Web3 is a new frontier. Uncharted, unknown and exciting territory. That's why many of us are here building. A new frontier presents new opportunities, all brought together through cryptography-backed identities.

Authentication is a crucial component that makes it possible for users to interact with decentralised applications. There are though, many dangers and risks to be aware of, including risk of being phished,impersonated, or simply making mistakes. This guide offers web3 businesses ideas and tools to secure their businesses, teams and users with web3 authentication.

The Problem with Web3 Authentication Today

Web3 authentication today relies on cryptographic keys and wallet signatures. Typically, a user 'signs' a 'message' to confirm that they control the wallet address. This action is distinct from making a transaction,which involves sending digital assets or interacting with smart contracts. When signing in with a wallet, the user proves ownership of a specific wallet address by signing a message with the associated private key, granting access to a decentralized application or platform. This form of authentication gives strong guarantees to the person or application requesting authentication, with the burden of proof on the user. Unfortunately, wallet signatures are also a common vector for phishing attacks, where malicious actors aim to obtain the signature to perform unauthorized actions or transactions on the user's behalf.As a result, the often complex "blind signing" authentication process is an anxiety-inducing step for users, who must carefully review the message content to ensure its legitimacy before signing.

It is a stark contrast to the simplicity of traditional login methods like email and password, and managing cryptographic keys requiresa significant learning curve with the risk of losing access to digital assets and potentially significant savings if a private key is lost or compromised.

The current Web3 authentication and transaction methods pose significant barriers to mainstream adoption, especially when considering Web3's diverse ecosystem, with its many different blockchain protocols and wallet standards.

To address these challenges, the Web3 ecosystem needs to prioritize the development of more user-friendly, secure, and standardized authentication and transaction processes. This includes creating more intuitive user interfaces and authentication methods, implementing robust key management solutions, and establishing industry-wide standards for authentication and secure transaction signing. By reducing complexity, mitigating risks, and clearly distinguishing between authentication and transaction processes, Web3 platforms can lower the barriers to entry and encourage widespread adoption of their applications.

The Solution to Web3 Authentication

Mailchain emerges as a solution to these authentication challenges, simplifying Web3 authentication through its secure, fully end-to-end encrypted communication protocol.

Mailchain, the communication layer for web3, supports messages for 1:1 and group chats, using web3 identities and wallet addresses.The protocol supports most significantly adopted blockchain protocols oridentities and includes an open source SDK for developers and a private web3 inbox for users.

Reusing Identity Proofs

When a user registers their address with the Mailchain protocol to send and receive messages, they authenticate once, signing a message. This proof has two purposes: first, it proves to the protocol that the user is in control the wallet’s private keys; second, the data contained in the signature contains a user-generated messaging key which is used for communication purposes. The proof is reusable for authentication purposes and does not require additional wallet interaction. In its simplest form, that means users can login to other decentralized applications using a unique authentication link sent to their wallet address. It takes the hassle out of having to make users take out their wallet until they need to transact. It not only drastically improves the level of security for users, who face less friction and risk, only needing to verify transaction details at certain points, it also reduces the surface area of attack within applications. Further measures can be taken to secure sessions, from time-based links toinbox-generated self-sovereign verifiable credentials.

Simplify Access with Magic Links

Mailchain enables sending secure ‘magic’ authentication links or one-time passwords directly to wallet addresses. Dapps can rely on Mailchain’s reusable identity proofs to ensure that only the intended recipient receives the authentication link or code, granting access to a website without making users sign a transaction with their wallet.

Example Tutorial: Mailchain Magic Links

Disable Link-sharing With Inbox-Generated Verifiable Credentials

Link sharing could potentially result in unintended access being granted in some scenarios. To prevent this, Mailchain’s Inbox can generate W3C Verifiable Credentials to authenticate the recipient, adding an additional layer of security to authentication. In addition to using the reusable identity proofs which contains the originating wallet signature used prove that a user controls a wallet, the self-signed verifiable credential can be verified to ensure the link was clicked by the intended recipient.

Permit NFT-based Allow Lists

Easily incorporate allow-list logic into authentication flows so only desired NFT holders can get access. Using this mechanism to authenticate exclusive access to owners of certain NFTs the holders can be granted access without putting their NFTs at risk.

