TL;DR

What is Web3Auth?

Web3Auth is a pluggable auth infrastructure for Web3 wallets and applications. It streamlines the onboarding of both mainstream and crypto native users in under a minute by providing experiences that they're most comfortable with.

Here are some key features of Web3Auth;

  • Seamless Onboarding as their login flows are similar to present Web2 logins, contributing to greatly improved user experience.
  • Non-Custodial Public Key Infrastructure, i.e. the user is always in control of ownership and access to their cryptographic key pair.
  • Web3Auth comes with simple SDKs that can be integrated into multiple ways and they support all the available chains out there with special providers available for EVM and Solana.
  • Supports all social logins, web & mobile native platforms, wallets, and other key management methods
  • Act as standard cryptographic key provider specific to the user and application.
  • Users can register via Google, Twitter, GitHub, and any other OAuth providers of their choice.
  • Users can also register via a passwordless flow, where they can sign in with a link sent to their email.

Here are some key partners of Web3Auth;

Traditional SDK Vs MPC SDK

With the Web3Auth infrastructure, the Key is divided into multiple parts and stored across devices and Auth Network. This is done to ensure that the key is never stored in a single place and is always available to the user.

In the traditional Web3Auth SDK, the Key was dynamically reconstructed in the front-end using threshold signatures. On the other hand, with the new Web3Auth MPC SDK, it is never reconstructed.

In the case of MPC, partial keys are used to make partial signatures for messages/transactions. These partial keys are stored across different locations, and users' device is used to make partial signatures for their message/ transaction. These finally are returned to the front-end using TSS, where these signatures are combined to make a final signature. We can use this to make a transaction on the blockchain.

What is MPC & TSS?

MPC, i.e., Multi-Party Computation, is Web3’s version of multi-factor authentication (MFA). It allows users to manage their keys intuitively by using multiple factors to protect their keys, instead of just relying on a single seed phrase.

It allows two or more parties to securely input information into a system and activates or unlocks an outcome without any party being able to see the inputs of the others. This makes it possible to design a crypto wallet that uses multiple parties to backup or restore a user’s funds while keeping the funds in the user’s custody at all times.

Threshold Signature Scheme (TSS) is a cryptographic primitive for distributed key generation and signing. Using TSS, we have a set of n parties jointly computing the public key, each holding a secret share of the private key where the individual shares are not revealed to the other parties. From the public key, we can derive the address in the same way as in the traditional system. The advantage is that the private key is not a single point of failure anymore because each party holds just one part of it.

Features

Now, we will see some features of Web3Auth's MPC SDK which makes it unique;

  1. Reduce Account Loss From Misplaced Seed Phrases: There is no seed phrase to manage and shares are managed by intuitive MFA flows that users are familiar with.
  2. Prevent Compromised Device Vulnerabilities: User accounts are not subjected to frontend vulnerabilities as MPC’s joint computation allows for keyless usage.
  3. Scam Preventions: Safeguard users’ accounts with a flexible policy engine to set rules, daily transaction limits, and blacklist scams.
  4. Low Latency: It takes less than 1.5 seconds for both login and transaction signing.

Roadmap

Here is a roadmap of Web3Auth's MPC SDK;

  • Oct 2022: Early Access SDK
  • Nov 2022: Public Audit Release
  • Dec 2022: Existing Customer Migration

Resources

Related Videos

______________________________________________________________________

Disclaimer: The information contained on this web page is for education purposes only. Readers are suggested to conduct their own research, review, analyze and verify the content before relying on them.

To publish press releases, project updates and guest posts with us, please email at contact@etherworld.co.

Subscribe to EtherWorld YouTube channel for ELI5 content.

Support us at Gitcoin

You've something to share with the blockchain community, join us on Discord!

Follow us at Twitter, Facebook, LinkedIn, and Instagram.