Explained: The Snax Trustless Authentication Protocol

The fundamental technology that allows Snax to operate is the binding of the blockchain transactions together with accounts on the social media platforms such as Twitter, Reddit and so on. Snax blockchain allows you to to any account name on any public platform integrated into Snax (we call those Social Transactions). send transactions without prior invoicing from the recipient You can be certain that the transaction will reach the recipient without having to rely on a centralized third party (apart, of course, from the social platform itself). This article will explain how Snax Trustless Authentication Protocol works using the example of authentication of the Twitter account. Don’t trust. But Verify. This is the main principle of building an open cryptographic system, including blockchain systems. The authentication solutions built using oAuth 2.0, for example, OpenID connect, work very well with centralized servers, however, it can be hard to implement them in decentralized systems. These systems are designed to solve a particular problem of when a user ( ) needs to get authorized with a certain service ( ). However, with blockchain based system authentication and authorization of any user must be verifiable not by one server, but by an outside observer ( ) at any moment of time. client centralized server third party : Snax Trustless Authentication Protocol provides solutions to the following problems Authentication of users from any public platform on the Snax blockchain. Presentation of proof of user authentication to any third party at any time. Completion of any subsequent authentications using Snax account without the participation of the public platform. Step 1. Authentication. Take Twitter as an example of an online public platform (Twitter will come integrated into Snax blockchain at the time of main net launch). Let’s assume that you have a Twitter account and that you want to complete authentication in the Snax blockchain using that account. Authentication will be done using the following algorithm: Client (user) generates a pair of keys ( ). priv_key, pub_key Client selects any unassigned account name ( ) on the Snax blockchain ( account will be registered on the blockchain). snax_name snax_name Client generates a key ( ). K Client calculates a hash function H(K, snax_name)=hmac_sha256 (K || hmac_sha256 (K || snax_name)) Client publishes received hash by creating a tweet from their Twitter account, on the Snax blockchain. H acknowledging their intent to complete authentication Client sends the following information to an oracle:- Pair ( )- Their , for which the account name will be registered.- Their account name on Twitter and a link to the authentication tweet (optional, as the authentication tweet can be found by the oracle on the feed using Twitter API) K, snax_name pub_key snax_name N The Oracle then calculates your hash and compares it with the hash, found in authentication tweet. If the hashes are identical, the Oracle considers the authentication process to be completed. H Oracle calls on the registration method of the Twitter platform smart contract with arguments of ( ). K, snax_name, pub_key, N, L The Twitter platform smart contract then registers account with the public key and adds information to the blockchain about successful authentication of a twitter user , a public key and a link . snax_name pub_key N K, L Snax authentication process Step 2. Proof. It is now essential to explain why the third party might not trust a centralized oracle which has completed the authentication of the user. Let us consider the following possibilities of a vector attack: Oracle being compromised. Forgery of a user’s authentication request by an intruder. ( ) which would satisfy the authentication hash . Main defense against this attacks comes from the impossibility of brute forcing the incoming data K, snax_name H Because the authentication tweet, which contains hash , is published on Twitter by the owner of the twitter account, an intruder does not have an ability to generate a valid pair ( ), apart from the one which was provided by the actual owner of the account. H K, snax_name This way, any third party, at any moment of time, can verify the authentication by the owner of the Twitter account using the following algorithm: N Take the embedded into the blockchain pair about the authentication of the user ( ). K, snax_name Generate hash ). H(K, snax_name Go to the published link L. Verify that the account which has published the tweet indeed belongs to the account of the user . L N Check the presence of hash in the tweet .If the hash is found, then the user authentication is valid. H L Step 3. Using Snax account as an authenticator. Now, that the authentication of a user can be proven, the name of the blockchain account can be subsequently used as an authenticator of the user of Twitter . For example, Snax blockchain uses of the account for the . snax_name N snax_name N emission of the SNAX tokens This process would also make it possible to create a transaction to any account of the public network, integrated into Snax platform, without a prior invoicing by the recipient. Platforms smart contract will automatically complete the transaction to the from which the authentication of the receiver has been completed. If the authentication has not yet been finalized, then platform smart contract will wait for its completion to perform the transaction. snax_name Conclusion We have looked at how the Snax Trustless Authentication Protocol works on a macro level. Of course, the act of publication of authentication message (e.g. tweet) can cause an inconvenience for the user, however, we do not yet see any reliable alternative technology for creating a trustless authentication. This inconvenience can be solved by integrating the Snax Trustless Authentication Protocol (or the similar protocol) in API of the existing social networks. It is not a complicated process in general, however, it does require the platform to create a public authentication API available for a third party request. If you have questions about how Snax emission works, how to receive publisher rewards, or about how to become a block producer for Snax network, feel free to join us in our Discord at Don’t forget to follow us on and to clap for this post! https://discord.gg/qygxJAZ. Twitter Also, you can find answers to frequent questions here https://snax.one/faq.