Prevent Spoofing and Phishing

The Mailchain protocol and inbox have built-in checks to ensure that a message sender is genuine, preventing spoofing and reducing the possibility phishing. If the signatures don’t match the expected values, then the messages are discarded. Users can be sure that communications from specific wallet addresses or web3 identities have originated from them.

Verifiable Mailto Link for Social Profiles

Mailchain’s mailto links provide a safe means for users to add contact details to their profiles, using the wallet address or identity directly from the profile or on-chain data. A good example commonly used by creators and in communities is visible on the TzKT block explorer profiles.

Authenticate Users from Multiple Protocols

Dapps can use the same means of authentication for users of different blockchain protocols or web3 identities. For example, users could be from Ethereum (or any L2/ EVM), Solana, Tezos, or Near ecosystems, using their plain wallet addresses or ENS, .sol, .tez, .near, .lens handles. BecauseMailchain supports most significantly adopted blockchain protocols oridentities, developers can leverage this to amplify their own reach without the need for additional wallet integration for authentication. 

Mailchain’s Privacy-First Features

Mailchain is built using the principle of ‘privacy-by-design’. The protocol ensures all messages are end-to-end encrypted so only the intended recipient can access or read their messages.

End-to-End Encryption

Mailchain ensures message privacy through end-to-end encryption. All messages are encrypted on the sender's device before being sent and are only decrypted on the recipient's device. This means that nobody, including Mailchain or any intermediaries, can read the contents of the messages except for the sender and the intended recipient. End-to-end encryption protects user privacy and prevents unauthorized access to sensitive information.

Key Separation for Enhanced Security

Mailchain employs a key separation mechanism to ensure that a wallet address does not need to use its spending keys for authentication or communication purposes. When a user registers their wallet address with Mailchain, a separate set of keys is derived specifically for messaging. These keys are used to sign and encrypt messages, while the spending keys associated with the wallet remain securely stored and are never exposed. This separation of concerns adds an extra layer of security, as even if the messaging keys were to be compromised, an attacker would not gain access to the user's funds. By isolating the messaging functionality from the spending capabilities of awallet, Mailchain minimizes the risk of unauthorized transactions and enhances overall user security.

Unified Inbox

Mailchain’s unified inbox allows users to manage all their registered wallets and identities from a single interface. This offers aconvenient way for users to keep track of their various Web3 identities without compromising privacy. Importantly, only the user knows which wallets areregistered to their Mailchain account, ensuring that the link between these identities remains private.

Sender Verification

Mailchain implements sender verification through sender-signature checks. When a message is sent, it is signed with the sender's private messaging key. Upon receipt, the signature is verified using the sender's public key to ensure the message's authenticity and that it originated from the claimed sender. This prevents spoofing and reduces the risk of phishing attacks.

Recipient Verification

Mailchain guarantees that messages are only received by the intended recipients using encryption that solely the intended recipients can decrypt. The protocol employs public-key cryptography, where messages are encrypted using the recipient's public key and can only be decrypted using the corresponding private key, which is solely controlled by the recipient. This ensures that messages cannot be intercepted and read by unauthorized parties.

Secure Web3 Authentication

Mailchain's protocol, developer interfaces, and userinterfaces provide the building blocks for highly customizable and secure authentication flows. By leveraging reusable identity proofs, dapps can sendsecure magic links or one-time passwords directly to wallet addresses, enabling users to access services without needing to sign transactions with their wallets each time. This reduces friction and risk for users while minimizing the attack surface for applications.

Self-Sovereign Verifiable Credentials

Mailchain's inbox can be used to generate self-sovereign verifiable credentials to prevent impersonation when someone clicks a link from an inbox. These credentials, which adhere to the W3C Verifiable Credentials standard, provide an additional layer of security by ensuring that the link was clicked by the intended recipient. The credentials are self-signed by the user's wallet, offering a decentralized and user-controlled method for proving identity and preventing unauthorized access.

