Build a Passkey Proof of Concept with the WebAuthn API for a Ed25519 Key Pair

[oceans404]

Bounty Objective

A Nillion Network user has a Ed25519 key pair consisting of a public and private key.

Implement a passkey system using the WebAuthn API with Ed25519 key pairs so that a user can authenticate their ED25519 key pair without revealing it. The proof of concept implementation should include both registration and authentication processes, allowing users to create and use passkeys on supported devices. The final deliverable will be a fully functional example that demonstrates the complete backend and frontend flow, including proper handling of the WebAuthn API and storage of necessary public key data.

Resources

• ED25519: https://cryptography.io/en/latest/hazmat/primitives/asymmetric/ed25519/#key-interfaces
• Passkeys overview: https://developers.google.com/identity/passkeys
• What is WebAuthn: https://developer.chrome.com/docs/identity/webauthn

Bounty Requirements

Build an open source backend that:

• Implements endpoints for initiating registration and authentication
• Generates and manages challenges for WebAuthn requests
• Validates registration and authentication responses
• Stores public keys and metadata in a database
• Uses appropriate libraries and frameworks to handle cryptographic operations

Build an open source frontend that:

• Implements registration and authentication flows
• Communicates with the backend to fetch registration and authentication options
• Uses the WebAuthn API to create and get credentials
• Properly handles and parses responses from the WebAuthn API
• Provides a user-friendly interface for registration (creating a new passkey) and authentication processes
• Ensures the private key is securely generated and stored within the authenticator (for example a user’s device, a FIDO2 security key, or phone). The private key never leaves the authenticator and is not exposed to the backend, frontend, or any other parties. Only the authenticator can use the private key to sign authentication challenges.

Document your solution:

• Submit your completed implementation as an open source GitHub repo
• Include instructions in the README on how to run your implementation
• Explain who are the trusted parties in your solution’s flow - only the authenticator and the user’s device (browser) should be trusted parties
• Provide a demo video showcasing your frontend’s registration and authentication flows

How to Submit

Review the Terms and Conditions for Nillion Builder Bounties here.

Open source your repo and submit your bounty by creating a new discussion in Nillion’s “Show and Tell” Github Discussions Forum. For project type, choose “Builder Bounty Submission”

[Myestery]

@oceans404 please see https://github.com/orgs/NillionNetwork/discussions/99 for my submission

[daningyn]

hi @oceans404, please check my submission: https://github.com/orgs/NillionNetwork/discussions/103

[Envoy-VC]

Hey @oceans404 this is my submission: https://github.com/orgs/NillionNetwork/discussions/105

[Mzemlu]

Hey @oceans404 this is my submission: https://github.com/orgs/NillionNetwork/discussions/107

[khanhhuy-bkdn]

Hey @oceans404, please check my submission: https://github.com/orgs/NillionNetwork/discussions/110