The provision of social login functionality in dApps (automatically creating built-in wallets for end users) has experienced opposition in the Web3 field, attempts at usage, and partial usage, and is now gradually entering the stage of standardized configuration (from Defi, RWA to Web3 games, WaaS-class products with social login functionality can be seen in various tracks).

This reflects the iterative thinking of industry products gradually shifting from the original encrypted punk thinking to demand-oriented product manager thinking.

Particle Network, as one of the core products, is a modular smart WaaS infrastructure company and one of the biggest beneficiaries of this process.

However, as central practitioners in the WaaS industry, we are more likely to observe a certain degree of compromise in user privacy and data protection in the process of applying traditional WaaS products by the three parties (dApp, WaaS, end users).

This is mainly reflected in two parts:

1. When end users create an unmanaged dApp built-in wallet through social login, they need to provide social login data to the WaaS provider, and the WaaS provider needs to synchronize some social login information to the dApp developer;

2. Even if end users use social login to create a new on-chain wallet within the dApp and only make small on-chain transactions, they can still be associated with the main wallet data through on-chain data analysis.

The possible problem is that the mapping relationship between the end user's social identity and on-chain data will be fully resolved:

You are Zhang San, your Gmail is zhangsan@gmail.com, and you have $100,000 in assets on-chain, distributed across 100 addresses.

If we look at this from the perspective of traditional mobile internet, the WaaS provider is once again the beneficiary, because the only one who has the complete mapping relationship between the user's on-chain and off-chain user assets and data is the WaaS service provider.

After 12 months of development, Particle Network's Modular Smart WaaS has become the product with the largest number of end users and dApp partnerships in the industry.

Now we are facing a choice: whether to choose to retrace the old path of Web2 and efficiently bring the next billion users into Web3, but in this process, the information and data of end users will be partially controlled by third parties, forming a so-called data barrier. Or: adhere to the cornerstone of Web3, reshape the end user's autonomy over assets and data, and introduce the next billion users to Web3 in a Web3 way.

We choose the latter.

Therefore, today we are releasing Zero-Knowledge Wallet-as-a-Service (zkWaaS), which includes the functions of privacy login and privacy transactions.

By introducing zero-knowledge proof technology, we can enable end users to create and log in to dApps' built-in non-custodial wallets using social login without exposing social information to any third party. And through the introduction of smart stealth addresses, on-chain single transaction records will not be associated with the remaining wallet addresses held by the end user.

In the following article, my colleagues Vijaykumar Singh and Peter Pan will provide detailed information on our product design in zkWaaS.

Balancing Usability and Privacy with Zero-Knowledge Technology

Although (when properly executed) WaaS tools can be fully self-custodial, meaning that users' assets are always secure, they do expose some personal identity information to third parties during account generation and on-chain transactions. If mismanaged or misapplied, this information can be easily inferred, allowing insight into any specific user's other wallets, CEX accounts, or assets, sacrificing a significant amount of data autonomy for end users.

Of course, the blockchain privacy field itself also presents challenges. The verifiability and reliability of the blockchain are at least partially attributed to its transparency, as anyone can verify on-chain information at any time. Creating a smart contract blockchain that defaults to being private, efficient, scalable, and verifiably reliable is almost an impossible task. The few solutions aimed at achieving this have faced difficulties in driving adoption, as they are often fundamentally incompatible with existing ecosystems, further fracturing liquidity and interoperability.

Within these constraints, zero-knowledge (ZK) technology has emerged, providing a much-needed solution for the industry that can be fully compatible and integrated with existing ecosystems. In short, ZK technology allows one entity (the prover) to prove to another entity (the verifier) its knowledge of a fact (such as identity, ownership, etc.) without revealing the underlying or related information. For example, by sending an Ethereum transaction, the sender indirectly reveals their entire holdings, transaction history, and sometimes identity to the recipient. ZK technology is used in scalability solutions such as zkEVM to increase blockchain throughput, and privacy-focused projects like ZCash use it to obfuscate user balances and transaction history.

