Because transparency shouldn’t mean giving up your secrets.

On most public blockchains today, every transaction and user identity is publicly visible. While transparency is one of blockchain’s biggest strengths, it comes at the cost of privacy, especially when it comes to authentication.

ZkAt short for zero-knowledge authenticators is a novel cryptographic primitive that brings privacy-preserving authentication to the blockchain world. With zkAt, users can prove they’re authorized to perform a transaction without revealing the rules or policies behind that authorization.

The Problem with Traditional Approaches

Previous attempts at privacy in authentication such as using threshold signatures could only hide limited information.

For example, they might obscure which users signed a transaction, but not much else. They also struggled with more complex authentication policies (like combinations of roles, identities, or rules).

zkAt changes the game by:

• Supporting arbitrarily complex policies
• Allowing flexible structures like multi-scheme signature combinations
• Keeping the entire policy hidden from the public

How zkAt Works

To build zkAt, the authors designed a compiler that transforms the widely-used Groth16 zk-SNARK system into a new type of Non-Interactive Zero-Knowledge (NIZK) proof — one that supports equivocable verification keys.

What does that mean?

It means the verifier can’t tell which policy is being used, but the proof still convinces them that it’s valid. This is a brand-new cryptographic property introduced in the paper, and it’s the foundation for how zkAt ensures policy privacy.

But the authors didn’t stop at zkAt. They went one step further with zkAt⁺, a version that supports oblivious updates.

In short:

A policy issuer can update the authentication policy without revealing anything new

This is super powerful in real-world blockchain systems where policies may need to evolve — think DAOs updating voting rules or institutions rotating keys. They also explore using recursive zk-proofs to make zkAt⁺ scalable and suitable for blockchain integration.

The researchers implemented zkAt in a prototype for threshold-based authentication. Their evaluation shows:

• Performance is on par with traditional threshold signatures
• zkAt supports far more complex policies
• All that, with minimal overhead