This is a research project to use WebAuthn (FaceID/Fingerprint Authentication) with Account Abstraction (ERC 4337)
- Simplify user onboarding flow for blockchain projects
- Make blockchain accessible to millions of new users, with no friction
Installing a chrome extension, or a mobile app to use a wallet is a big blocker for user onboarding. Instead, we should use modern standards like WebAuthn and Account Abstraction to onboard users by using their FaceID/Fingerprint, without installing any additional app or extension. Software engineers should have a SDK, which can be integrated into any website in a few lines of code and use this new way of user onboarding/authentication.
- User will generate a private key on their device by using a WebAuthn standard.
- Smart Wallet (ERC-4337 Account) will be created for the user on-chain and the public key will be included as a signer.
- Every time users will need to do a userOp on-chain, they will do the webauthn verification (FaceID/Fingerprint/etc.) and send the signature on-chian for verification. The signature will include the hash of this userOp.
For the example of the UX, please check the Live Demo
of this project:
https://ethglobal.com/showcase/avatar-protocol-z6md2
- WebAuthn is a web standard and it's already available in every major browser. I'd highlight Safari on iOS and Chrome on Android. Also on desktop browsers.
- To use WebAuthn you don't need an approval from authorities like Apple, Google, etc. Every web app can use it today.
- Users don't need to download or install anything, WebAuthn is already there, in the device.
- There is no way to export a private key from the device (generated by WebAuthn). All you can do is Unlock the private key by using your Fingerprint/FaceID and do the signature.
- You can only access a private key for your domain. Cross-domain access isn't allowed by the standard.
- It's possible to use the same private key across domains and devices. You will need YubiKey for it.
There are few projects which were an inspiration for starting this project. If you plan to work on the codebase here, I'd highly recommend checking them:
- https://github.com/zkwebauthn/webauthn-halo2
- https://github.com/qd-qd/wallet-abstraction
- https://github.com/tdrerup/elliptic-curve-solidity (Contract)
Base Smart Wallet:
Great Article:
- https://medium.com/@poporuii/webauthn-and-passkey-key-management-for-daily-crypto-users-ea13c918c10c
Description | Address |
---|---|
WebAuthnAccountFactory | 0x1c831bF4656866662B04c8FED126d432a007BD08 |
DummyWebAuthnAccountFactory (Creates account with zero validation, just for testing) | 0x97c14a5793928f224732a020aecf41e1c8d9fe2f |
WebAuthn256r1 (Deployed once. WebAuthn verification logic, shared between Accounts) | 0x13250cf16eec77781dcf240b067cac78f2b2adf8 |
AvatarPack (Test ERC721 contract for minting items) | 0x4b3b5d4abe57eb7a00bbe9cc3ee743509b04f4e9 |
Custom Paymaster | 0xD1c5ea2610b894FA66333cb5F3b512ea037ba1F0 |
Deployer | 0xaE0bDc4eEAC5E950B67C6819B118761CaAF61946 |
Entrypoint | 0x5FF137D4b0FDCD49DcA30c7CF57E578a026d2789 |
Description | Address |
---|---|
WebAuthnAccountFactory | 0x1240FA2A84dd9157a0e76B5Cfe98B1d52268B264 |
WebAuthn256r1 (Deployed once. WebAuthn verification logic, shared between Accounts) | 0x8Ad159a275AEE56fb2334DBb69036E9c7baCEe9b |
AvatarPack (Test ERC721 contract for minting items) | 0x10bb2Ee7761C2356F7D7e42311b0fDf8e5e4dCA1 |
Entrypoint | 0x5FF137D4b0FDCD49DcA30c7CF57E578a026d2789 |