Sign-in with Substrate: Enabling a new world of self-custodial identity-based applications and services for Polkadot

Sign-in with Substrate (SIWS) offers a standardized way for Substrate users to use their keys to log in and access off-chain applications and data stores. This enables users to store and access their own data in Web2-style apps, but do so with a self-custodial identity, meaning users do not need to rely on a centralized identity provider such as those which are generally required for Web2 today.

SIWS has been designed to be similar to Sign-in with Ethereum (SIWE), with message formats that enable applications to clearly state their URI, a welcome message, or other information that the user may need to accept, such as a Terms of Service. A cryptographic signature can then indicate acceptance of the message, as well as authentication of the user.

With this, the Polkadot Ecosystem, as well as independent Substrate-based chains like Aleph Zero, Vara, and Avail, among others, have an identity primitive in SIWS that opens up new utility for Substrate keypairs, and brings Substrate up to par with other ecosystems, such as Ethereum and Solana. Application providers have a standardized format they can use to perform authentication via signing, and users have a much cleaner and clearer experience of the action they are taking when using their keys to sign into an application.

Talisman has been building on Polkadot since mid 2021 — a few months prior to its mainnet launch. We chose to build on Polkadot because the combination of multi-chain interoperability, the shared security model and the customizability enabled by the Polkadot SDK lead to higher quality blockspace than alternatives, and we felt that we could bring a needed injection of UX to the table to complement the strong technology foundation.

SIWS has been developed by the Signet team at Talisman, and its open-source release has been funded by the Web3 Foundation Grant Program. We invite and encourage other teams to build on SIWS, and to contribute to its evolution and expansion.

Where did it come from?

SIWS was developed in the course of creating Signet, enterprise workflow-focused blockchain software. We had the need to authenticate users securely to give them access to information stored off-chain. When we surveyed the market, we found a small number of custom-built solutions for authenticating users in Substrate, but were built ad hoc without reusable components. We examined what was happening in other ecosystems (namely Ethereum), and felt that having a similar experience in Polkadot could catalyze broader activity in Polkadot, and decided to release this library as a common good.

Why is SIWS important?

Identity ownership is one of the important use cases of web3 and cryptography in general, but as of today, it requires users to commit to the use of crypto and blockchain, which can slow adoption due to the difficulty of integration and emerging blockchain use cases beyond speculation. By being able to take a component of Web3, the keypair, and pair it with existing and easily developed Web2 software, we can bridge the gap, bringing more utility to Web3 accounts and introducing Web2 developers and users to the benefits of self-custodial identity.

For Polkadot and other ecosystems based on Substrate, we see benefits for a number of stakeholders:

Application Developers

Application developers will gain access to a new population of Substrate users who already attach importance to their blockchain-based identities. Devs will be able to create richer experiences by combining aspects of off-chain data with blockchain data, resulting in more and better user experiences. At the same time, they can establish trust, since the signing format and messaging is very clear to the end user.

App Developers already in Substrate will be able to standardize their messaging so that users can feel reassured that the signing process is only for logging in, and doesn’t include other permissions such as those for token approvals or transfers. In addition, they will be able to be assured that users logging in adhere to a Terms of Service, if that is included in the sign-in flow.

End Users

End users will have more control over their identity and will have greater privacy when using SIWS, compared to Web2. This includes the ability to choose to supply personal or identifiable information, beyond just using a blockchain address, when using an SIWS-enabled application.

In addition, today’s crypto users are wary of signing messages, given the potential actions that might be taken, such as approvals to move funds. SIWS can allay this fear by using a standardized message. Wallets could also aid in this by displaying a specialized login screen when the signature requested adheres to the SIWS format.

Ecosystems

SIWS ultimately results in a blossoming of new applications and services for the Substrate ecosystem, because the barrier to entry of creating a Substrate-enabled application has greatly decreased. It enables the potential to create richer applications where off-chain data can enhance blockchain-based data.

Because SIWS includes an easy-to-use drop-in component, and adoption requires no knowledge of the blockchain, using SIWS could be an easy way to bring new developers into the ecosystem that then build and create value. And as those developers learn more about Substrate, there will be a halo effect as they integrate more Substrate functionality and become part of the ecosystem.

What is it?

SIWS provides a standardized flow and library that enables an application developer to:

1. Display a welcome message, URI, date and nonce, as well as additional information such as a Terms of Service, in a standardized message format.
2. Establish the intent of logging in and be sure that the user has cryptographically acknowledged the above message with a signature.
3. Once authenticated, provide access to off-chain data stores or other functionality tied to the user.

SIWS is agnostic to the technology chosen for the frontend and backend, though it is initially implemented as a JavaScript package written in Typescript. You can install it with the following command:

npm i @talismn/siws

The package includes a component for the application, as well as the backend that features:

• Construct human readable sign in message
• Construct messages using the stringified JSON format
• Decode and parse string message of both formats into JS object
• Basic validations (e.g. expiration)
• address utility to help with dealing with address string
• verifySIWS utility to help verify that a signature is valid

Please see the GitHub repo for more information: TalismanSociety/siws: Sign-In with Substrate (github.com)

How do I get started?

If you visit https://siws.xyz, you will see a simple demo app based on Next.js, which enables logging in and calling a protected API. You can easily clone this repo and modify it to get started.

Alternatively, you can add it to an existing project. Check the documentation for more information on how this works.

Where to next?

We have just scratched the surface of what is possible with the release of the SIWS library. We’d love to put out a call to the ecosystem to try it out, integrate it into applications, and share it with others who may benefit from using it. And let us know what kinds of improvements you would like to see. If you have any questions or suggestions, please join us on Matrix or Telegram.

Lastly, we are immensely grateful to the Web3 Foundation for bringing this piece of common good software to life. We believe it can catalyze growth for Substrate, and bridge Web2 and Web3 developers and users.

Thanks,

The Signet team at Talisman