xGov-119: Zorkin - Social Login for Self-Custodial Account Authentication with ZK-SNARKs

Ill be honest the private transaction feature will be incredible later on mixed in with xgov-108 if this goes ahead since this has offline signing aswell. Fully airgapped. What a great combo … this ill be honest a private transaction feature will bring an entirely new perspective on this coin and ppl will stop calling it a government coin or cbdc and it will bring entire new users onboard. Privacy is a hot topic in this era of suppression and cancellation culture

VERSEWARE PTY LTD is now a registered Australian Proprietary Limited company, which legally represents Zorkin in trade and commerce. The entity will also represent most (if not all) business activities I conduct in this space.

In the proposal, “Helium Labs” is a placeholder for VERSEWARE PTY LTD.

I may rename the company sometime in the future, but it’s honestly fine. The name sounds good, and I’ve thought about existing trademarks and don’t see any cause for concern.

I agree privacy is important. While I’m open to considering privacy-enhancing features in the future, I cannot make any promises as previously mentioned. The current focus is on the core experience per the proposal.

Private transactions often face legal restrictions due to their potential for facilitating crimes (e.g. Tornado Cash). Privacy features we implement, if any, will be legal and ethical.

Having thought about it, chances are I won’t add private transactions of any kind, however other types of privacy-enhancing features will be considered for inclusion.

Notes:

1. My understanding is certain types of private transaction, such as using a single record-keeping custodian or engaging in non-monetary exchanges, may be legally permissible. Further due diligence is essential.
2. This post is not intended as legal or investment advice. Please conduct your own research.

Thanks .

just an FYI ZEC is sold in every exchange without any issue maybe the exchange has certain rules you must abide by and i agree if the exchange says mst be unsheilded then thats what you must do but between 2 private parties why cant you make a shielded TX ., by the way most exchanges i have seen in Aus sell monero if the exchange doesnt allow shielded it will stipulate , and its only an option if the wallet provider decided to implement it. Some countries require this privacy from their tyranical goverments, oThat is why the standard transaction is non zk-snarks you have to decide wether you want to make this transaction or not , z-cash has been approved by some government entity which is basically the same it has shielded and non shielded unlike monero where it is the standard and you must transact privately

I have a bunch of updates regarding xGov119 (Zorkin). It is difficult to speak in absolutes since AF’s WebAuthn solution is still a work in progress. I welcome corrections for any unintended inaccuracies in my interpretation.

AF Webauthn vs. Zorkin: A Clarification

I want to clarify once again the significant differences between the Webauthn approach that AF is developing and Zorkin. Let me explain.

My understanding is that AF is developing a Webauthn authentication method without an OAuth provider, initially focusing on authentication and then transaction authorization. Below, I compare this to Zorkin.

Webauthn for OAuth Authentication

OAuth2, utilized by Zorkin, can use Webauthn as an authentication factor if offered by the OAuth provider. This inherits the provider’s setup, such as passkeys and Web2 account recovery options (for example, see Google Webauthn).

After OIDC authentication, a user can authorize transactions from a linked Algorand account, with access proven via a ZK-SNARK proof through Zorkin.

Zorkin’s Additional Efforts

Zorkin will provide additional features such as simplified Asset Opt-In and a Fiat On-Ramp. I’m fairly certain AF won’t go this far, focusing solely on auth.

Integrating Zorkin Seamlessly

A business can integrate Zorkin seamlessly, enabling existing users to access a linked Algorand account, assuming they use a supported OAuth provider.

Conversely, WebAuthn alone would require explicit linking to existing user profiles and, without passkeys, ties the authentication factor to a specific device. It’s unclear if AF’s solution will include passkeys.


In short, Zorkin can use a number of OIDC authentication methods, including Webauthn, depending on what is supported by the chosen OAuth provider. With the fiat on-ramp and other features, it will provide a nearly frictionless Algorand onboarding experience.

Open-Source Licensing with the Apache License v2 (APLv2)

I have decided to make all source code for xGov119 software deliverables available under APLv2 to the fullest extent legally possible, if the proposal passes this xGov session. This does not mean the service will be free to use; charges will still apply for usage.

Should the proposal not be approved, I retain full discretion over its future. In such a scenario, I cannot commit to releasing the product or making it open source.

