tl;dr: What is a keyless blockchain account? Put simply, “Your blockchain account = Your Google account”. In other words, this keyless approach allows you to derive a blockchain account from any of your existing OpenID Connect (OIDC) account (e.g., Google, Apple), rather than from a traditional secret key or mnemonic. There are no long-term secret keys you need to manage. There is also no multi-party computation (MPC) system managing your account for you. As a result, the risk of account loss is (more or less), the risk of losing your Google account.
One day, I hope to edit this into a full blog post but, until then check out the resources below:
Docs
- I gave a high-level overview of how keyless accounts work on the Aptos blockchain
- I wrote an in-depth explanation of how keyless accounts work (and their many caveats) in the 61th Aptos Improvement Proposal.
Presentations
In April 2024, I gave a 20-minute presentation at zkSummit11, with slides here:
Tweets
A tweetstorm summarizing Aptos Keyless can be found below:
What is an @aptos keyless account? 🧵
— Alin Tomescu (@alinush407) June 12, 2024
It's a blockchain account derived from (say) your Google account and an application (wallet, dapp, etc).
It's bound not just to you (e.g., you@gmail.com) but also to the application (e.g., @PetraWallet, or @ThalaLabs, or @VibrantXFinance) pic.twitter.com/L3qgRf1WoS
Aptos Improvement Proposals (AIPs)
AIPs for auxiliary keyless services:
AIPs for recent extensions to keyless:
- AIP-96: Federated Keyless
- Adds decentralized support for “federated” OIDC providers like Auth0, which have tenant-specific
iss’s and JWKs and could not be scalably integrated into our JWK consensus mechanism
- Adds decentralized support for “federated” OIDC providers like Auth0, which have tenant-specific
- AIP-108: “Audless” Federated Keyless
- Draft AIP: Privacy-preserving pepper service
$$ \def\Adv{\mathcal{A}} \def\Badv{\mathcal{B}} \def\vect#1{\mathbf{#1}} $$