Sui Wallet DesktopSui zkLogin — Sign In With Google, Apple or Facebook
zkLogin lets you create and access a Sui wallet using your Google, Apple, or Facebook account instead of managing a seed phrase. It uses zero-knowledge proofs to bind your social-login identity to a stable on-chain Sui address without revealing your social credentials on-chain. Sui Wallet Desktop supports zkLogin natively in the desktop app — full OAuth flow, full feature set.
What is zkLogin
zkLogin is an authentication primitive built into the Sui blockchain. Instead of generating a wallet from a 24-word seed phrase, zkLogin creates a wallet tied to your OAuth identity — Google account, Apple ID, or Facebook account.
Behind the scenes, zkLogin uses a zero-knowledge proof to demonstrate that you control a specific OAuth account, without exposing the actual OAuth credentials on-chain. The blockchain sees only the proof; your account details stay private.
The result: a Sui wallet address bound to your social identity but not revealing it. Lose the device? Sign in with the same OAuth account on a new device, and the same address recovers.
What is Sui zkLogin used for
- Onboarding non-crypto users — people new to crypto find seed phrases intimidating; zkLogin gives them a familiar OAuth flow.
- Replacing password managers for crypto — for users who don't want another secret to manage, zkLogin moves the secret to their existing OAuth provider.
- Sponsored transactions — apps can pay gas on a user's behalf when zkLogin is used, removing the "you need SUI to pay for gas" onboarding friction.
How does zkLogin work — the mechanism
- OAuth flow — Sui Wallet Desktop opens your OS browser to Google/Apple/Facebook; the provider returns a JWT proving you authenticated.
- Salt generation — the wallet generates a random salt that combines with your OAuth identity to determine your Sui address.
- Zero-knowledge proof — the wallet generates a zk proof that demonstrates "I have a valid JWT from this provider for this user, combined with this salt." The proof reveals the resulting Sui address but not the underlying OAuth identity.
- Transaction signing — when you sign a Sui transaction, the wallet generates a fresh zk proof for that signature. The Sui blockchain verifies the proof and accepts the transaction.
zkLogin OAuth providers
- Google — most common. Tested across Windows, Mac, and Linux.
- Apple — Sign in with Apple. Particularly natural for macOS users.
- Facebook — supported but less popular for crypto use cases.
zkLogin vs seed phrase
| zkLogin | Seed phrase | |
|---|---|---|
| Convenience | High — sign in with familiar OAuth | Lower — manage and back up 24 words |
| Recovery method | Sign in with OAuth on new device | Re-enter seed phrase on new device |
| Trust dependency | OAuth provider must keep your account active | Self-managed, no third-party dependency |
| Worst-case loss | OAuth provider closes account → wallet gone | Lose seed phrase + device → wallet gone |
| Best for | Onboarding, casual use, smaller balances | Power users, larger balances, long-term holding |
zkLogin security considerations
- No seed phrase to lose — but also no seed phrase to fall back on if your OAuth account is compromised or closed.
- OAuth provider risk — Google, Apple, and Facebook can close accounts at their discretion.
- OAuth credential security — protect your account with strong password and 2FA.
- Provider domain confirmation — the wallet routes the OAuth flow through the provider's own domain (accounts.google.com, appleid.apple.com, facebook.com). The browser's address bar shows the provider domain during sign-in.
- No recovery from OAuth loss without backup — if you used zkLogin only and lose OAuth access, recovery is impossible.
How to set up zkLogin in Sui Wallet Desktop
- Open Sui Wallet Desktop — first launch shows three options: create new wallet, recover existing wallet, or sign in with zkLogin.
- Choose your provider — Google, Apple, or Facebook.
- Complete OAuth flow — your default browser opens to the provider's sign-in.
- Wallet ready — you're returned to Sui Wallet Desktop with your zkLogin address ready to use.
- (Recommended) back up recovery key — Settings → Security → Export Recovery Key.