It is a privacy-based login protocol, which allows users to login into any 3rd party app by proving their identity via ZKPs and minting an NFT which acts as a pass for them for secured login.

Privacy and data security are major concerns in the digital era. While logging into any app when we click on sign in with Google, the 3rd party app has all the access to our personal data which Google has in its database. Even though the app might strictly require only a few information fields like email, location, etc. It can save other info fields in its own database.

The lack of protection of these databases can have serious consequences. Data breaches can lead to identity theft and other harmful outcomes. We always keep seeing the large dataset of user's confidential information being sold out on the dark web.

zkGATE is a login protocol which 3rd party apps can integrate, through which only those information which is required by the app is passed to it while the rest information is encrypted as a zero-knowledge proof. 

• Integrate with 3rd party app: Any app that wants users to give the secure login mechanism needs to integrate zkGATE as a login option. Once done, the 3rd party app will be visible on the zkGATE page to generate NFT. The 3rd party app will be having a public key and a private key. The private key is shared securely with zkGATE at the time the app integrates zkGATE into it.  

• Google Authorisation: A user who wants to login into the 3rd party app needs to get the zkGATE NFT. For this, to get the trusted authorization of the user, he is prompted to get the Google sign-in data. Through this process, the 3rd party app gets the trust of Google that the user signing in has a Google-authorized account.

• Generating Proof: Once the personal information from Google is fetched only those data fields which are required by the 3rd party app is passed down while the other data fields are encrypted as nullifier into the proof. To protect from fake proofs, we use the HASH(secretKey) === publicKey of the 3rd party app. Since the secret key is securely protected at the zkGATE and will only be used to generate proof after Google authorization, hackers cannot bypass this check.

• Minting NFT: Once the above processes are completed, the user gets an NFT minted on their wallet address. In the NFT metadata, the proof is written, and now the user gets redirected to the 3rd party app page.

• Login: The user comes on the 3rd party app page and clicks on login using zkGATE. This causes in the backend to verify whether the user has an NFT with valid proof. If yes access is granted in the app, else access is denied. 

We have used ERC1155 token standard for the NFT. The reason is to share the NFT with other users in case of sharing the account. Example - Let’s suppose Instagram has integrated zkGATE. Now user1 wants to give access of its account to user2 for a day. User1 can mint another NFT with his own proof into NFT’s metadata with a day timestamp. By this user2 gets access of the user1’s account without the knowledge of his userID and Password, and since the validity of the NFT is only for a day he will loose access after a day, and can’t even try to alter the password to indefinitely to get the user1 logged out. Full control remains with the true owner of the account.

Since it acts as a bridge between web2 apps to use web3 authentication along the Google authorization, we want more apps to integrate zkGATE.

• Figuring out the circom circuit to convert this use case into zero-knowledge took days.

• Integrating Google authorization using Google auth2 API was a bit challenging.

• For demo purposes, we're required to build another app that has integrated zkGATE into it as a login solution, which was like making another project in a small time frame.

We have integrated DB3 database into our project to add an extra layer of security, by not allowing a particular account address to have multiple zkGATE login NFT, if it bypasses the front end, we are saving the first proof generated by a particular wallet into the DB3 decentralized network database. So if a user bypasses the front end and somehow derives the secret key he won't be able to log in with the secondary zkGATE NFT because the database will already have the first NFT's proof recorded, and the scam NFT will be nullified.

Here is the github permalink for the code, where we have used DB3 database tech -

Current timestamp in the video link - https://youtu.be/-V-pNZzqtGo?t=269

The zkGATENFTMint contract and the verifier contract are the backbones of the zkGATE. All the contract development, debugging, and deployment are done using the chainIDE. zkGATE is an innovative solution leveraging zero-knowledge proofs to protect users privacy and still get the same login experience as they would get when they choose the sign-in with Google option in most of the 3rd party apps. Here is the timestamp in the demo video where it is shown the use of ChainIDE for contract development - https://youtu.be/-V-pNZzqtGo?t=256

zkGATE adds an addition to the Ethereum infrastructure to be used as login protocol for most of the web2 apps, which is generally saving user's private information into their database for granting login access. Since we have also the Google authorization integrated this gives the users trust and feel of web2 application, along with blockchain integrated to have them the faith that there data is protected using zero knowledge proofs and is not being held by a centralised entity.

With the advent of the internet, data is the new oil, and we always hear the news of app users databases getting hacked. So it becomes very important for the users to get such a login alternative that gives them control of whatever data they want can only allow the app to access, and does not save unnecessary information. zkGATE is such an innovative login mechanism, that leverages zero-knowledge proofs to encrypt the Google-authorized genuine users private information into proof. Save it into an NFT and mint it to their wallet. Giving them access only when their proof is verified on-chain.

Currently, zkGATE is a prototype ideated and developed during ETH Shanghai. It is a login tool that needs to be integrated into the 3rd party apps as a login option, to let the users leverage the power of having full control of their personal data. We are aiming to work on a complete API that can be given to the developers so that they can easily integrate zkGATE into their apps. The good part is it's not focussed only on web3 developers but it can penetrate better into the web2 apps.

Zero Knowledge and proof verification is the major chunk that is done on layer2 chains. Currently, the proof generated is done locally on the browser using snarkJS, but we are aiming to get layer2 chains as they are fast and then submit the proof on the verifier contract deployed on layer1.