Introduction

Most people think of the Lightning Network as a payment network for fast and cheap bitcoin transactions. But did you know that you can use your Lightning wallet to easily, securely and anonymously log in to certain services?

Passwords

The most common authentication method on the Internet today is username and password. It's a decades-old concept that works quite well. But what are its drawbacks?

For convenience, users often choose simple passwords that can be guessed or cracked by brute force. Alternatively, they use the same passwords across multiple services, leading to the fact that if the password leaks, attackers can hijack identities on multiple platforms at the same time. They just try the same combination on other services.

Lightning?

But what if we had an alternative way of logging in where we didn't need a username or password and the whole concept will be secure enough? Is that realistic?

The technology we will introduce in this post is the LNURL-auth protocol. LNURL is a set of protocols that extend the capabilities of the Lightning Network (we have already introduced one of them in the post about the Lightning address) and specifically LNURL-auth takes care of logging.

And how do I imagine this in practice? Simple - you open a website supporting this technology, scan a QR code with your Lightning wallet (as if you were paying a traditional invoice) and you are logged in. It couldn't be simpler. But how does that work and is it even safe?

Principle

An integral part of all Lightning wallets is the private key. As with on-chain bitcoin, this is a random number that you must not disclose to anyone and whose knowledge proves ownership of your bitcoins.

In practice, the website sends you random data that you sign with your private key and return a pair - a signature and a public key. The service then verifies the signature, and if it is correct, you have successfully confirmed your identity. This is done by knowing your private key, as only you own it and without it, a valid signature cannot be created.

In reality, you do not use the identical private key that you have as proof of ownership of your bitcoins, but depending on the URL of the website, a different key is derived for each website.

It may sound complicated for some beginners, but really it's just that your identity is tied to your private key, and as long as no one steals it, all you have to do is simply scan QR codes to log in to various services.

Your only concern is to keep this key safe - but for this you can usually use the well-known seed-phrase (12 to 24 words used to recover the master private key).

Advantages and disadvantages

What are the advantages over the traditional login with a username and password?

  • You don't need to create, remember or store any passwords.
  • You don't even need to fill in a username, you just "scan QR code".
  • Your password (in this case a private key) never travels over the network, so it cannot be intercepted.
  • Your private key is derived differently for each service, so your identity cannot be correlated across multiple services (such as if you use the same email or username).
  • Speed and simplicity.

What about the disadvantages?

  • So far, very few services support this type of login.
  • You must have a Lightning wallet that supports this technology.
  • Whoever gets full access to your wallet has your identity.
  • You are responsible for keeping your seed-phrase safe.

Practice

From the preceding paragraphs, it should be clear that you will need a lightning wallet. In this particular case, I would strongly recommend one where you actually own your private keys (so called non-custodial), i.e. Phoenix or Breez for example. Or your own node via Zeus.

There is a support for this feature in BlueWallet as well, but since it is custodial by default (third party holds the private keys for you), I would not recommend it for this case. Neither Wallet of Satoshi nor Muun wallets support LNURL-auth technology yet.

You must then back up your wallet correctly, as you will lose your identity if you lose it. And of course, you should set up some kind of additional authentication when accessing your wallet (PIN, fingerprint, FaceID, etc.).

Some may find this way of storing your identity dangerous, but if a potential attacker gets into your phone and bypass biometrics to steal your identity from the wallet itself, he can steal your passwords from any password manager in the same way...

And that's it - you don't have to use the wallet itself to pay, you don't even have to have a single satoshi on it.

And where can you try Lightning login? For example here on Stacker.News :)

LNURL-auth

Conclusion

Lightning authentication is an interesting concept that is very secure, anonymous, and user-friendly by simply scanning QR codes.

But the technology itself is still in its very early days, so we'll have to wait a while for wider support, both on the service and wallet side.

At the same time, however, it is also important to point out that there is no "real person identification" and anyone can create countless keys/wallets - i.e. identities. This issue must therefore be dealt with separately.

Anyway, you don't pay anything for the test, so go ahead!

Addition?

Wait, that's it? If you're a bit of a geek and are interested in such concepts in depth, let's take a more technical look at the LNURL-auth protocol together.

