Inspiration

The events of the past few weeks have all but confirmed our long-held suspicions that Big Tech does not respect our privacy. Everyone loves to log into 3rd party services via Google or Facebook with a click of a button, yet we now know this feature comes at a cost — our data. Clearly, what the world needs is a trusted service that can authenticate users without invading their privacy. The world needs nomen.

What it does

nomen is your passport to Web 3.0. As the first Decentralized Authentication Service (DAS), nomen allows you to login to all your favorite websites with a click of a button both privately and securely. Using Ethereum smart contracts, nomen establishes and maintains a decentralized ledger of accounts using blockchain technology. This system has many benefits over conventional username/password systems.

  • Private: No more 3rd party tracking. No more Cambridge Analytica. No more Big Brother. Through nomen, logging-in is a transaction between you, the website you are accessing, and no one else.

  • Authenticated: All users are securely authenticated via the Ethereum blockchain. The only way for an attacker to spoof your account is to hijack your protected Ethereum wallet.

  • Universal: One nomen, all of Web 3.0. Gone are the days of struggling to remember your passwords for dozens of different sites. With a click of a button, nomen grants you access to all of your favorite (supported) websites.

  • Accessible: nomen was designed to be as easy to use as possible. Despite the behind-the-scenes complexity of blockchain authentication and integration, nomen's simple, streamlined interface makes the powerful technology accessible to everyone.

How we built it

Our framework can be broken down into two major components: a backend served by a Solidity smart contract running on the Ethereum Virtual Machine, and a frontend that uses the web3 API to communicate with the blockchain.

The backend runs on the EVM, which means it is executed across the entire Ethereum blockchain. This accomplishes the goal of decentralization authentication we set forth in our vision. Meanwhile, the frontend can register users and securely log them in. Although creating a nomen requires an Ether (gas) fee to process, login calls with existing nomen will be free. Note that because using nomen requires interacting with the Ethereum blockchain, an Ethereum browser is required. The simplest choice for this is MetaMask, a Google Chrome extension that can handle all Ether functions.

An integral feature of nomen is its plug-and-play capability. We developed a PHP authentication plugin can connect to any existing web technology. Therefore, the leap from web 2.0 to 3.0 has never be easier. The plugin communicates with Infura, which acts as an Ethereum node to fetch information stored on-chain. The client, attempting to authenticate into an application, will sign a timestamp with MetaMask and submit it to the authentication server. The plugin will then verify the signature and grant (or deny) access. Security has never been simpler.

The website (temporarily hosted on michaelman.net), explains our vision, allows users to create a nomen, and also demonstrates a sample nomen login.

Challenges we ran into

In between learning how to use Solidity (the language used to code Ethereum smart contracts), juggling complex asynchronous web3 Javascript, and figuring out how to update PHP to its latest version, this project has had its fair share of roadblocks. In particular, the Ethereum project, as amazing as it is, is still far from mature. Libraries exist with sparse documentation, language support far from comprehensive, and errors widespread and poorly-reported. Just deploying a contract onto the blockchain was a complex hurdle in and of itself.

Accomplishments that we're proud of

We are extremely proud that we were able to design, develop, and deploy a working decentralized service given the short amount of time we had. We truly believe that nomen has a place in the decentralized web of the future, and we look forward to continuing its development.

What we learned

Most of our group had minimal experience with Truffle and Solidity, and so implementing our first smart contract alone was extremely rewarding and instructive. In particular, we learned how to deploy a contract, how to interface with a contract client-side, and how to interface with a contract server-side.

What's next for nomen

First and foremost, we would like to perform an audit of the login protocol to ensure the security of our product. Afterwards, we hope to expand nomen's reach into real 3rd-party apps by working with Web 3.0 developers to implement our service. Finally, once we have patrons using our Dapp, we would like to develop and expand nomen's features, including two factor authentication and account recovery through trust networks.

We are also considering expanding support beyond just PHP. We believe that as decentralized web matures, the current internet will grow obsolete. Furthermore, it is our view that increasing access to decentralized frameworks and plugins such as nomen will help speed up this technological revolution. As such, we hope to both create a node module and to add Python support in the near future.

Built With

Share this project:
×

Updates