Introducing zero-knowledge technology in WaaS means that users can create an on-chain non-custodial wallet from their social identity without any observer knowing this association, let alone which wallet belongs to whom. Zero-knowledge technology also provides other benefits, such as compliance with regulatory requirements. The privacy protection provided by zero-knowledge technology, along with its voluntary disclosure plans and exclusionary privacy sets, is a regulatory-friendly privacy protection solution.

Therefore, introducing zero-knowledge proofs in WaaS can address two persistent issues:

Let's now see how zkWaaS achieves this, and its implications and consequences.

Summarizing the Benefits of Particle Network's zkWaaS

Particle Network's zkWaaS achieves two goals:

• Protecting user identities, ensuring that their personal information is never exposed during wallet creation, and on-chain addresses cannot be associated with their owners, used for privacy login;

• Working in conjunction with other components of Particle Network (such as Omnichain Account Abstraction) for privacy transactions.

In addition to the obvious benefits of privacy transactions and user identities known only to the users themselves, there are some other derived advantages of zkWaaS:

• For developers and projects, having a reliable foundational system that does not require dealing with user data can save a lot of trouble. Regulations such as GDPR in Europe have made significant progress in user data management and privacy. While these regulations are largely good, compliance with them may require time and effort, resulting in costs for projects. By completely avoiding handling user data, developers can save a lot of time and effort.

• For end users, being able to transact without being observed means that their strategies cannot be revealed, copied, arbitraged, or directly copied.

• Similarly, end users can rest assured that their data will not be sold, stolen, leaked, or otherwise mishandled by well-intentioned or malicious service operators.

While the above list is not exhaustive (privacy has many benefits!), it should now be clear that privacy is an absolute improvement for all participants in the WaaS framework. Now let's delve into how zkWaaS works internally.

How Particle Network's zkWaaS Works

The overall design introduces different components that collectively make up zkWaaS. For privacy login, the system uses JWT (JSON Web Tokens) as private witnesses in the zero-knowledge circuit to verify the provider's digital signature and user information. Particle Network's system also utilizes Particle Chain, a proprietary zkEVM powered by the network's native Unified Gas Token, to generate ZK-proofs. This also includes private Paymasters, which represent users in paying transaction fees to protect their privacy.

Despite key differences, the overall design draws inspiration from Sui's zkLogin.

Now, let's take a deeper look at how zkWaaS achieves its two goals.

Goal #1: Identity Privacy

To introduce users while protecting their privacy, zkWaaS uses a system where users first generate a temporary key pair during the verification process. They then use the verified credentials to generate a ZK-proof via Particle Chain and submit it to the validator to complete the process.

Here is an illustration of this process:

Particle Network’s zkWaaS user flow.

Further elaborating, the workings of privacy login are as follows:

A) Setup

To create the common reference string (CRS) for the zkLogin circuit, Particle Network uses Groth16 - but may consider using zkSTARK in the future. The trusted setup provides a proving key and a verification key for the OAuth provider. Particle Network is also currently working on achieving a non-trusted setup.

B) Signing

Temporary key generation: When users access their wallet, a temporary KeyPair is generated. Users then choose a maximum period, which determines the expiration date of the key pair. The application prompts the user to authenticate with the OAuth provider using a custom nonce, constructed using randomness, the temporary key, and the maximum period (determined by the user, deciding when the temporary key expires and needs to be regenerated). This process returns a JWT containing a header and payload. The JWT is sent to a salt service, which returns a unique salt - a random string of numbers - after verifying the JWT. The JWT, salt, and temporary public key are sent to Particle Chain, which uses them to generate a complete statement ZK-proof and sends it to the on-chain validator. The statement indicates:

i) The nonce is correctly formed and includes the public key.

ii) The key statement is consistent with the JWT.

iii) The Particle address is consistent with the key statement and the salt.

iv) The signature of the OAuth provider is correct.

Along with the ZK-proof, address seed, statement, and header are sent to the dApp.

Note that the circuit generates a ZK-address for the user. The user creates a transaction and signs to obtain a temporary signature. They also send other information, including the temporary public key, signature, proof, address seed, statement, and header.

