EIP-7522: OIDC ZK Verifier for AA Account

Discussion for Add EIP: Account Recovery by OIDC by dongshu2013 · Pull Request #7743 · ethereum/EIPs · GitHub

The purpose of the EIP is to standardize the interface for a new model which use OpenID ZK Verification as the recovery mechanism for AA account.

8 Likes

This is a very interesting proposal, and I think it could be a very powerful primitive. It’s great to see it being published as an EIP.

If I have one question, it’s whether there are known requirements for creating a proof of a HWT, e.g. what cryptographic schemes need to be supported etc. Is there reference documentation for this? For example, is there an implicit dependency on a zk implementation of say the OIDC spec?

1 Like

@orbmis The implementation is open to all the ZK algorithms. Right now we mainly focuses on the Nova implementation: GitHub - OpenID3/zk-jwt: the library to generate zk proof for JWT

1 Like

This is really interesting. I’m curious about the vision for the guardians.

One may set multiple OIDC identities(e.g. Google Account, Facebook Account) as guardians to minimize the centralization risk introduced by the identity provider.

Does this imply the ability to roll up multiple JWT proofs into a single proof? For example, if I had a wallet where I wanted to set up 3 guardians and require a 2/3 threshold of valid JWTs as a precondition for recovery, is that feasible with this approach? It seems critical to enforce a minimum of 2 JWT signatures for this to effectively minimize centralization risk, but I’m not sure if this is one of your design goals.

Supporting the mode with multiple OpenID to recover one account is one of our goals, not only to ensure the recovery is decentralized enough but also to provide better security. The way to achieve this is quite flexible though. We can either aggregate the proof off-chain or we can simply implement the multi-sig logic on-chain and do verification for each proof separately.

1 Like