Self Proposed Open Task: Single Sign On with Semaphore (Anoiden)

[someone-there]

Self Proposed Open Task: Single Sign On with Semaphore (Anoiden)

Executive Summary

Project Overview

The Anoiden project is a novel anonymous single sign-on protocol leveraging zero-knowledge proofs, specifically the Semaphore protocol. The main objective is to enable users to sign in to various service providers anonymously without disclosing their identity, thereby protecting user privacy even if the identity and service providers collude.

• Anoiden V1 Spec(Draft)
• PoC demo

Project Details

Motivation

Single sign-on (SSO) is a technology that enables users to sign in using their user information provided by an identity provider, with service providers obtaining user information from this identity provider. However, there is a privacy concern due to the coupling of identities across services. Anoiden addresses and resolves this issue using Semaphore.

Scope of Work

1. Detailed Protocol Specification
2. Extension Implementation
3. Anoiden.js Implementation
4. Development of Sample Application

Detailed Protocol Specification (3 weeks)

Complete the detailed specification of the Anoiden protocol, including the following aspects:

1. Enhancement of Protocol Documentation
   • Protocol Mechanics: Detail the fundamental mechanics of zero-knowledge proofs as implemented in the Anoiden protocol, from user authentication to the final verification by service providers.
2. Documentation of Security Analysis
3. Specification Validation
   • Seeking Reviews: Gather reviews of the protocol’s design and security features, and collect their advice.
   • Iterative Improvement: Continuously improve the specification based on feedback, advice received, and testing outcomes.

Extension Implementation (3 weeks)

Design and implement the browser extension.

1. Design Architecture: Plan the architecture of the browser extension, including how it interacts with the browser, anoiden.js, and external servers.
2. Implementation
   • User Interface: Design and implement a user-friendly and accessible interface.
   • Key Management: Implement secure mechanisms for generating, storing, and managing Semaphore keys.
   • Semaphore-based Authentication: Implement an authentication process utilizing semaphores.
3. Security Features: Implement advanced security features such as limiting number of pop-ups.
4. Testing and Validation: Conduct extensive testing, covering unit tests and integration tests.

Anoiden.js Implementation (Work on the extension implementation concurrently)

Develop the Anoiden.js library to facilitate seamless integration with web clients.

1. Library Design: Define the functionalities and interfaces of the Anoiden.js library. Determine the methods for integrating with service providers and identity providers.
2. Implementation of API Calls: Code the necessary API calls to facilitate communication between the browser extension, the user’s browser, and SP/IdP servers.
3. Error Handling: Develop robust error handling and response mechanisms to ensure the library can gracefully manage failures or invalid responses.
4. Documentation: Create detailed documentation and example code snippets to help developers integrate the library into their projects.

Development of Sample Application (3 weeks)

Create a sample application that demonstrates the functionalities of the Anoiden.

1. Application Planning: Outline the scope and features of the sample application, including how it will demonstrate the functionalities of the Anoiden protocol.
2. Frontend Development: Develop the user interface of the application, ensuring it is user-friendly and demonstrates the protocol effectively.
3. Backend Integration: Implement the server-side logic necessary to interact with the Anoiden protocol, including handling authentication and managing user sessions.
4. Deployment and Testing: Set up a deployment process, deploy the application in a test environment, and conduct thorough testing.
5. Documentation and Tutorial: Create comprehensive documentation and tutorials that explain how the application utilizes the Anoiden protocol, serving as a practical guide for developers.

Expected Outcomes

Even those without knowledge of ZK will be able to become IdPs or SPs, and PC users will have access to a more privacy-conscious, reliable single sign-on.

Qualifications

Skills Required

• TypeScript
• Understanding of ZKP
• Browser Extension Development
• Web Development (Frontend and Backend)

Preferred Qualifications

• Experience with Semaphore Protocol
• Understanding of Identity technologies

Administrative Details

Estimated Project Duration

The estimated project duration is 2-3 months, with a possibility of extension based on the progress and requirements.

Project Complexity

Considering the security of protocols and implementations from various angles, and the availability of semaphore libraries, the difficulty level is considered Medium.

Additional Information

About sqeth

I am a university student in Japan, passionate about privacy-related technology. I have experience in developing web applications and Chrome extensions. My Discord ID is squs.

Reference Material

• Anoiden V1 Spec(Draft)
• PoC demo