ZK session keys
Introduction
Account abstraction(AA) opens the door to unlimited innovation around human digital identity. Using a smart contract account, humans are authenticated in the digital world via a computer program deployed and executed on a decentralized public good infrastructure. In this paradigm, humans own(programmable ownership), manage, and govern their digital identity without a centralized trusted third party. By nature, Digital identity must be provided as a digital public good.
After implementing account abstraction(AA) via the ERC-4337 standard(without requiring changes to the consensus-layer protocol), builders introduce different approaches and techniques to improve the current blockchain digital identity and decrease its limitations. One of the main innovations is controlling an account via a Passkey(WebAuthn signers). It is a user-friendly authentication that leverages biometrics and PINs and eliminates the need for mnemonic phrases. Builders leverage different signers(different methods to control an account), such as Magic, Lit Protocol's OTP, and DFNS. Session keys is also critical solution for improving user experience(UX). It aims to bring a Web2-like experience to Blockchain without compromising safety, security, and self-custody.
Session Keys
Session keys are temporary keys imbued with specific permissions. The key is attached to a set of permissions that authorize a specific set of user operations and to a set of policies that authorize user operations with specific parameters and conditions. For each permission, there will be a set of policies. They define the scope of the session. We validate that the user operation call matches the SessionKey permissions and that the session key has signed the user operation.
The ERC-7715 standard defines an interface for requesting and getting permissions from wallets. It is a new JSON-RPC method wallet_grantPermissions for DApp to request a Wallet to grant permissions in order to execute transactions on the user’s behalf. Session Keys providers verify session permissions and policies on-chain via smart contract code.
Permission and policy verification on-chain are not scalable enough to build a more advanced system, are limited to smart contract scope, and can lead to more gas consumption. We suggest another direction based on zero-knowledge proofs(ZKPs). It ensures Trust-Minimization.
ZK Session Keys
We suggest verifying session permissions and policies by combining smart contracts and ZK circuits. Our approach is to program permission verification via ZK circuits and let only ZK proof verification be on-chain in the smart contract account. ZK proof abstracts any complex permission/policies verification logic at scale. Programming permission verification via ZK circuits will generate proving and verifying keys.
We need a signature and proof to validate user operation based on the ZK session key.
- Signature: cryptographic service over data.
- Proof: cryptographic service over computational statement.
We have a proving phase that generates an off-chain proof to prove that the user's operation matches the session permissions and policies.
Then, we will verify the proof on-chain.
With the ZK session key, signer, permissions, and policies must be in Merkelized format. The session tree root must be part of the on-chain state. We can program any computational statement around Merkelized session data via ZK circuits.
Using ZKPs, we have another class of session permission and policies that are difficult and inefficient to program them on the smart contract side. Computational statements like “You only have three opened sessions at the same time” and “You can only transfer 100 USDT during the last one hour” will be verified using the ZK coprocessor. Proof aggregation and recursion lead to more efficient permissions and policy verification.
ZK session keys will be an ERC-7579 module.
Our reference experimentation:
ZK circuit: https://github.com/MicrochainLabs/ZK-session-keys-experimentation-circuits
Smart contract account: https://github.com/MicrochainLabs/ZK-session-keys-experimentation-smart-contract-account
Front end: https://github.com/MicrochainLabs/ZK-session-keys-experimentation-frontend
Our on-chain digital identity vision endgame: https://docs.microchain.microchainlabs.xyz/blog/first-post