Paper 2025/921

Zero-knowledge Authenticator for Blockchain: Policy-private and Obliviously Updateable

Kostas Kryptos Chalkias, Mysten Labs
Deepak Maram, Mysten Labs
Arnab Roy, Mysten Labs
Joy Wang, Mysten Labs
Aayush Yadav, George Mason University
Abstract

Transaction details and participant identities on the blockchain are often publicly exposed. In this work, we posit that blockchain's transparency should not come at the cost of privacy. To that end, we introduce zero-knowledge authenticators (zkAt), a new cryptographic primitive for privacy-preserving authentication on public blockchains. zkAt utilizes zero-knowledge proofs to enable users to authenticate transactions, while keeping the underlying authentiction policies private. Prior solutions for such {policy-private authentication} required the use of threshold signatures, which can only hide the threshold access structure itself. In comparison, zkAt provides privacy for arbitrarily complex authentication policies, and offers a richer interface even within the threshold access structure by, for instance, allowing for the combination of signatures under distinct signature schemes. In order to construct zkAt, we design a compiler that transforms the popular Groth16 non-interactive zero knowledge (NIZK) proof system into a NIZK with equivocable verification keys, a property that we define in this work. Then, for any zkAt constructed using proof systems with this new property, we show that all public information must be independent of the policy, thereby achieving policy-privacy. Next, we give an extension of zkAt, called zkAt+ wherein, assuming a trusted authority, policies can be updated obliviously in the sense that a third-party learns no new information when a policy is updated by the policy issuer. We also give a theoretical construction for zkAt+ using recursive NIZKs, and explore the integration of zkAt into modern blockchains. Finally, to evaluate their feasibility, we implement both our schemes for a specific threshold access structure. Our findings show that zkAt achieves comparable performance to traditional threshold signatures, while also attaining privacy for significantly more complex policies with very little overhead.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Preprint.
Keywords
blockchain privacyauthentication schemesthreshold walletszero knowledge proofs
Contact author(s)
kostas @ mystenlabs com
deepak @ mystenlabs com
arnab @ mystenlabs com
joy @ mystenlabs com
ayadav5 @ gmu edu
History
2025-05-23: revised
2025-05-22: received
See all versions
Short URL
https://ia.cr/2025/921
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2025/921,
      author = {Kostas Kryptos Chalkias and Deepak Maram and Arnab Roy and Joy Wang and Aayush Yadav},
      title = {Zero-knowledge Authenticator for Blockchain: Policy-private and Obliviously Updateable},
      howpublished = {Cryptology {ePrint} Archive, Paper 2025/921},
      year = {2025},
      url = {https://eprint.iacr.org/2025/921}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.