ZK Login in Cardano - Eryx

[Proposal setup] Proposal title

Please provide your proposal title

ZK Login in Cardano - Eryx

[Proposal Summary] Budget Information

Enter the amount of funding you are requesting in ADA

100000

[Proposal Summary] Time

Please specify how many months you expect your project to last

3

[Proposal Summary] Translation Information

Please indicate if your proposal has been auto-translated

No

Original Language

en

[Proposal Summary] Problem Statement

What is the problem you want to solve?

Cardano uses a seed-phrase for authentication, which generates a public-private key pair. This flow is cumbersome even for blockchain-fluent users. The user has to safeguard it, or risk losing access.

[Proposal Summary] Supporting Documentation

Supporting links

• https://docs.sui.io/concepts/cryptography/zklogin
,
• https://eryx.coop/

[Proposal Summary] Project Dependencies

Does your project have any dependencies on other organizations, technical or otherwise?

No

Describe any dependencies or write 'No dependencies'

No dependencies

[Proposal Summary] Project Open Source

Will your project's outputs be fully open source?

Yes

License and Additional Information

The implementation will be open source and available on GitHub under the Apache 2.0 license.

[Theme Selection] Theme

Please choose the most relevant theme and tag related to the outcomes of your proposal.

Authentication

[Campaign Category] Category Questions

Describe what makes your idea innovative compared to what has been previously funded (whether by you or others).

There is nothing like zkLogin on Cardano. No other tool provides a way to relieve the user from the responsibility of using the seed phrase whilst also maintaining privacy and blocking any other party from access.

Describe what your prototype or MVP will demonstrate, and where it can be accessed.

Our MVP will show that it is possible for simpler, easier authentication without compromising security and privacy. The code of the tool will be open-source and the contracts of the proof of concept will be available on a testnet.

Describe realistic measures of success, ideally with on-chain metrics.

Our proof of concept will be successful as long as:

• Users can complete the flow of authentication using the OpenID protocol.
• No other participant of the OpenID flow can have access to the account if the user does not reveal their credentials.

[Your Project and Solution] Solution

Please describe your proposed solution and how it addresses the problem

This proposal aims to address the onboarding difficulty of less blockchain-fluent by allowing anyone to use their OpenID provider accounts (eg. Google, Meta, X) to operate on the cardano blockchain. Dapps will be able to offer their users the option of authenticating with the facilities of Web2 flows that they are already used to. We achieve that by generating some keys from their OpenID accounts. They won't lose access to their funds as long as they don't lose their account.

How will this work? When a user validates their identity using OpenID, a JSON Web Token (JWT) is created and signed by the provider. This contains unique information about the user identity and the provider used to login. All this will be used to generate credentials to authenticate the user in a Cardano Dapp.

As an extra security measure, there will be the option to add a Salt value that adds more entropy and increases security.

UTXOs will be locked by a validator that verifies that the OpenID protocol was correctly executed. This implies verifying a zk proof of a Circom circuit that proves:

• The validity of the JWT, by verifying the signature of the OpenID Provider.
• That it was legitimately obtained.
• That the user credentials were generated correctly from the provided JWT.

We note that the validator won’t have access to the JWT, as it will be a private input of the Circom circuit. It will only see a proof that it is valid. Therefore the user never reveals their identity on-chain.

[Your Project and Solution] Impact

Please define the positive impact your project will have on the wider Cardano community

Currently, Cardano has different ways to start operating in the blockchain. There are custodial and non custodial options. This solution adds a new option that takes the best of both approaches. Any decentralized application will be able to use this protocol with their users. It will also help onboard many more people by making operating with dApps in Cardano as easy as any other web2 app using Oauth or OpenId.

In a custodial wallet the funds are held by a third party, which has full control over them. In this proposal, the user credentials for the dApps implementing this will be generated using a legitimately obtained JWT, so they will hold full ownership over their funds. This gives us all the advantages of a non-custodial solution as long as the OpenId provider is online and functional.

This solution also inherits the recovery tools the provider has. The user won’t lose access to their funds if they don’t lose access to their provider accounts. We are convinced this is a good compromise: it diminishes the risks of losing access to your funds (by forgetting your seed phrase) without giving up ownership to a third party.

[Your Project and Solution] Capabilities & Feasibility

What is your capability to deliver your project with high levels of trust and accountability? How do you intend to validate if your approach is feasible?

