Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[AIP-81][Discussion] Pepper service for keyless accounts #419

Closed
thepomeranian opened this issue May 6, 2024 · 0 comments
Closed

[AIP-81][Discussion] Pepper service for keyless accounts #419

thepomeranian opened this issue May 6, 2024 · 0 comments
Labels
accepted

Comments

@thepomeranian
Copy link
Collaborator

AIP Discussion

Summary

In keyless accounts an end user needs a private blinding factor (pepper) as an input in the privacy-preserving account address derivation: as long as the pepper is not leaked, the link between the account and the provider/dApp owner behind it remains hidden.

This AIP proposes a solution to manange pepper for the end users without actually storing them by deploying a public service (operated by Aptos Labs) that computes the pepper as a verifiable unpredictable function (VUF) of some session data (namely, the ephemeral public key from the end user and the authorization token (the JWT) from the OIDC provider).

Read more about it here: https://github.com/aptos-foundation/AIPs/blob/main/aips/aip-81.md
@thepomeranian thepomeranian added this to the aptos-node-v1.12 milestone May 6, 2024
@thepomeranian thepomeranian changed the title [AIP-82][Discussion] Pepper service for keyless accounts [AIP-81][Discussion] Pepper service for keyless accounts May 6, 2024
@thepomeranian thepomeranian removed this from the aptos-node-v1.12 milestone May 6, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
accepted
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@thepomeranian