Biometric signers

A Safe smart wallet is controlled by one or multiple signers who sign a transaction from their individual wallets, enabling the smart contract wallet to execute the transaction. Currently, these signers primarily consist of Externally Owned Accounts (EOAs), which means users have to rely on the legacy wallet experience to interact with their Safe, including managing private keys.

Cometh Connect supports the use of multiple biometric signers. You can control your smart wallet with nothing else other than your FaceID or your fingerprints thanks to the WebAuthn standard found in most devices today.

WebAuthn

WebAuthn is the current Web2 sign-on standard used by the majority of online services who’ve implemented passwordless sign-ons.It uses public key cryptography to register and authenticate users, and its security is achieved via biometrics and storage processes. It operates at a systemic level such as TouchID/FaceID on iOS, Hello for windows, or FIDO on Android. It’s revolutionized the way we interact online, removing the need to remember all the different passwords and it has become way more secure: it's much harder to hack someone’s face or fingerprint than it is a password.

WebAuthn stores private keys in your device's secure enclave, turning it into a hardware wallet everyone already carries. With Cometh Connect, sign transactions using your biometrics—a familiar process for most users, suitable for both web and mobile.

Creating the Biometric Signer

Ethereum and its EVM currently uses Elliptical Curve cryptography for its signing algorithm. Several different curves exist, defined by different mathematical equations, but Ethereum itself uses secp256k1 for its own algorithm called ECDSA. Used also on Bitcoin, it generates and verifies all digital signatures. Whenever a transaction is made, users utilize their private keys to sign using the ECDSA algorithm. The problem lies with the fact that this specific curve is not available with WebAuthn today. Instead, WebAuthn works with the secp256r1 elliptical curve, a curve natively supported in all smartphones and almost all the web browsers! Cometh allied with Ledger and successfully applied the secp256r1 elliptical curve on Ethereum to create secure authentication and signing for transactions/smart contracts. The resulting signature can be verified on-chain by a smart contract. This Biometric Signer was built using several cryptography techniques such as Shamir trick and Windowed method.

Once a user is onboarded with their Biometric Signer, they remain in total control. There is no sharded key scheme or Multi-party computation (MPC) bypassing the key custody: the key to use the wallet sits in the user’s hardware.