Stellar ZK Login

Zero-knowledge social authentication for Stellar/Soroban

What is this?

ZK Login lets you authenticate with a Google account or a WebAuthn passkey and generate a Groth16 zero-knowledge proof that can be verified on the Stellar blockchain. Your identity is never revealed on-chain — only a cryptographic commitment.

This is the same pattern as Sui zkLogin and Aptos Keyless, adapted for Stellar/Soroban.

Two identity providers

GOOGLE OAuth JWT → SHA-256 identity hash. Recoverable from any device.
PASSKEY WebAuthn credential → SHA-256 identity hash. No PII, origin-bound, un-phishable.

The ZK circuit is identity-agnostic — it only sees a 248-bit field element. Same WASM, same zkey, same verification key for both providers.

What's real, what's not

REAL Identity hashing (SHA-256 + BN254 field truncation)
REAL Poseidon attestation (matches Circom circuit exactly)
REAL Groth16 proof generation (2,295 constraints on BN254)
REAL Off-chain verification (snarkjs pairing check in your browser)
REAL On-chain verification (Groth16 BN254 pairing check on Soroban testnet)

How it works

  1. Identity Provider — Google Sign-In (JWT) or Passkey (WebAuthn credential)
  2. Identity Hash — Provider-specific hash truncated to BN254 field element
  3. Attestation — Server generates Poseidon hash binding identity + timestamp
  4. ZK Proof — Your browser generates a Groth16 proof (private inputs never leave)
  5. Verification — Off-chain (real, in your browser) or on-chain (testnet, stubbed)
Start the Demo Flow →