This is a React — Web3 — Solidity Proof of Concept signup / login design pattern with a minimal Ethereum native scheme that doesn't require passwords, backing up private keys nor typing seed phrases. It also allows for a user to sign messages to show intent of execution along similar guidelines.
Contributors:
tspoff
toledoal
rodocite
buck3000
cooganb
The project is meant to propose creative solutions to UX challenges posed by naive users who are not familiar with private-public key pairs or the general Ethereum ecosystem.
The design follows many of the guidelines outlined in EIP-1077 and ERC-1078. It is directly modeled on use cases presented by Alex Van de Sande at UX Unconference Toronto 2018.
The pattern is divided into two sections. The React client-side presents a simple login to the user while abstracting away Web 3 details happening on the back-end. The Solidity codebase, maintained by a centralized server or master contract, receives input from the client and dynamically renders a proxy Identity Contract specific to the user.
Upon receiving a text input, the client generates a new Ethereum address, which will be context-specific and etherless. It also generates a private-public key pair from the Ethereum address. That information is stored in localStorage in this JSON format:
{ "sampleUserID":
{ account : _account;
privateKey: _privateKey;
publicKey : _publicKey;
}
}
The client then passes the new Ethereum account and key pair to a centralized server or master contract, which uses a factory pattern to generate an Identity Contract, which grants the user the permission to execute certain actions.
Last, the client allows the user to choose an action in-browser, which is wrapped in a format adhering to EIP-1077 / EIP-191 standards, and deployed to the previously-created Identity Contract for verification and, if allowed, execution.
The Solidity codebase located in ./contracts contains EIP1077.sol, which provides two essential functions:
- Generation of proxy Identity Contract
- Verification of Identity and Execution of Permissioned Actions
contract IdentityFactory contains createIdentity(), which receives account (the new Ethereum address) and pubKey (the associated public key). [Note: in the future, r, s and v will be extracted from pubKey before contract creation to optimize gas usage]
contract Identity stores account, r, s, v and pubKey in state. When it receives the EIP-1077 compliant message containing messageHash and signedHash from the client, it first verifies the signature came from original account using elliptic cryptographic methods.
Once identity has been confirmed, Identity emits an event according to the operationType specified in the EIP-1077 payload. An event listener will register the event and render it client-side as desired.
npm install from the directory then npm start to begin server. Solidity contracts deployed through Remix or another deployment framework.
This is a alpha Proof of Concept not meant to used on the Ethereum mainnet. Please fork, deploy locally or on testnet and submit PR or issues!