DOT Login

[singkeo]

Project Abstract

DOT Login uses OAuth2 and zk-SNARKs to bridge the gap between Web2 and Web3. This integration is facilitated by a series of custom Substrate pallets, the existing FRAME balances pallet, an off-chain worker that connects to the OAuth2 provider's JWK registry as well as a web-based wallet. DOT Login users will be able to create a wallet using their web2-native OAuth2 account of choice (e.g. Gmail), avoiding common ux painpoints such as remembering keyphrases, learning how to use hardware wallets, etc. without compromising on wallet functionality.

Grant level

• Level 1: Up to $10,000, 2 approvals
• Level 2: Up to $30,000, 3 approvals
• Level 3: Unlimited, 5 approvals (for >$100k: Web3 Foundation Council approval)

Application Checklist

• The application template has been copied and aptly renamed (project_name.md).
• I have read the application guidelines.
• Payment details have been provided (bank details via email or Polkadot (USDC & USDT) address in the application).
• I am aware that, in order to receive a grant, I (and the entity I represent) have to successfully complete a KYC/KYB check.
• The software delivered for this grant will be released under an open-source license specified in the application.
• The initial PR contains only one commit (squash and force-push if needed).
• The grant will only be announced once the first milestone has been accepted (see the announcement guidelines).
• I prefer the discussion of this application to take place in a private Element/Matrix channel. My username is: @_______:matrix.org (change the homeserver if you use a different one)

[github-actions]

CLA Assistant Lite bot All contributors have signed the CLA ✍️ ✅

[singkeo]

I have read and hereby sign the Contributor License Agreement.

[semuelle]

Thanks for the application, @singkeo. I have yet to read the proposal thoroughly, but some basic questions in advance:

1. Do you have any data on your target audience? Usually, similar projects - even if in different ecosystems - can provide some insight into who needs/uses a product and how large its potential userbase is.
2. Are you aware of https://futures.web3.foundation/? It sounds like your project might be a good fit for the program. It's also more flexible in terms of funding mechanisms, something that might be of interest to you.

[singkeo]

@semuelle thanks for your quick reply.

1. target audience

We've extended the overview and ecosystem fit chapters to provide more information about our target audience.

2. Are you aware of https://futures.web3.foundation/?

Yes, we're aware of it. We've added the reasons for our preference for the grants program to the additional information chapter.

I hope this helps to clarify your questions, @semuelle.

[keeganquigley]

Thanks for the application @singkeo I have the following comments:

• While I understand the need for middleware to make OAuth 2.0 an option for users who don't have a wallet, I'm not sure I understand the need for yet another web-based wallet. Couldn't there be a way to allow users to connect their existing wallet extension instead?
• How would you compare your project with something like Dauth which uses TEEs for authentication?
• Have you done the research to determine if on-chain JWT validation is feasible and won't create too much overhead vs an off-chain solution? Is there a similar solution in other ecosystems?

[singkeo]

@keeganquigley

Couldn't there be a way to allow users to connect their existing wallet extension instead?

We've originally intended to create our own wallet due to the following reasons:

1. the generation of the ephemeral keys, the ability to interact with the OAuth2 protocol and the generation zk-SNARKs are essential to our solution and are not supported by any existing wallet
2. to be more flexible in the future, also with respect to our longer term plans. For example, at a later stage we'd envision to use Polkadot SDK's asset-conversion pallet to enable the wallet to pay tx fees in stables. That way the web2-native user doesn't have to hold any DOT, which would greatly improve UX and avoid confusion.

However, after re-consideration we're willing to finance the wallet for this stage by ourself, if you think it doesn't add value to the ecosystem.
We've adjusted the application accordingly, while leaving the option open to implement a wallet extension, rather than a complete wallet.

How would you compare your project with something like Dauth which uses TEEs for authentication?

To be honest, we were not aware of this project before your comment; thanks for bringing this up. We've added a section dedicated to the comparisons between the two projects. In essence, it seems like they're not building on EVM-tech rather than Polkadot SDK-related tooling while DOT Login is a Substrate-first solution. There are also design differences, e.g. they seem to require the TEE to guarantee the safety of the mail <-> address mapping they're storing there, while our solution doesn't foresee the storage of any PID.

on-chain JWT validation

We don't anticipate the JWT validation itself to be expensive since signature validation is a task that collators already heavily are involved with. For example, parachain collators would usually validate transaction signatures or parachain block signatures.
As for the verification of the ZK proof, the expensive part (generation of the proof) is carried out on the wallet (extension), while the significantly cheaper part (proof verification) is carried out by the collators.

[semuelle]

Thanks for the updates, @singkeo.

While I have no doubt that you have the technical abilities to implement such a complex project, I am somewhat skeptical about its fit for the grants program. The architecture is fairly complex (requiring a pallet to generate a keypair) and mainly useful only as a whole. What I would suggest is to apply for a smaller grant here and then apply with an extended roadmap at the Decentralized Futures program. That way, you could fund the first month or two of development, and then the wallet as well and possibly more than mentioned here through the DF. Projects were already approved at the DF, it's just not public yet. Also, there are many teams applying there without a clear road to further funding and instead make a case that the treasury should fund further development.

FYI, for more info on DAuth, you can check their recent milestone delivery: w3f/Grant-Milestone-Delivery#1105

[singkeo]

@semuelle thanks for your reply. I've removed M2 and M3 from the scope of this grant. Does this setup work better for you? Financing the remaining scope through the DF program sounds like a good option indeed.

