zkLogin Adds Multi-sig Recovery, Apple Credentials

Continuing work on zkLogin, Sui's social login primitive, resulted in two significant improvements, multi-signature recovery and support for Apple accounts. These changes allow greater choice for users and a powerful new way to recover accounts if the zkLogin credential issuer or app is no longer active.

Thanks to Sui’s cryptographic agility, zkLogin lets builders integrate social logins with their apps. Instead of requiring users to connect a wallet or manually create a new account, apps using zkLogin offer users the ability to create a Sui address with an existing account from companies such as Google and Facebook. The zero knowledge proof technology behind zkLogin eliminates the need for the user to handle any cryptographic sensitive material, such as the private key.

When zkLogin launched last year, it supported Google, Twitch, and Facebook accounts. The addition of Apple support helps users who prefer to stick with Apple for all their social logins. This new authentication method particularly benefits iOS users, as it allows iPhone apps to easily support Sui wallet creation. 

Multi-signature, or multi-sig, opens up a new means of account recovery geared towards both security and ease of use. As zkLogin assumes the liveliness of the application client ID and its issuer, such as Google, multi-sig provides significant improvements to the recoverability of a zkLogin account.

By creating a multi-sig wallet with zkLogin and another private key as backup, a user can still access their wallet if the original app or credential issuer goes away. If a builder, for example, takes down their app which included accounts created through zkLogin, users could enter their private key and recover any assets they had in that account, moving them to another wallet.

The integration of multi-sig with zkLogin also opens the door to more complex use cases, where builders can include up to 10 zkLogin accounts among different credential providers, with customizable weights and thresholds. 

For example, a multi-sig address with a threshold of two could include multiple public keys with different weights. The original owner's Google account could be given a weight of two in this multi-sig scheme and additional signatures, a separate Apple account and a Facebook account, could each be assigned a weight of one. The threshold of two means the Google account, because it has been assigned a weight of two, can always open the multi-sig account by itself. The Apple and Facebook accounts, however, would both be needed to open the multi-sig account, as each by itself does not meet the threshold requirement. 

These updates to zkLogin support overall work on making Sui the most widely accessible blockchain. Creating mass user adoption brings the benefits of digital asset ownership to the world at large.

Start building on Sui and onboard the next generation of blockchain users.