Using ZK and OIDC to prove off-chain identity on-chain

EIP 7522 proposes a method for applying user Web2 identities in Web3. I believe this is an ability that can be applied simultaneously to Verax.

The Off-chain ZKP

Connecting OIDC identity and smart accounts has been a very interesting but challenging problem. Verifying an OIDC issued IdToken is simple. IdToken are usually in the form of JWT and for common JWTs, they usually consist of three parts, a header section, a claim section and a signature section. The user claimed identity shall be included in the claim section and the signature section is usually an RSA signature of a well-known public key from the issuer against the hash of the combination of the header and claim section.

The most common way of tackling the issue is by utilizing Multi-Party Computation(MPC). However, the limitation of the MPC solution is obvious. First, it relies on a third-party service to sign and aggregate the signature which introduces centralization risk such as single point of failure and vendor lock-in. Second, it leads to privacy concerns, since the separation between the users’ Web2 identity to their Web3 address can not be cryptographically guaranteed.

All these problems could be solved by ZK verification. Privacy will be guaranteed as the connection between Web2 identity and the Web3 account will be hidden. The ZK proof generation process is completely decentralized since it can be done on the client side without involving any third-party service. ZK proofs aggregation has also proven to be viable and paves the way for cheaper verification cost at scale.

The On-chain Verification

If off-chain zero-knowledge proofs (ZKP) are responsible for ensuring privacy and computational speed, then on-chain verification needs to consider Gas fees. Acceptable gas fees vary for different scenarios. Therefore, we can combine different ZKP algorithms, balancing between time and Gas fees.

For scenarios prioritizing short time, users can utilize the Plonk2 algorithm, which can shorten the proof circuit for OpenID on a personal computer to 3 seconds. For scenarios prioritizing low gas fees, users can build on Plonky2 and add a layer of Gnark’s Aggregation proof. Gnark aggregation can shrink an individual proof by 50-100 times, making gas fees more affordable.


I’m continually impressed by the Openid3 team in their approach to innovation I have to say. There are very few teams that trying to develop with standardisation in mind, and the fact that you’ve crafted an EIP is great. The fact that you’re integrating with on-chain registries is also a big step in terms of allowing the generated ZKPs to be re-usable and composable.

I’m pretty bullish on this technology, especially seeing as nearly everyone has a web2 identity that is secured oAuth2.0 / OIDC, which means that this approach is highly accessible. Thanks so much for sharing this!

1 Like