Approaching the Finish Line

Finally, the proposal is close to achieving 90% of votes needed to pass. In these final moments, your support is crucial to help it succeed. I will devote all my energy to fully realizing its potential, if it passes.

The funding will primarily cover my salary for several months of intense R&D work and any incidental expenses I may incur along the way, such as a hypothetical registration fee or external freelance tasks, like creating a marketing website.

For more details, see the proposal on GitHub with its video demo. GovernorHat on Twitter ranked xGov119 with a select few in the S-tier after thoroughly reviewing them all.

Give this man a vote already! almost there brother, you’ll make it.

I would like to clarify a few things I’ve said so far in case I have miscommunicated them unknowingly. Please understand the following:

Clarification on APLv2 licensing

By saying the source code is licensed under APLv2 where legally possible, I mean in respect of any license terms I must oblige by such as copy-left licenses, and such. Anything that may legally compromise me will be respected first and foremost. Read about APLv2 online to understand how that license works.

Clarification on Self-Custodial meaning

By self-custodial, I mean user assets are not actively managed and the sensitive user access keys are not in direct control of Zorkin (i.e. assets won’t be in my custody). However depending on how it’s implemented, parts of the implementation will require innate trust in a 3rd party to not act maliciously. It is almost unavoidable, even in most respectable self-custodial wallets I won’t name.

Examples of how trust is required include compromised client code integrity (e.g. a frontend or app is updated to use a hidden malicious version), or more specifically in Zorkin’s current design having the Chainlink SC be updatable to allow updating OAuth provider JWK signing links should they change.

I will do everything I can to ensure the trust is minimized and security is maximized at every opportunity. For example having client-code integrity verification by having a webapp build to a single file whose hash can be verified in the client, DNSSEC/DNSLINK, open-source code, and consideration of a DAO for community voted upgrades to infrastructure with immutable versioning.

These are examples of small design choices that may be made during development should this project be funded. This is to be expected as the proposal is R&D intensive and not fully complete, which is why I was liberal with disclaimers and vagueness in the proposal.

Deliverables

Following on from the last section, since it’s R&D intensive, please understand the final concrete design will of course be different to some degree. There are numerous small design choices that are yet to be made, as I continue to refine and iterate. But rest assured the high level gist, “Self-Custodial social login to authorize transactions with ZK-SNARKs”, will be delivered by EOY if passed. The way that is achieved and presented will inevitably evolve during development. Where “self-custodial” is the definition given, as clarified above.

I look forward to the outcome. If you have any questions please let me know and I’d be happy to answer.

I mistakenly believed I had signed the contract by completing the Google Docs form. However, I now realize a Docusign digital signature is also required, which will be delivered separately. Sorry for any confusion. I’ll keep you updated.

I’m reviewing the contract again to ensure I haven’t accidentally overlooked or misunderstood any crucial details. For instance, I may need to do more than write articles to fulfill the promotion part of the “purposes” as defined in the contract. I’ll inform you if I decide to modify my plans, such as my promotional strategy, to satisfy that requirement.

As explained earlier (see the proposal), given that this is an R&D-intensive project that is non-trivial, expect things to change within some reasonable tolerance. For example, I may code something one day and write an article (or make a public Git commit), and then iteratively refine it later after discovering a better way to do something for the betterment of the project.

Disclaimer:
As always, nothing I say is intended to be legal or financial advice. I’m not a lawyer or financial professional. While I believe my layman interpretations of the contract are accurate, please seek professional guidance if you have the same contract.

Business Entity

I recently registered the Australian company Inter Auth Systems Pty Ltd last night. This company signed the contract and assumes full legal ownership and responsibility for the proposal and intended business. What I meant in saying “I may rename the company sometime in the future” above, is that I may change the company and that’s what I’ve done.

Please disregard the above business entity I have previously mentioned. As explained, Helium Labs in the proposal is a placeholder, and it is actually my Github organization, which I’m going to rename.

I am currently receiving legal advice regarding the open-sourcing of the solution. Once I have received the necessary guidance, I will prepare a statement addressing the matter. I will share the statement as soon as it is ready.

Yo only need to create an article after deliverables are completed. The main purpose of the article is for the community to try out your product and also to know the benefits the product may offer.

So the article should be less of a tecnical thing.