: User authenticates with Google, GitHub, or X via Web3Auth.
  2. Key Generation: Web3Auth generates a non-custodial key unique to the user and app.
  3. STARK Proof: A STARK proof is generated proving ownership of the key without revealing it.
  4. On-Chain Verification: The proof is verified on Starknet via a Cairo smart contract.

Why STARK?

  1. Quantum Resistant: STARK proofs are secure against quantum computers.
  2. No Trusted Setup: Unlike Groth16, STARKs require no trusted ceremony.
  3. Transparent: Fully transparent verification with no hidden assumptions.
  4. Scalable: Proof size grows logarithmically with computation.

Planned Terminal Commands

These commands are planned for the zkAuth release: 
# Login with social provider
zk auth login google
zk auth login github
zk auth login x

# Check auth status
zk auth status

# Logout
zk auth logout

# Refresh STARK proof
zk auth refresh

Technical Architecture

Web3Auth Integration

zkAuth will use Web3Auth for non-custodial key management: 
import { Web3Auth } from "@web3auth/modal";

const web3auth = new Web3Auth({
  clientId: process.env.WEB3AUTH_CLIENT_ID,
  chainConfig: {
    chainNamespace: "other",
    chainId: "SN_MAINNET",
  },
});

await web3auth.initModal();
const provider = await web3auth.connect();

STARK Proof Generation

STARK proofs will be generated using Cairo: 
#[starknet::contract]
mod ZkAuthVerifier {
    use starknet::ContractAddress;
    
    #[storage]
    struct Storage {
        verified_users: LegacyMap<ContractAddress, bool>,
        proofs: LegacyMap<felt252, StarkProof>,
    }
    
    #[external(v0)]
    fn verify_auth(
        ref self: ContractState,
        public_key_hash: felt252,
        proof: Span<felt252>
    ) -> bool {
        let valid = verify_stark_proof(public_key_hash, proof);
        if valid {
            self.verified_users.write(get_caller_address(), true);
        }
        valid
    }
}

Security Model

  1. Threshold Cryptography: Web3Auth splits the key between user’s device, Web3Auth network, and optional recovery share.
  2. Proof Expiry: STARK proofs have configurable expiry (default: 7 days).
  3. Session Binding: Each proof is bound to specific session ID, user’s public key, timestamp, and application domain.

Comparison with Traditional Auth

FeatureTraditionalzkAuth
PasswordRequiredNone
Seed PhraseRequired (Web3)None
PrivacyEmail exposedZK proof, no email on-chain
SecurityPassword attacksSTARK (quantum-resistant)
UXMultiple stepsOne-click

Supported Providers

Planned providers for zkAuth:
  1. Google: Gmail and Google Workspace accounts
  2. GitHub: Personal and organization accounts
  3. X (Twitter): X/Twitter accounts

Roadmap

  1. Apple Sign-In: iOS-native authentication
  2. Discord: Gaming and community integration
  3. Email OTP: Passwordless email verification
  4. Biometric: Face ID and fingerprint support