C) Verification

There are two possible verification methods:

1. Verification on the Particle Chain smart contract.

2. Decentralized verification by Particle Chain validators, who receive system rewards in Particle Network tokens.

Verification process:

The verifying entity receives the user's information. Then the following checks are performed:

1. Verify the sender of the transaction: Ensure that the sender of the transaction comes from the address seed and matches the public statement.

2. Compare the signing user with the user's public key for verification.

3. Verify the ZK-proof.

4. Retrieve the public key and check if it matches the public key used in the ZK-proof.

D) Storage

Once the user is authenticated, a mapping is stored on the chain for automatic login until the chosen period expires.

Goal #2: Privacy Transactions

Particle Network utilizes the ERC-4337 Account Abstraction (AA) to protect user privacy during transactions. The system uses a private Paymaster to send transactions on behalf of the user, breaking the on-chain link. Particle Network also employs stealth smart accounts to maintain the privacy of the recipient. Additionally, Particle Network has implemented Guardian accounts and self-sovereign social recovery.

The privacy transaction system in Particle Network's zkWaaS is as follows:

Particle Network's system for private transactions (click image to expand or open in a new tab).

The process can be described as follows:

1. Dynamic Stealth Address Computation: At the start of the transaction, the sender Alice dynamically computes Bob's stealth address using Bob's meta-stealth data. This computation is a crucial step to ensure the privacy and security of subsequent transactions.

2. Smart Stealth Address Computation: Building on the dynamically computed stealth address, Alice further computes what is known as a stealth smart account. This specialized address serves as the destination for asset transfers, introducing an additional layer of privacy and complexity to the transaction.

3. Secure Stealth Address Retrieval: At the receiving end, Bob systematically scans his stealth address in the incoming transaction data. Once located, Bob generates a spending key, allowing him to securely access and manage the received assets.

4. Confidential Gas Fee Deposit: To facilitate the transaction and pay the associated gas fees, Bob uses any address to deposit the required gas fee to a confidential Paymaster. This confidential deposit ensures the integrity and privacy of the transaction.

5. Flexible Transaction Signing: With the spending key in hand, Bob can now sign a UserOperation associated with the stealth smart account for his convenience. The flexibility in the timing of the signature adds an extra layer of security, allowing Bob to strategically execute the signing process.

6. Submission of Proof to Confidential Paymaster: After signing the UserOperation, Bob submits the generated proof to the confidential Paymaster. This proof serves as confirmation, enabling the Paymaster to sponsor the required gas fee for the transaction. This final step ensures smooth transaction execution while maintaining the highest privacy standards.

Essentially, this multifaceted process not only protects the privacy of individual transactions but also establishes a solid foundation for secure and private smart contract interactions. Particle Network demonstrates its commitment to transaction privacy by seamlessly integrating ERC-4337 AA, stealth addresses, and confidential Paymaster.

In Conclusion

In the past, we have extensively written about the necessity for decentralized applications to compete with Web2 alternatives. This is only possible by leveraging the unique advantages of Web3, such as self-ownership, self-custody, near-instant settlement, while maintaining an excellent user experience. However, it is important to recognize that full transparency also creates challenges that Web2 solutions typically do not face.

By implementing private logins and private transactions, zkWaaS provides a direct solution to the privacy issues brought about by transparency, further empowering users to be the sole controllers and owners of their data. Developers can leverage this powerful tool to create more appealing products for end users, whether they are interested in actively protecting their privacy or simply seeking peace of mind knowing that their data cannot be exploited by information leaks or malicious observers.

Once again, by combining zkWaaS with other key infrastructure components in Particle Network, Particle Network aims to streamline the development process, facilitate the creation of highly advanced decentralized applications, and provide an outstanding user experience.

Particle Network's three flagship products (Modular Smart WaaS, privacy logins and transactions with zero-knowledge proofs, and intent-centric Intent Fusion Protocol) and the interaction between Particle Network's cornerstone product, Full-Chain Account Abstraction, open up possibilities for developers to create entirely new products and services, ultimately driving the Web3 industry to become consumer-friendly at a faster pace.

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。