tl;dr: What is a keyless blockchain account? Put simply, “Your blockchain account = Your Google account”. In other words, this keyless approach allows you to derive a blockchain account from any of your existing OpenID Connect (OIDC) account (e.g., Google, Apple), rather than from a traditional secret key or mnemonic. There are no long-term secret keys you need to manage. There is also no multi-party computation (MPC) system managing your account for you. As a result, the risk of account loss is (more or less), the risk of losing your Google account.
One day, I hope to edit this into a full blog post but, until then:
- I wrote a high-level explanation of how keyless accounts work on the Aptos blockchain here.
- I wrote an in-depth document explaining how keyless accounts work and their many caveats in the 61th Aptos Improvement Proposal.
- I did a few more things below 👇
Other resources
A 20-minute presentation at zkSummit11 can be found below:
An accompanying tweetstorm can be found below:
What is an @aptos keyless account? 🧵
— Alin Tomescu (@alinush407) June 12, 2024
It's a blockchain account derived from (say) your Google account and an application (wallet, dapp, etc).
It's bound not just to you (e.g., you@gmail.com) but also to the application (e.g., @PetraWallet, or @ThalaLabs, or @VibrantXFinance) pic.twitter.com/L3qgRf1WoS
AIPs for auxiliary keyless services:
AIPs for recent extensions to keyless:
- AIP-96: Federated Keyless
- Adds decentralized support for “federated” OIDC providers like Auth0, which have tenant-specific
iss
’s and JWKs and could not be scalably integrated into our JWK consensus mechanism
- Adds decentralized support for “federated” OIDC providers like Auth0, which have tenant-specific
- AIP-108: “Audless” Federated Keyless
- Draft AIP: Privacy-preserving pepper service
$$ \def\Adv{\mathcal{A}} \def\Badv{\mathcal{B}} \def\vect#1{\mathbf{#1}} $$