Kwenta State Log

A living document defining the state of Kwenta

KIP-111: Seamless onboarding for Kwenta

Simple Summary

Integrate web2 & social logins on Kwenta using Privy.

Abstract

Enable users of Kwenta to sign in/ create an account on Kwenta using either their web3 wallet (EOA or smart contract), as well as traditional methods such as e-mail or SMS, and recently popular SSOs.

Motivation

Today, non-web3 users face too much friction. Creating a traditional non-custodial wallet means managing seed phrases, private keys, and recovery methods....far from user-friendly.

By combining the simplicity of web2 authentication and the power of web3 wallets, new solutions offer familiar web2 authentication methods, such as Sign-in with Apple or Google, as well as OTP methods including SMS and email codes, all while maintaining the advantages of self custody and the optional use of web3 wallet sign-in and Kwenta's existing account management tools.

Additionally, the use of Privy by Friend.Tech, the most popular Social Fi app with some of the highest TVL on Base, ensures onboarding to Kwenta will be a familiar, seamless process for existing Base users.

Specification

Privy offers a React-first Plug & Play authentication integration. Users can log in using their existing wallets or create a Privy wallet using one of many Web2 providers using react hooks.

Privy wallets are built on top of Shamir’s Secret Sharing (SSS). The setup is 2/3.

  • Device share is stored on the user’s device. (1)
  • Auth share which is encrypted and stored by Privy. The Privy SDK will retrieve this share for a user when they log in. (2)
  • Recovery share, which is encrypted either by user-provided entropy (a strong password) or by Privy. Recovery shares are only ever encrypted or decrypted on the user's device. (3)
    • If encrypted by user-provided entropy, only the user can decrypt the recovery share. Privy never sees this share or the user's password.
    • If encrypted by Privy, Privy uses an encryption key generated locally and secured via an isolated service. The encryption key can only be accessed if the decryption request includes the user's auth token.

Once a user logs in, the shares are combined to reconstruct the private key within a secure, isolated Privy iFrame. This private key is never stored permanently; it exists only in memory and is confined entirely within the iFrame. Additionally, the initial generation of the key is conducted within this secure iFrame, ensuring that the key remains protected and isolated at all times.

By collaborating with leading authentication protocols, we're bridging the gap, making web3 technologies approachable for everyone.

Core Contributors will be tasked to execute on an integrating strategy with Privy or similiar which may include the following tasks:

- Complete a full code refactor using `viem` to prepare for the Privy implementation
- Peform R&D for any additional security measures Kwenta deems necessary for the integration
- Design and implement an embeded wallet managment system
- Design a new onboarding flow to facilitates the integration of web2 authentication
- Update privacy policies to reflect the data made available through the integration