SignChain

Flow Diagram

Inspiration

One-Time Passwords (OTPs) have long been the default for transaction authorization — yet they're fundamentally flawed. OTPs can be phished, intercepted via SIM swap attacks, socially engineered, or simply lost due to delivery failures.

In India alone, over ₹1300 crore (~$160M) was lost to OTP fraud in 2022 (RBI). Despite these dangers, critical systems in banking, fintech, and e-commerce still rely on them.

We built SignChain to replace OTPs with tamper-proof, user-controlled digital signatures, offering a secure, verifiable, and future-ready alternative backed by cryptographic trust.

What it does

SignChain replaces OTPs with Ethereum-based digital signatures.

When a user initiates a sensitive transaction, instead of receiving an OTP, they are prompted to sign a unique transaction ID using MetaMask or their private key. This signature is verified on the backend using cryptographic methods — proving both identity and intent without requiring any shared secret.

Off-chain verification is instant using ethers.js, and optionally, the same signature can be verified on-chain using ecrecover for tamper-proof auditability.

Key Highlights

No OTPs, no SMS, no delivery failures
Full cryptographic proof of user consent
No personal data or identity ever stored or transmitted
Signature happens entirely in MetaMask — private key never leaves the wallet
Compatible with existing frontend stacks and EVM chains

How we built it

Frontend: React.js with Tailwind CSS for responsive UI
Wallet Support: MetaMask integration and manual private key input
Backend: Node.js with Express for signing flow and off-chain verification
Crypto Layer: Ethereum + ethers.js for message hashing and verification
Smart Contract: Solidity contract using Hardhat for on-chain signature validation via ecrecover
Database: MongoDB for optional transaction logging

Live Demo:
https://subtle-gelato-4d93e4.netlify.app/

Source Code:
https://github.com/KaranMishra3610/SignChain

Challenges we ran into

Preventing signature mismatches due to message hashing inconsistencies
Designing timestamped and replay-resistant message structures
Balancing UX simplicity with cryptographic rigor
Building a backend that doesn't require storing user information
Creating smooth onboarding for users new to wallet-based authentication

Accomplishments that we're proud of

Built and deployed a fully functional OTP-less verification system
Delivered a seamless frontend flow with MetaMask and private key support
Verified Ethereum signatures both off-chain and on-chain with stateless logic
Preserved user privacy — no secrets or PII stored anywhere
Created a hybrid architecture that's fast, scalable, and secure
Eliminated SMS dependencies while maintaining enterprise compatibility

What we learned

Deep understanding of Ethereum's digital signature mechanics
Building cryptographic verification flows with ethers.js
Smart contract development for signature validation
Applying zero-trust principles in traditional web workflows
Designing systems that are secure by design, not just by patching

What's next for SignChain

Enhanced security features including signature expiration and nonce support
Mobile wallet integration via WalletConnect and other providers
SDK development for easy integration into existing fintech platforms
Multi-chain deployment on low-fee networks like Polygon and Base
Enterprise partnerships in fintech and e-governance systems

Potential Impact

Cost savings: Fintech platforms processing 1 million transactions/month could save ₹1–4 lakh/month in SMS OTP costs
User experience: Eliminates OTP delivery failures and reduces authentication friction
Security enhancement: Removes phishing, SIM swap, and social engineering attack vectors
Future-ready architecture: Enables transition to Web3-style authentication in traditional systems