Updated 84 days ago

On-Chain 2FA

on chain TOTP authenticator support for secret network

  • Crypto / Web3
  • Secret Network
  • Account Abstraction
  • Appchain Infrastructure
  • Chain Abstraction

Secret Network Two-Factor Authentication (2FA) with Google Authenticator

Overview

Enhance security on the Secret Network by integrating Two-Factor Authentication (2FA) using Google Authenticator. This project enables users to secure their accounts and smart contract interactions with Time-based One-Time Passwords (TOTP), leveraging the privacy-preserving features unique to the Secret Network.

Key Features

  • Secure Registration: Generate a unique TOTP secret key within the application.
  • Easy Setup: Scan a QR code to add the TOTP key to Google Authenticator.
  • On-Chain Authentication: Validate TOTP codes directly within smart contracts.
  • Privacy-Preserving: Secret keys and authentication data remain confidential.

Why Secret Network?

  • Encrypted Smart Contracts: Only possible on Secret Network due to its ability to handle encrypted computations.
  • Enhanced Security: Protects against unauthorized access even if private keys are compromised.
  • User Trust: Users can confidently secure their assets with additional authentication layers.

Usage Instructions

Prerequisites

  • Keplr Wallet Extension: Install in your browser.
  • Secret Network Account: Set up using Keplr.
  • Google Authenticator App: Install on your mobile device.

Setup Guide

  1. Access the Application

    • Navigate to the application URL.
    • Connect your Keplr wallet.
  2. Register for 2FA

    • Click "Enable 2FA".
    • A unique TOTP secret key is generated.
    • A QR code is displayed.
  3. Configure Google Authenticator

    • Open the app and tap "+" to add a new account.
    • Select "Scan a QR code" and scan the displayed QR code.
  4. Complete Registration

    • Click "Register with Contract" to store your secret key securely.
  5. Authenticate

    • When prompted, enter the current 6-digit code from Google Authenticator.
    • The smart contract validates the code on-chain.

Technical Details

  • Smart Contract

    • Language: Rust with CosmWasm.
    • Functions:
      • register: Stores the TOTP secret key.
      • authenticate: Validates the TOTP code.
    • Security: Uses secret_toolkit for secure storage.
  • Front-End Application

    • Framework: React.
    • Libraries:
      • hi-base32: Base32 encoding.
      • qrcode.react: QR code generation.
      • secretjs: Blockchain interaction.

Impact and Applications

  • Enhanced Security: Adds an extra layer of protection for users.
  • Broad Use Cases: Applicable to dApps, DeFi platforms, and governance systems.
  • User-Friendly: Familiar authentication method encourages adoption.

Team

  • Braydn Larsen - Lead Developer

Contact


Note to Hackathon Judges:

  • Innovation: Implements 2FA directly within smart contracts using Secret Network's unique features.
  • Technical Achievement: Securely integrates TOTP authentication in a privacy-preserving manner.
  • Utility: Addresses the need for enhanced security in blockchain applications.

GitHub Repository: github.com/zenopie/totp-auth-contract

Live Demo: testnet.erth.network