On Chain 2FA system for Daaps implemented using passkeys and fhEVM

[lakshya-dhariwal]

Zama Grant Program: Application

On-Chain 2FA system utilizing passkeys and fhEVM

• Library targeted: fhEVM

• Overview: A private on-chain 2FA system utilizing passkeys and fhEVM. It will provide a decentralized alternative to traditional 2FA apps, enabling dapps to securely authenticate users via encrypted time-based one-time passwords (TOTP) without exposing secret keys.

• Description:

  • We propose to develop a comprehensive on-chain 2FA solution that leverages FHE on fhEVM to generate and verify TOTP codes in a privacy-preserving manner. This will allow decentralized applications to implement robust two-factor authentication without relying on centralized services or exposing user secrets. The key innovation lies in using FHE to perform encrypted operations on the user's secret key, enabling on-chain TOTP generation and verification without ever decrypting the key. This enhances security and aligns with the core principles of decentralization and user sovereignty.

  • Application Flow:

  1. User Registration: Users register a passkey with their wallet, which derives an encrypted secret key used for TOTP generation.
  2. Dapp Integration: Users can add dapps to their 2FA client by scanning a QR code or entering a code, similar to existing authenticator apps.
  3. TOTP Generation: The client performs FHE operations on the encrypted secret key, timestamp, and dapp ID to generate an encrypted TOTP code.
  4. Authentication: Dapps integrated with our SDK can verify the user-provided TOTP code on-chain without accessing the underlying secret key.

• Reward: € 3,000 - 4,500
• Time Estimate: 1-2 Weeks
• Milestones:
  • Milestone 1 (1000 €): Smart Contract that can store the secret key and genrate/verify our Time based One Time Passwords (TOTP).
  • Milestone 2 (1250 €): User Client that will be gated by passkeys and is used to add Daaps for 2FA. It will display the latest auth codes used by the Daaps.
  • Milestone 3 (750 €): A SDK Daaps can use to authicate the codes , genrate QRs and links by which users can add there Daap to the user client .
  • Milestone 4 (1000 €) : [optional] Convert the client to a PWA or app for ease of use for end users.
  • Miletone 5 (500 €) : [optional] functionality for backup codes so user's can recover accounts if the authenticator app is lost or stolen.

• Related links and reference:
  - About us : We are a hacker duo who have been hacking around FHE based ideas. We recently worked on FLuFHE ( a POC based on federated learning and FHE ) that won hackathons conducted by both Fhenix and Inco Network which are built on top of Zama's fhEVM.
  We already worked on a POC but it needs much work and attention to detail on features mentioned in the milestones
  - References
  1. Passkeys demo : https://webauthn.io/
  2. Authenticator apps : Authy , Google Authenticator

[zama-bot]

Hello lakshya-dhariwal,

Thank you for your Grant application! Our team will review and add comments in your issue! In the meantime:

1. Join the FHE.org discord server for any questions (pick the Zama library channel you will use).
2. Ask questions privately: bounty@zama.ai.

[zaccherinij]

Hi @lakshya-dhariwal That's a great proposal, thank you!

We're curious in getting more information on the design of your solution, as it's not clear to us how you plan to evalute a hash function in FHE. We're also happy to jump into a call. Can you share with us some availabilities at bounty@zama.ai ?
Talk soon,
Cheers
JZ

[lakshya-dhariwal]

Hey @zaccherinij
Here is some more content to make it clear.

Documentation we are working on -
https://fluf-id.gitbook.io/docs
https://fluf-id.vercel.app/

how you plan to evaluate a hash function in FHE

https://fluf-id.gitbook.io/docs/solutions/2fa-onchain-auth/hash-and-otp-generation-using-encrypted-values

How the grant will help us?

We plan on working on an ecosystem of solutions related to FHE and identity. This 2FA system is the first part we are working on. We have already made some progress towards the initial milestones.
This grant would not just help out with the development of this project but also serve us in continuing to build FHE solutions.

Contact

I am sharing a calendar link on the provided mail but feel free to connect via telegram as well for faster communication. telegram - @lakshyadhariwal
Cheers

[lakshya-dhariwal]

Hey @zaccherinij do you have any other questions or concerns?

[zaccherinij]

Hi @lakshya-dhariwal,

Thank you very much for your interest in what we do at Zama, and your proposition for a grant. For now, we will not follow up with your proposition. But we invite you to keep an eye on this repository as we will launch new bounties soon, if you're interested in playing with Zama libs.

Cheers,
JZ