Hybrid Proofs: Bridging the Gap for Decentralized Social Account Authentication in Web3

DAuth Network
6 min readMay 23, 2023

--

The background

Traditional methods of social account authentication heavily rely on centralized protocols like OAuth and SMTP. However, these approaches pose several concerns related to privacy, security, and centralization. The introduction of EIP-4337 marked a significant milestone in the realm of smart accounts, enabling functionalities such as social login and recovery directly within a wallet. Recognizing the challenges presented by centralized protocols, the DAuth Network took the initiative to pioneer a solution that combines the power of Zero-Knowledge (ZK) technology and Trusted Execution Environments (TEE) in the Web3 ecosystem. This innovative approach not only strengthens trust, privacy, and security but also bridges the gap between decentralized social account authentication and Web3.

By leveraging Zero-Knowledge technology, the DAuth Network ensures that sensitive user information remains private and is not unnecessarily exposed to third parties. Additionally, the integration of Trusted Execution Environments enhances the security of the authentication process by providing a secure and isolated environment for executing critical operations.

With Hybrid Proofs, the DAuth Network offers a groundbreaking solution that fosters decentralized social account authentication in the Web3 landscape. By bridging the gap between traditional centralized methods and the decentralized nature of Web3, this approach enhances user trust, privacy, and security, while also providing the necessary tools for efficient asset recovery in smart contract wallets.

Challenges in Utilizing ZKPs for Social Login Authentication

A Zero-Knowledge Proof (ZKP) is a cryptographic algorithm native to the decentralized crypto space. It does not require trust in any third party, as long as the random numbers used in the Snark are not obtained by anyone. The traditional OAuth-based social login architecture can be converted into a circuit and proven using ZK Snark. To ensure user privacy, DAuth computing the ZKP of the user’s social account credential on the client side;

However, both schemes have their challenges. They require a considerable amount of time and computational resources, which can make them costly and potentially limit their scalability. The complexity and resource-intensity of these processes underscore the need for more efficient solutions in the realm of decentralized social account authentication.

The Benefits and Challenges of TEEs

Trusted Execution Environments (TEEs) are secure areas within processors that provide a space for the execution of sensitive code and data. As a hardware-based security technology, TEEs offer strong confidentiality for applications, ensuring that sensitive data remains secure. TEEs provide flexible, scalable, and high-performance solutions, which are particularly advantageous in terms of speed and cost-effectiveness.

In the context of social account authentication, a TEE operates by running an OAuth client within its secure enclave. Once the user has passed the authentication process on the application side, the enclave receives the credentials issued by the application server. The TEE then signs a proof for the user, thereby bolstering the authentication process.

TEEs are especially beneficial for operations like logging in, which are performed frequently and require quick execution. Their ability to process data rapidly and at a cost close to zero, compared to Zero-Knowledge Proof (ZK) technologies, makes them an excellent choice for these high-frequency actions.

Despite these advantages, TEEs are not without challenges. Their efficacy is closely tied to the hardware they inhabit, and they are not completely immune to side-channel attacks.

The prevalence of social login demands a solution that is native to Web3. What if we could combine the benefits of both methods?

Leveraging the best of both worlds

DAuth has developed a dual authentication architecture that combines the zero-knowledge verifiable properties of ZK with the fast computation properties of TEE to meet the requirements of social login. When users log in using their Web2 account, both ZK and TEE proofs are calculated simultaneously.

Since ZK circuit computation can take a long time, DAuth provides an instant TEE-based proof that is sufficient for addressing high-frequency logins or small-value transfer scenarios. For these transactions, DAuth randomly calculates the ZK circuit according to a certain probability, decentralizing constraints on nodes running instant proofs. This approach ensures a secure and efficient authentication process for both high and low-value transactions, effectively addressing the scalability issues faced by previous solutions.

Additionally, developers have the flexibility to require ZKPs based on their logic, providing an additional layer of security for high-risk transactions such as sending out 1 BTC. This feature enhances the overall security and trustworthiness of the authentication process and empowers developers to customize their applications according to their specific security requirements.

The instant proof generated by TEE

To ensure secure social login, the OAuth client-side can be executed within the TEE to establish encrypted channels between the user and identity provider. Users can authorize any OAuth authentication to the enclave, which securely processes their credentials, ID token, and other required user information. Upon authentication, the TEE generates an instant proof that conceals the user’s account and any sensitive information as a hash, while verifying their identity in the TEE signed proof. This TEE proof doesn’t incur any additional computing or time costs, preserving the user’s seamless social login experience while upholding high-security standards.

The final proof is based on ZK

The final proof based on ZK is a crucial component of DAuth’s dual authentication architecture. Once a user completes an OAuth login on the client side, they receive a JWT token from the identity provider such as Google, which contains their email and other relevant information, along with a signature from the provider. DAuth then utilizes the ZK Snark circuit to protect the user’s account and other sensitive information by hiding them as a hash, while also proving that the hash corresponds to the account in the signed JWT from the identity provider. The hash can then serve as the UserID for each login in the target application, providing a secure and private authentication mechanism. After the user passes DAuth’s authentication, the wallet can wait for the ZK proof to complete the final transaction confirmation, ensuring the security of the user’s funds and maintaining their privacy.

The “Rollup” philosophy in DAuth

DAuth’s dual-proof architecture is inspired by the “Rollup” concept, which aims to improve the efficiency, scalability, and security of blockchain applications. The Rollup philosophy has been adapted by DAuth to provide a secure and decentralized social login solution.

With DAuth’s staking and penalty mechanism, the behavior of TEE nodes can be constrained, similar to how rollups constrain the behavior of nodes executing transactions. In a rollup, transactions are bundled into batches and executed off-chain, with the final state confirmed on-chain through validity proof. In DAuth, TEE is used for efficient and private off-chain authentication, while the final state is confirmed on-chain through ZK proof.

DAuth’s use of TEE technology improves efficiency, while decoupling dependence on TEE, ensuring a Web3-native real-time decentralized social login. The TEE nodes issue instant proofs, while the ZK circuit computation takes a longer time, suitable for high-value and low-frequency transactions.

DAuth’s Rollup philosophy is a testament to its commitment to providing a secure and efficient Web3-native social login solution.

About DAuth Network:

DAuth makes social logins anonymous and decentralized by building the Web3 OAuth with zk-technology.

Visit DAuth Network Website: www.dauth.network

Follow DAuth Network Twitter: https://twitter.com/DauthNetwork

Join DAuth Network Discord: https://discord.gg/fYcrdyKu

--

--