Going Keyless
One of the biggest challenges is the expectation of users to manage private keys, which can be cumbersome and error-prone. Aptos Keyless eliminates the need for traditional private keys, offering a more user-friendly alternative through familiar Web2 social sign-ins like Google and Apple, simplifying the user experience and creating a smooth onboarding process across all Aptos apps.
Keyless authenticates users through Web2 social login platforms utilizing the OpenID Connect (OIDC) standard, seamlessly tying a user’s OIDC account to their blockchain account. Zero-knowledge proofs are utilized to ensure privacy and security, allowing validators to verify user identity and transaction authorization without revealing sensitive information, such as the user’s email, publicly to the blockchain. In fact, blockchain validators can authenticate transactions without ever seeing the user’s actual login details, maintaining both the security of the blockchain account and the privacy of the user’s identity.
The following images depict the high-level mechanics of Aptos Keyless and the Keyless zero-knowledge relation (see How Keyless Works for more detail). Briefly, the Keyless account and transaction flow is:
A user’s blockchain address will be a hash of email id & the application that the account is associated with — like a wallet or dApp.
A blockchain address is now associated with a user’s email address and app id. Google (or other OIDC provider) will sign over this and any arbitrary data (e.g. a transaction).
The validators can easily verify (using zero-knowledge) that the signature on the txn is over the same email & app id as in the blockchain address.
We are excited about the cryptographic innovation of Keyless and see an incredible amount of potential in the novel innovations to the Aptos user experience. To unlock this new user experience, we have developed a typescript SDK, usable by any developer building on Aptos today.
Make your user’s experience simple, unlocking user growth, retention, and protection:
1-Click Account Creation: Users can quickly create accounts via Google (with more to come!)
Embedded App Experience: Users stay within your app without leaving to download and interface with an external wallet application; execute transactions without interrupting the user experience with foreign pop‑ups
No More Seed Phrases: Users don’t need to manually manage any keys. Instead, users only need to maintain access to their OIDC accounts
Improved Account Recovery: Users gain access to familiar Web2 recovery options
Cross-Device Accessibility: Users can access accounts across devices and platforms without importing keys, downloading software, or setting passwords
Explore our dev docs to learn more about Keyless and how you can integrate the Aptos Keyless SDK today.