BACKGROUND
Blockchain technology has the potential to revolutionize the way we store and transfer value, but it can also be complex and intimidating for many users. Account abstraction has simplified the user experience for interacting with blockchain technology, but cyber attacks and unauthorized access to user accounts remain a risk. By implementing two-factor authentication with time-based one-time passwords, we can combine the user-friendly interface of account abstraction with an additional layer of security to provide a more secure crypto wallet for a wider audience.
THE SOLUTION
IMPLEMENTATION
A. SETTING UP 2FA FOR A SECURED ACCOUNT
- The user generates a random TOTP secret and a QR code and uses an Authenticator app to save the code.
- The future TOTPs are generated from the TOTP secret, and a merkle tree is built using these TOTPs to delegate the secured account (abstraction account) for a specific time frame. For example: if the delegation timeframe is 5 minutes and the time-step size of Google Authenticator is 30 seconds, then a merkle tree is built from 10 TOTPs.
- The merkle tree hashes (merkle tree proofs) are stored off-chain.
- The generated TOTPs and TOTP secrets are deleted using the Authenticator app by scanning the QR code.
- The merkle top root is submitted on-chain.
B. USING TOTP IN A SECURED ACCOUNT
- The secured account requests TOTP for every transaction.
- The TOTP generated from the Authenticator app and the merkle tree proofs are used to authenticate.