Decentralized Identity Verification

Mailchain supports decentralized identities by verifying the ownership properties of identities or name services directly on their respective blockchains, when available. For example, when a user registers an Ethereum Name Service (ENS) domain with Mailchain, the protocol checks the Ethereum blockchain to confirm that the user indeed owns the associated wallet address. Similarly, for Unstoppable Domains, Mailchain verifies ownership by querying the Unstoppable Domains registry on the Ethereum blockchain. This onchain verification process ensures that only the legitimate owner of a decentralized identity can register and use it within the Mailchain ecosystem,preventing impersonation and enhancing trust between users. By leveraging the security and immutability of blockchains, Mailchain provides a robust and decentralized method for verifying identity ownership, aligning with the core principles of Web3.

Web3 Communication and Authentication Strategy for Decentralized Projects

With members dispersed across various platforms, ensuring that important updates reach everyone securely and efficiently becomes a daunting task. Here is a comprehensive Web3 authentication strategy used by Web3 projects and communities that leverages Mailchain's features, enabling projects to streamline member verification, role assignment, and incorporate targeted communication into their operations, avoiding unsafe practices across non-Web3 platforms.

Establishing Membership and Roles

Define Membership or Access Criteria

Projects should clearly define the criteria for gaining access or becoming a member. This could be based on participation levels, contributions, NFT ownership, or other project-specific requirements.

Differentiate Role Assignment

Assign roles to members based on the defined criteria, preferably using on-chain mechanisms, such as smart contracts or NFTs. These roles can represent different levels of responsibilities and engagement within the project, such as core team members, contributors, and general participants.

Decentralized Identity Verification

Leverage Mailchain's support for decentralized identities,such as ENS domains or Unstoppable Domains, to verify member identities. Mailchain checks the ownership properties directly on the respective blockchains, so projects can ensure that only legitimate identity owners can register and participate, preventing impersonation and enhancing trust.

Secure and Targeted Communication

Direct and Secure Updates

With verified member addresses, projects can send updates directly and securely using Mailchain's end-to-end encrypted messaging. Thisensures that communications reach intended recipients without relying on potentially insecure social channels, protecting sensitive information andmaintaining privacy.

Role-Based Messaging

Use on-chain roles to filter messages based on member rolesor participation levels. Mailchain's protocol allows for granular access control, enabling projects to send targeted messages to specific groups. This prevents information overload and ensures each message is relevant to the recipient's role within the project.

Engagement Segmentation

For specific feedback or engagement, segment the audience based on their on-chain roles. For instance, reach out to active members or those who have participated in multiple events for detailed feedback, and approach less active members with targeted questions to understand their lack of participation. Mailchain's unified inbox makes it easy to manage these segmented communications across multiple blockchain identities.

Secure Authentication and Access Control

Streamlined Web3 Authentication

Implement one time codes or authentication links that allows members to sign up or log in using their Web3 identity via Mailchain. This eliminates the need for traditional account setups, preserving privacy and reducing entry barriers. By receiving the sign-in link through a secure channel, members prove ownership of their Web3 identity without additional verification steps, streamlining the authentication process.

Simplified Sign-In Process

Send unique, one-time access links directly to members' wallet addresses, eliminating the need for them to sign transactions each time they log in. This reduces friction and enhances user experience while maintaining a high level of security. Members verify their account by interacting with the received link, which communicates with the project's backend to confirm the member's identity and complete the registration process.

Granular Access Control

Use on-chain roles to implement granular access control for project resources, such as exclusive content, voting rights, or token airdrops. By requiring members to prove their role ownership, projects can ensure that only authorized individuals can access sensitive information or participate in critical decision-making processes. Mailchain's secure authentication links can be used to verify a member's role and grant access to the appropriate resources based on their on-chain roles.

Conclusion

Web3 authentication and communication are critical components of the decentralized ecosystem, enabling users to securely interact with applications and communities while maintaining privacy and control over their identities. However, the current reliance on wallet signatures poses significant challenges, including a high risk of phishing attacks, a steep learning curve for users, and a lack of standardization across different blockchain protocols.

Mailchain emerges as a comprehensive solution to these challenges, offering a secure, privacy-focused, and user-friendly communication protocol that simplifies Web3 authentication. By leveraging end-to-end encryption, key separation, and decentralized identity verification, Mailchain ensures that messages are only accessible to intended recipients and that users' funds remain safe. As the Web3 ecosystem continues to evolve, the adoption of secure, privacy-preserving, and user-centric communication and authentication solutions like Mailchain will be essential for building trust, driving mainstream adoption, and realizing the full potential of decentralized technologies.