Aptos launches keyless wallets that use ZK-proofs to verify identities


According to a July 3 announcement, the Aptos blockchain has launched a web-hosted keyless wallet application that uses ZK-proofs to verify users. Called “Aptos Connect,” the new wallet allows users to connect to decentralized applications using a Google login without needing hardware security modules, passkeys, or a multiparty computation network.

According to the announcement, Aptos Connect “simplifies Web3 onboarding by allowing users to create and manage Aptos blockchain accounts in 1 click with their Google login, eliminating the need for private keys and providing a seamless experience within [the developer’s] app.” It does this by using “the OpenID Connect (OIDC) standard and zero-knowledge proofs to link social logins to blockchain accounts.”

Aptos connect wallet. Source: Aptos

Allowing users to log in with a Google or Apple ID is not a new idea in crypto. Several wallet protocols already do this, including Magic Labs’ “Magic Links,” Web3 Auth, and Coinbase’s Smart Wallet. However, Aptos Connect claims to provide the same convenience without requiring users to click an email link, enter a passkey, or rely on a multi-party computation network.

Related: New tech could make crypto and Web3 wallets more convenient

Instead, users simply push a “Continue with Google” button and select a Google Account to log into their wallet. Aptos claims that Apple ID integration is “coming soon,” which will provide an alternative for users that do not want to use Google.

Aptos Connect app login page. Source: Aptos

According to developer documents, the new app was made possible by Aptos Improvement Protocol 61 (AIP-61), which allows transactions to be authorized through the JSON Web Tokens (JWTs) used by Google, Facebook, Apple, and other login providers. ZK-proofs are used to disguise the identity of the user and login provider. This prevents blockchain data from revealing the Google ID associated with a particular Aptos account.

In its announcement, Aptos claimed that the new wallet may help to onboard “a new generation” of crypto users:

“By leveraging familiar web2 login flows, Aptos Connect makes it easier than ever for builders to onboard a new generation of users into the world of blockchain with just one click, no private keys needed.”

Aptos Connect relies entirely on the security of the user’s Google account to secure funds. For this reason, the documents warn that if a user’s Google account is hacked, they may lose their cryptocurrency: “If the OIDC account (e.g., Google) is compromised, all keyless accounts associated with that user’s OIDC account will be vulnerable.”

Even so, the documents claim that some users may be comfortable with this risk, as “all the software on the Internet” currently relies on Web2 login providers.

Over the past year, the Web3 industry has been increasing its focus on developing consumer-friendly wallets. In June, Coinbase rolled out its smart wallet application, which allows users to create a new wallet using a Windows Hello passkey. Eco offered a similar product, called “Beam Wallet,” in July 2023.

Magazine: Could a financial crisis end crypto’s bull run?