Eryx is a worker-owned labor cooperative with almost 15 years of experience solving complex problems involving mathematics and software. We are a group of nerdy PhDs with a solid background in math and computer science. Our team has extensive experience in blockchain development, cryptography, and privacy-focused protocols, which gives us the expertise required to successfully deliver the project.

In relation to this proposal, we have solid experience writing cryptography primitives, such as hash functions, digital signatures and elliptic curve operations in ZK circuits.

Eryx has had two ZK related proposals selected in the last catalyst fund, and already delivered one of them while the other is in the final milestones.

The team has also worked on Plonky2 backend for Aztec's Noir, funded by the Ethereum Foundation, which involved writing several circuit gadgets in Plonky2 that were needed to make it fully compatible with all of Noir features.

In relation to feasibility, there are similar solutions to this proposal in production in other blockchains, such as SUI and Web3Auth. Obtaining unique credentials from the JWT is completely feasible and since there is a Groth16 verifier implemented in Aiken, the validator will be able to verify its validity.

[Milestones] Project Milestones

Milestone Title

Research, Solution Design and Initial POC

Milestone Outputs

• A report on the research done and the designed solution. Research on the problem and solutions implemented in other ecosystems.
• Design of the solution.
• An open source Aiken validator that verifies a digital signature.

Acceptance Criteria

Users can integrate a digital signature verification module into their Aiken validators, allowing them to seamlessly perform signature checks within their smart contract. Once imported, the verifier can be invoked during execution to validate signatures against the provided data, enabling secure and reliable verification as part of the validator’s logic.

Evidence of Completion

The project should include a publicly accessible GitHub repository containing the source code, along with a video demonstration that provides step-by-step usage instructions.

Delivery Month

1

Cost

30000

Progress

30 %

Milestone Title

Naive Validator and Circuit

Milestone Outputs

• A Circom circuit implementation that proves that a JWT is correct, and that the credentials were created using that information.
• An Aiken validator that verifies this circuit on chain, ensuring no data is leaked.

Acceptance Criteria

Users can authenticate successfully by presenting a JSON Web Token (JWT) issued by a compliant OpenID provider. Once authenticated, they can securely interact with the system using their associated address.

Evidence of Completion

The updated GitHub repository containing the source code, along with a video demonstration that provides step-by-step usage instructions.

Delivery Month

2

Cost

30000

Progress

30 %

Milestone Title

Verify the OpenID Provider Signature

Milestone Outputs

The validator now has access to the public keys used by the OpenID provider to sign tokens. With these keys, it can perform proper signature verification to ensure the authenticity of the provided JWTs, confirming that they were issued by the trusted provider and have not been tampered with.

Acceptance Criteria

The validator performs a thorough verification to ensure that the JSON Web Token (JWT) was signed by a recognized and trusted OpenID provider. It also checks the token’s integrity by validating its signature and confirming that its contents have not been altered.

Evidence of Completion

The updated GitHub repository containing the source code, along with a video demonstration that provides step-by-step usage instructions.

Delivery Month

2

Cost

30000

Progress

30 %

Milestone Title

Full Documentation and Publishing of the Solution

Milestone Outputs

• A final report describing the project process and outcome
• A video showcasing the tool and its features
• Full documentation for developers, including setup, usage, and contribution guidelines
• User-friendly setup and usage tutorials

Acceptance Criteria

• The tool meets all functional expectations. Documentation and tutorials are complete and clear
• The final video complies with Catalyst requirements
• The final report complies with Catalyst requirements

Evidence of Completion

• Source-code available in the GitHub repository
• Documentation publicly available
• Final video uploaded to Google drive or similar platform
• Final report uploaded to Google drive or similar platform

Delivery Month

2

Cost

10000

Progress

10 %

[Final Pitch] Budget & Costs

Please provide a cost breakdown of the proposed work and resources

This is for developers working full-time on the project:

3x Full-time engineers (₳15,000 each engineer per month)

1x Product Manager (₳10,000 for the whole project)

Project duration: 2 months

Total ₳100,000

[Final Pitch] Value for Money

How does the cost of the project represent value for the Cardano ecosystem?

We decided to focus on spending the expenses of the project in the development hours. In that regard, it is important to note the following.

The team consists of two developers who will work full-time on the project for two months. The projected annual salary is within the typical salary range for developers, which varies from $78,000 to $262,000, with an average of $150,000 for a Web3 developer. Our cost is on the lower end of this range, as we believe this plugin is essential for the Cardano ecosystem.

[Required Acknowledgements] Consent & Confirmation

Terms and Conditions:

Yes