Hey! I wanted to share what I am working on and open up for ideas and early feedback.
I have been awarded a grant by the Dfinity Foundation to develop support libraries and template applications to simplify the process for Ethereum developers to extend their apps onto IC. Now with ckETH being fully launched we should expect an explosion of cross chain applications using the strengths of the ETH/IC chains combined!
Most Ethereum wallets are now compatible with the EIP-4361: Sign-In With Ethereum (SIWE) standard, to allow Ethereum accounts to authenticate with off-chain services. SIWE works by having accounts sign a standard message that includes scope, session details, and security features such as a nonce.
The main goal of this project is to enable Ethereum applications to securely establish sessions with IC canisters using SIWE. Here are some key aspects of this implementation:
- Secure SIWE verification: The verification of SIWE signatures should take place securely at the canister level, not in the browser.
- Unique and ephemeral SIWE messages: Each SIWE message is made unique by including a nonce. The signature based on that message can only be used one time.
- Session Identity Uniqueness: Session identities must be unique to each app’s context. A session identity generated in canister A cannot be used to access canister B. Malicious app B should not be able to generate an identity to fool the user to access canister A.
- Consistent Principal Generation: Logging in with an Ethereum wallet should consistently generate the same Principal, irrespective of the client used.
- Direct Ethereum Address to Principal Mapping: There should be a one-to-one correspondence between an Ethereum address and Principal within the scope of the current application. In other words, logging in with a specific Ethereum address in this application should always yield the same Principal.
- Timebound Sessions: Sessions expire after an amount of time set by the canister developer.
- Rust and Motoko Support Libraries: Development of two support libraries to integrate SIWE with Rust and Motoko based canisters.
- Template Applications: Creation of two React starter template applications, demonstrating the Ethereum login process and interaction with canisters on the Internet Computer.
The SIWE support library uses standard ECDSA signature verification and address recovery on the SIWE message.
Once the SIWE message has been verified, the library creates a signature delegation from the canister. This delegation is then used by the frontend to create a delegation identity for subsequent authenticated calls. This part is heavily inspired by/borrowed from the Internet Identity project.
I have been working part time on the project for a month now. Currently, the flow works from end to end with a Vite/React based frontend and the Rust version of the library.
Next up: Heavy refactoring, cleaning up and documentation before hopefully publishing a beta version of the Rust version before Christmas.
January: Finish up Rust version after code review and feedback, then start migrating the library to Motoko.
Let me hear your thoughts! Could this useful be to you and/or your project? Do you miss some functionality?