Skip to main content

Overview

zkAuth provides passwordless authentication using social login (Google, GitHub, X) with STARK proofs on Starknet for verification. No passwords, no seed phrases - just seamless Web3 authentication. Status: In Development

How It Works

  1. Social Login: User authenticates with Google, GitHub, or X via Web3Auth.
  2. Key Generation: Web3Auth generates a non-custodial key unique to the user and app.
  3. STARK Proof: A STARK proof is generated proving ownership of the key without revealing it.
  4. On-Chain Verification: The proof is verified on Starknet via a Cairo smart contract.

Why STARK?

  1. Quantum Resistant: STARK proofs are secure against quantum computers.
  2. No Trusted Setup: Unlike Groth16, STARKs require no trusted ceremony.
  3. Transparent: Fully transparent verification with no hidden assumptions.
  4. Scalable: Proof size grows logarithmically with computation.

Planned Terminal Commands

These commands are planned for the zkAuth release: 
# Login with social provider
zk auth login google
zk auth login github
zk auth login x

# Check auth status
zk auth status

# Logout
zk auth logout

# Refresh STARK proof
zk auth refresh

Technical Architecture

Web3Auth Integration

zkAuth will use Web3Auth for non-custodial key management: 
import { Web3Auth } from "@web3auth/modal";

const web3auth = new Web3Auth({
  clientId: process.env.WEB3AUTH_CLIENT_ID,
  chainConfig: {
    chainNamespace: "other",
    chainId: "SN_MAINNET",
  },
});

await web3auth.initModal();
const provider = await web3auth.connect();

STARK Proof Generation

STARK proofs will be generated using Cairo: 
#[starknet::contract]
mod ZkAuthVerifier {
    use starknet::ContractAddress;
    
    #[storage]
    struct Storage {
        verified_users: LegacyMap<ContractAddress, bool>,
        proofs: LegacyMap<felt252, StarkProof>,
    }
    
    #[external(v0)]
    fn verify_auth(
        ref self: ContractState,
        public_key_hash: felt252,
        proof: Span<felt252>
    ) -> bool {
        let valid = verify_stark_proof(public_key_hash, proof);
        if valid {
            self.verified_users.write(get_caller_address(), true);
        }
        valid
    }
}

Security Model

  1. Threshold Cryptography: Web3Auth splits the key between user’s device, Web3Auth network, and optional recovery share.
  2. Proof Expiry: STARK proofs have configurable expiry (default: 7 days).
  3. Session Binding: Each proof is bound to specific session ID, user’s public key, timestamp, and application domain.

Comparison with Traditional Auth

FeatureTraditionalzkAuth
PasswordRequiredNone
Seed PhraseRequired (Web3)None
PrivacyEmail exposedZK proof, no email on-chain
SecurityPassword attacksSTARK (quantum-resistant)
UXMultiple stepsOne-click

Supported Providers

Planned providers for zkAuth:
  1. Google: Gmail and Google Workspace accounts
  2. GitHub: Personal and organization accounts
  3. X (Twitter): X/Twitter accounts

Roadmap

  1. Apple Sign-In: iOS-native authentication
  2. Discord: Gaming and community integration
  3. Email OTP: Passwordless email verification
  4. Biometric: Face ID and fingerprint support