EVM Sign-In

To expand the assertion of digital identity securely and privately, Litentry has extended its service provision to include Ethereum users with our Ethereum Virtual Machine (EVM) sign-in feature. This novel approach leverages the Direct Invocation attribute of the Identity Hub that enables sending direct requests without the need to send extrinsics. With this, the IDHub can accept queries from EVM-based addresses, and users who do not own a parachain/substrate account can create IDGraphs and request VCs with their EVM wallet addresses. This is achieved by mapping the EVM address to the Substrate address space and by supporting the EVM signature scheme.

Signature verification

Currently, the Litentry sidechain worker supports two new types of signatures:

• Ethereum

• EthereumPrettified

They both use ECDSA secp256k1 to verify signature correctness. The difference is that the latter uses "Litentry authorization token:" prefix to assure users that the transaction payload is generated within Litentry context.

Address mapping

All IdGraphs are stored inside the substrate's pallet storage and identified by user's AccountId. This requires an address mapping from EVM format to Substrate format for all interactions originating from EVM wallets. We use a one-way mapping procedure.

The mapping procedure involves:

1. Taking 20 bytes of EVM address

2. Prepending them with evm:

3. Computing Blake2-256 ; and

4. Creating 32 bytes AccountId from hash result

Ethereum Virtual Machine

The Ethereum Virtual Machine (EVM) is a key component of the Ethereum blockchain. It is a runtime environment that executes smart contracts, which are self-executing contracts with the terms of the agreement directly written into code. It is often described as a sandboxed, isolated environment that ensures the execution of code is consistent across all nodes in the Ethereum network.

The EVM operates on a stack-based architecture, where instructions manipulate data on a stack. It is a Turing-complete machine, meaning it can perform any computation that can be expressed algorithmically. This allows for the execution of complex operations and the implementation of decentralized applications (dApps) on the Ethereum network. Overall, the EVM enables the creation of a wide range of blockchain-based services and functionalities.

The EVM sign-in feature on the IDHub empowers users to authenticate their identity using their Ethereum addresses. In essence, it’s akin to employing your Ethereum wallet to sign into a myriad of platforms, mirroring the convenience of using Google or Facebook for diverse website logins, with the big difference being that you control your data.

Primary Identity of IDGraph

Upon the launch of IDHub, an IDGraph is created when the shielding key for a Litentry-parachain address is set. Users can link, verify, or remove identities and request VCs by sending extrinsics from that address. Now, the same can be done with an EVM address.

This means that:

• Each IDGraph has one primary identity, which can be a Litentry-parachain address or an EVM address.

• Only the primary identity can modify the IDGraph.

• The shielding key is bound to the primary identity.

• IDGraphs are not merged automatically. IDGraphs with distinct primary identities are considered different. For example, if substrateA links substrateB, and the user later logs in with substrateB, the IDGraph is empty and they need to link substrateA again if they want to include it in the VC assertion building.

It is important to note that the primary identity is the identity that can manage (read and write) the IDGraph. Users can designate at most one web3 address as the primary address with zero restriction on the network type (Litentry-parachain or EVM address).

The address that the user uses to log in to the IDHub for the first time becomes the default primary address and it can only be changed by sending a set_primary request from the old primary address.

Implementation of EVM Sign-In

The core scopes of the EVM sign-in feature are:

Ethereum signature verification - With EVM implementation, users will be able to create identity graphs and request VCs on IdentityHub with their EVM public/private keys, instead of only substrate keys. Users can sign in with their EVM-compatible addresses such as Ethereum and BSC to seamlessly access the IdentityHub services. This integration allows users to link their identity and establish an IDGraph using their EVM-compatible address as the primary account.

EVM IDGraphs - An identity graph is a data structure that represents the relationships between different identities that belong to the same individual. It represents the relationship between a user’s different accounts and can be used to map out a user’s aggregated identity through his EVM address.

Identity Linking - User Identity can be linked to only 1 IDGraph. This is because the user shielding key is bound to the IDGraph but can only be managed by the primary identity. As a result of this, it is the only entity that can view or update the shielding key which is required to encrypt the user data (e.g. IDgraph, or VC payload).

Advantages of EVM Sign-In

• Security: Leverage the built-in security protocols of your Ethereum wallet to interact with the IDHub.

• Simplicity: Bypass the hassle of juggling multiple usernames or passwords. Your Ethereum wallet address is the foundation of your web3 identity.

• Interoperability: A bridge between Litentry parachain and Ethereum is been maintained to facilitate token flow and usage in both networks. This allows you to engage effortlessly with an extensive array of applications within the Ethereum ecosystem (now including the IdentityHub).