[singkeo]

@semuelle I noticed that the changes requested label is still active, so I wanted to check if there's anything missing from our side.

[keeganquigley]

Thanks for the changes @singkeo and sorry for the delay. The reduced scope looks good, however imo the rate seems a bit high for 1 month with 3 FTE. Would you possibly be willing to lower your daily rate a bit?

[singkeo]

@keeganquigley no problem, and thanks for the positive feedback.
I'm a bit hesitant to reduce the rate which is actually not high, at least for the Paris metropolitan region. For reference: For freelance software development we'd usually charge ~600-700 EUR/d, that's 12-14k/month. While I understand that for an open source grant whose results we intend to use ourselves later we can't charge the full rate, I want to make sure that my developers are paid fairly. However, I'm willing to cut my own pay by 50% - I've updated the price accordingly. I hope that's more convenient to you.

[takahser]

@singkeo from a tech perspective this looks quite interesting and potentially very useful. I was wondering about the plans for your currently active ventures - will you be able to allocate enough time to this additional project, during the development but also after completing the grant? For context: We've had grantees in the past that abandoned their project after completing the grant which is something we'd like to avoid.

[singkeo]

@takahser regarding allocating enough time to this project, please allow me to quote from the grant application:

Our current situation is that we've reserved this month for setting up our businesses to be less reliant on us, so we can start focusing on the implementation of DOT Login from February.

We're currently shifting our focus to this project. I've already entrusted people close to me with governing and running my current ventures for the month of February, so this has been dealt with. Likewise, my colleagues have temporary reserved most of February for this project, so an allocation of 3 FTE is to be expected. After that, the plan is to secure follow-up funding for the other milestones through the Decentralized Futures program (as suggested by @semuelle), so our focus is going to remain on this project. As you can see in the Milestone 4+ section, we do already have plans beyond that scope, and we're confident to be able to secure long-term funding once the initial 3 milestones have been implemented. I hope this clarifies your doubts, but if not, please don't hesitate to reach out again.

[takahser]

@singkeo sounds good, thanks for the clarification. I'm adding my approval and have marked it as ready for review.

[keeganquigley]

Thanks @singkeo for the changes and the explanations. I'm willing to go forward with it as well.

While waiting for others to comment, we also recently integrated KYC/KYB checks for all potential grantees. Could you please provide the information outlined under this link? Let me know if you have any questions or issues!

[Noc2]

Thanks for the application. Are you aware of https://github.com/pioneersprize/Polkadot-Pioneers-Prize/blob/main/applications/zklogin-Reclaim-protocol.md How is your solution different? What is the reason that your Github accounts seem rather new and unused? And have you considered applying via the decentralized futures program instead and getting the entire project funded: https://futures.web3.foundation/

[singkeo]

@Noc2 thanks for your reply, let me break down your questions.

1. zkLogin: Their solution varies vastly in various factors:
   a. data processing: they allow dApps to use web2 data, while DOT Login doesn't process any user data
   b. their focus: they add an additional barrier to safe-guard dApps, we're aiming to deliver a seamless bridge to onboard web2 users
   c. UX: they require a native mobile app, we're offering a web-based wallet with no extra components
   d. trust assumptions: their solution includes trusting the attestation service in addition to trusting the OAuth2 providers

   A detailed technical comparison of the on-chain components is difficult: Although their sequence diagram is easy to digest, it doesn't go in deep detail when it comes to the runtime implementation. More details can be found on the newly added zkLogin section.

2. Our GitHub accounts: While they've been created as early as 2014, 2015 and 2020, we acknowledge the fact that we've been focusing on the development of proprietary software rather than open-source - something we'd like to change (see also here).

3. Preference for Grants over Dec. Futures: We're currently streamlining our capacities in an effort to fully focus on DOT Login which is why a rapid decision on the way forward is a priority to us. According to the X Space from 25 Jan over 100 projects have been submitted to the Dec. Futures Program, of which 2 have been approved so far which is why we think the Grants Program is the better option for us (see also here). Initially we've applied for a larger scope, but @semuelle suggested to go for a smaller grant and to apply to the Dec. Futures program for the remaining scope - a lean approach that allows the Web3 Foundation to verify our code quality in this first iteration, before potentially committing to a bigger amount for the extended scope.

[takahser]

Re-approving this.

[Noc2]

Happy to give it a chance.

[github-actions]

Congratulations and welcome to the Web3 Foundation Grants Program! Please refer to our Milestone Delivery repository for instructions on how to submit milestones and invoices, our FAQ for frequently asked questions and the support section of our README for more ways to find answers to your questions.

Before you start, take a moment to read through our announcement guidelines for all communications related to the grant or make them known to the right person in your organisation. In particular, please don't announce the grant publicly before at least the first milestone of your project has been approved. At that point or shortly before, you can get in touch with us at [email protected] and we'll be happy to collaborate on an announcement about the work you’re doing.

Lastly, please remember to let us know in case you run into any delays or deviate from the deliverables in your application. You can either leave a comment here or directly request to amend your application via PR. We wish you luck with your project! 🚀

[semuelle]

@singkeo, if you haven't yet, could you submit your company information through the KYB link above?

[keeganquigley]

pinging @singkeo have you completed KYC yet? Thanks.

[singkeo]

Thanks for onboarding us ! @semuelle thanks for the link, @keeganquigley done it today, waiting for the review.