Snax Trustless Authentication Protocol

in blockchain •  6 years ago 


The fundamental technology that allows Snax to operate is the binding of the blockchain transactions together with accounts on the social media platforms such as Twitter, Reddit and so on.

Snax blockchain allows you to send transactions to any account name on any public platform integrated into Snax without prior invoicing from the recipient (we call those Social Transactions).

You can be certain that the transaction will reach the recipient without having to rely on a centralized third party (apart, of course, from the social platform itself). This article will explain how Snax Trustless Authentication Protocol works using the example of authentication of the Twitter account.

Don’t trust. Verify.

This is the main principle of building an open cryptographic system, including the blockchain systems.
The authentication solutions built using oAuth 2.0, for example, OpenID connect, work very well with centralized servers, however, it can be hard to implement them in decentralized systems.

These systems are designed to solve a particular problem of when a user (client) needs to get authorized with a certain service (centralized server). However, with blockchain based system authentication and authorization of any user must be verifiable not by one server, but by an outside observer (third party) at any moment of time.

Snax Trustless Authentication Protocol provides solutions to the following problems:

  1. Authentication of users from any public platform on the Snax blockchain.
  2. Presentation of proof of user authentication to any third party at any time.
  3. Completion of any subsequent authentications using Snax account without the participation of the public platform.

Step 1. Authentication.

Take Twitter as an example of an online public platform (Twitter will be integrated into Snax blockchain from the first moments of the main net launch).

Let’s assume that you have a Twitter account and that you want to complete authentication in the Snax blockchain using that account. Authentication will be done using the following algorithm:

  1. Client (user) generates a pair of keys (priv_key, pub_key).
  2. Client selects any unassigned account name (snax_name) on the Snax blockchain (snax_name account will be registered on the blockchain).
  3. Client generates a key (K).
  4. Client calculates a hash function
    H(K, snax_name)=hmac_sha256 (K || hmac_sha256 (K || snax_name))
  5. Client publishes received hash H by creating a tweet from their Twitter account, acknowledging their intent to complete authentication on the Snax blockchain.
  6. Client sends to an oracle the following information:
    -pair (K, snax_name)
    -their pub_key, for which the account name snax_name will be registered.
    -Their account name N on Twitter and a link to the authentication tweet (optional, as the authentication tweet can be found by the oracle on the feed using Twitter API)
  7. Oracle then calculates your hash H and compares it with the hash, found in authentication tweet. If the hashes are identical, the Oracle considers the authentication process to be completed.
  8. Oracle calls on the registration method of the Twitter platform smart contract with arguments of (K, snax_name, pub_key, N, L).
  9. The Twitter platform smart contract then registers account snax_name with the public key pub_key and adds information to the blockchain about successful authentication of a twitter user N, a public key K, and a link L.

Step 2. Proof.

It is now essential to explain why the third party might not trust a centralized oracle which has completed the authentication of the user.

Let us consider the following possibilities of a vector attack:

  1. Oracle being compromised.
  2. Forgery of a user’s authentication request by an intruder.

Main defense from this attacks comes from an impossibility of brute forcing the incoming data(K, snax_name) which would satisfy the authentication hash H.

Because the authentication tweet, which contains hash H, is published on Twitter by the owner of the twitter account, an intruder does not have an ability to generate a valid pair (K, snax_name), apart from the one which was provided by the actual owner of the account.

This way, any third party, at any moment of time, can verify the authentication by the owner of the Twitter account N using the following algorithm:

  1. Take the embedded into the blockchain pair about the authentication of the user (K, snax_name).
  2. Generate hash H(K, snax_name).
  3. Go to the published link L.
  4. Verify that the account which has published the tweet L indeed belongs to the account of the user N.
  5. Check the presence of hash H in the tweet L.If the hash is found, then the user authentication is valid.

Step 3. Using Snax account as an authenticator.

Now, that the authentication of a user can be proven, the name of the blockchain account snax_name can be subsequently used as an authenticator of the user of Twitter N. For example, Snax blockchain uses snax_name of the account N for the emission of the SNAX tokens.

This process would also make it possible to create a transaction to any account of the public network, integrated into Snax platform, without a prior invoicing by the recipient. Platforms smart contract will automatically complete the transaction to the snax_name from which the authentication of the receiver has been completed. If the authentication has not yet been finalized, then platform smart contract will wait for its completion to perform the transaction.

Conclusion

We have looked at how the Snax Trustless Authentication Protocol works on a macro level.
Of course, the act of publication of authentication message (e.g. tweet) can cause an inconvenience for the user, however, we do not yet see any reliable alternative technology for creating a trustless authentication.
This inconvenience can be solved by integrating the Snax Trustless Authentication Protocol (or the similar protocol) in API of the existing social networks. It is not a complicated process in general, however, it does require the platform to create a public authentication API available for a third party request.

If you have questions about how Snax emission works, how to receive publisher rewards, or about how to become a block producer for Snax network, feel free to join us in our Discord at https://discord.gg/qygxJAZ. Don’t forget to follow us on Twitter and to clap for this post!

Also, you can find answers to frequent questions here https://snax.one/faq.

Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!
Sort Order:  

Hello,

We have contacted you on Twitter to verify the authorship of your Steemit blog but we have received no response yet. We would be grateful if you could respond to us via Twitter, please.

https://twitter.com/steemcleaners/status/1106577414325440515

Please note I am a volunteer that works to ensure that plagiarised content does not get rewarded. I have no way to remove any content from steemit.com.

Thank you