π§ Smart Wallets
Smart wallets on Stellar are currently under active development. This page is where that work is being captured. Until there is an audited interface it is suggested not to use smart wallets in production.
The launch of Protocol 21 enables native support of secp256r1 verification in Stellar smart contracts on Mainnet as outlined in CAP-0051. This integration means that secp256r1 is built directly into the protocol and applications can both sign transactions and submit them to the network using secp256r1 without relying on a third party, as you have to in other networks.
Secp256r1 support, in turn, further enables something extremely exciting: passkey powered smart wallets! The ability to sign transactions and access accounts with a passkey rather than using secret keys or seed phrases is a huge step forward in easing usability in blockchain without sacrificing security.
This page is meant to: 1. showcase all the work being done on Stellar with passkeys, and 2. give you a basic understanding of smart wallets, the secp256r1 cryptographic curve, the WebAuthn standard, and passkeys.
This page is meant to keep users up-to-date on the work being done with passkeys by the Stellar Development Foundation (SDF) and the Stellar ecosystem. The official documentation for passkeys is a work in progress as we collaborate to create an audited smart wallet contract interface.
Join the discussion, ask questions, and share your own work with smart wallets in the Stellar Developer Discord in the #passkeys channel.
See the work being done on creating a standard for a smart wallet interface in this Google doc.
Experiment with passkeys on Stellarβ
Check out some of the current work being done with passkeys on Stellar! This page will be updated frequently as more projects and standards are created.
These examples are not created or maintained officially by the SDF but by dedicated community members both internal and external to the SDF.
Play around with the various examples linked below, build your own passkey-powered projects, and share your findings in the #passkeys channel on Discord.
Soroban by example πβ
An app that uses passkeys to sign Stellar smart contract transactions.
- Use the app
- View the code
- Watch the demo
- Watch the discussion
- Read the blog
Super Peach πβ
A passkey-powered multi-signer abstract account contract example.
Passkey Kit π¦β
A client-side SDK tool for managing and using passkeys.
- Use the app
- View the code
- Watch the discussion
Launchtube transaction submission π§ͺβ
An API service where developers can send their smart contract transactions to get them funded and submitted to the Stellar Testnet. No classic Stellar G addresses needed!
What does it all mean?β
Secp256r1β
The secp256r1 signature scheme is an elliptic curve that is often used with the Elliptic Curve Digital Signature Algorithm (ECDSA), which is a widely used public key signature scheme.
Secp256r1 is a common signature algorithm used in WebAuthn, which is the standard behind passkeys available on browsers, computers, and phones. Enabling secp256r1 verification allows developers to design contracts that incorporate passkeys to sign smart contract transactions and access accounts instead of using seed phrases or signing keys.
The Stellar blockchain natively uses the Ed25519 elliptic curve, which is extremely fast and secure but is not as widely supported in WebAuthn implementations as secp256r1.
WebAuthnβ
WebAuthn (web authentication) is a web standard for secure, passwordless authentication. It uses public-key cryptography to eliminate the reliance on secret keys and enhances security and usability for dapps.
WebAuthn provides decentralized authentication (no central authority manages passwords), enhanced security (secret keys remain on the userβs device), improved user experience (users donβt have to worry about remembering their secret keys), and broader interoperability (WebAuthn is already supported by major browsers and platforms).
Passkeysβ
Passkeys are an implementation of the WebAuthn standard. The ability to use passkeys to sign transactions and access accounts removes the need for users to remember their secret keys or 12- to 24-word seed phrases, something that has been a massive barrier to entry for end-users entering the blockchain space. Secret keys and seed phrases can be overwhelming, hard to remember, entered incorrectly, and prone to security breaches.
Passkeys offer a faster, more secure method of identity authentication by using encrypted data stored on a device and performing user verification with hardware tokens (like YubiKeys), biometric data (like fingerprints or facial recognition), or other cryptographic methods.
Smart walletsβ
Smart wallets are digital wallets that leverage smart contract composability to offer enhanced functionality and security for managing digital assets. Unlike traditional cryptocurrency wallets, smart wallets integrate features such as multi-signature support, programmable transactions, and enhanced user experience compatibilities with decentralized applications (dApps).
Smart wallets enable users to interact seamlessly with blockchain ecosystems, providing a user-friendly interface for sending, receiving, and storing digital assets. They often incorporate passkeys and WebAuthn standards to ensure secure, passwordless authentication, reducing the risks associated with traditional seed phrases and private keys.
By utilizing smart contracts, smart wallets can automate transactions and implement advanced security protocols, such as time-locked transfers, spending limits, and fraud detection. These features make smart wallets an ideal choice for users seeking a secure, convenient, and versatile solution for managing their digital assets in the evolving landscape of blockchain technology.
How they work togetherβ
Secp256r1 provides the cryptographic foundation for key generation and digital signatures, WebAuthn offers a standardized framework for passwordless authentication using public-key cryptography, and passkeys implement these technologies to provide a seamless and secure user experience. Bundle all of that together into a Stellar smart contract and you have the foundation for the planet's best smart wallet impelementation!
Key generation and storage:
- When a user sets up a passkey or registers with a WebAuthn service, a key pair is generated using a supported elliptic curve like secp256r1.
- The secret key is stored securely on the userβs device, while the public key is sent to the service provider.
Authentication:
- For authentication, the service provider sends a challenge to the userβs device.
- The device signs the challenge with the secret key.
- The service provider verifies the signature using the public key.
User experience:
- Passkeys simplify this process for users, allowing them to authenticate using biometric data instead of remembering their secret key.
- WebAuthn provides the standard framework for these interactions, ensuring security and interoperability across platforms and devices.