Every non-custodial wallet has a master private key (if not, we have a solution for that too). The derivation path m/138'/0 contains the so-called hashingKey. We will put this together with the service URL into the HMAC function:

1output = HMAC-SHA256(hashingKey, domain from URL string)

We take the first 16 bytes from the output and split them into 4 equally sized parts. This gives us a derivation path for the so-called linkingKey, i.e. a key that is unique for each service (URL):

1linkingKey = m/138'/<part1>/<part2>/<part3>/<part4>

After scanning the QR code, the wallet decodes the bech32 and gets an HTTPS link, for example:

1https://web.com?tag=login&k1=random_data&action=login

The tag parameter tells us that this is LNURL-auth and the action specifies the login (it can also be, for example, a registration, etc.). The very important parameter k1 contains 32 bytes of random data that we need to sign with our linkingPrivKey.

After the user has agreed to the login dialog, the wallet responds with the same URL, only adding the sig and key parameters to it:

  • sig = signed random data k1 over the secp256k1 curve using the linkingPrivKey private key
  • key = public key linkingKey
1https://web.com?tag=login&k1=random_data&action=login&sig=signature&key=public_key

The service then verifies the signature and, if it is correct, assigns the user an identity based on his linkingKey, or alternatively creates a new one if it is a registration.

More details and specification itself:

related

I love cryptographic password less auth, hate the idea that it's attached to a lightning node / wallet. For one it instills a bad habit of keeping the same node pubkey forever. For two it's tying the same level of access to log in to some random website as your financial wallet - separations of concerns people... For three, for passwordless auth it's still rather lacking. No key rotations or multikey support.

I'd love to see a dedicated non lightning app for this otherwise I hate being forced to use it (yes some websites require it)

But nevertheless great write up!

I have the same thought on this. That's why I started an app few weeks ago https://github.com/zerologin/zerologin-mobile It's not finished yet, but it works. It's a react native app (it needs a readme, definitely)

More info in this presentation https://makers.bolt.fun/story/tournament-project-zerologin-the-mobile-app-buildinpublic--126

I think the authentication is intimately tied to donations/tipping/paying for content with sats on the same site anyway, so i don't see a huge downside in reusing the same wallet. Current LN wallets were not designed for huge transactions anyway, it's not where you store your savings

I wonder if there is a way to "bridge" or transfer an LN-AUTH identity in the future? E.g. sign a transaction from both your new and your old wallets to amend the identity to the new one? Similar to updating your login email on a website.

Some websites already implemented multi wallets, like geyser.fund and makers.bolt.fun. Then you can login from these wallets to your unique website account

Hey thanks for this - I tried out Geyser and I see what you mean, I can connect multiple wallets and they are then linked together! Too bad Wallet of Satoshi does not seem to support LN-Auth though.

Do you see people interested in lightning wallets utilizing this as an introduction to cryptographic logins, or people interested in cryptographic logins utilizing this as an introduction to lightning wallets.

Hmm, could an RFID ring (the kind you wear on your hand) ever be able to log in with LNURL-auth?

Yes it could, but an uncovered RFID private key is like asking for trouble.

A card, kept in a RFID-blocking case would be more secure and convenient.

With traditional logins, if I realize my password could have been compromised, I immediately change my password as a precaution. With LNAuth logins, if someone gains access to my lightning wallet, what is analogous to a password change?

If the answer is "don't let anyone gain access to your lightning wallet", then should this technology not be used with a hot wallet, given their inherent attack vectors?

Hey, i love ln-url and i've written a starter project for everyone interested in playing around with it. Here is the auth part if you want to see an actual implementation: https://github.com/zerealschlauskwab/lnapp-starter/blob/master/src/server/routers/auth.ts

The only thing that still bugs me a bit about the auth part is the fact that if your web app depends on ln-url auth only, all your account data is dependent on ICANN eg. a centralised institution. It would be nice if the wallets could receive an array of authentication urls instead of one:

1[ 2 "https://www.mylnapp.com/authenticate", 3 "https://www.backuplnauthprovider.com/mylnapp/authenticate" 4]

...so that you can backup you users public keys if something goes wrong. Any thoughts on that?

Lightning Auth, as used here on Stacker News, is an absolute game changer.

The merging of password manager / payment rails is a deeply important shift in the way we engage with the web that people do not fully comprehend yet.

There are so many payment opportunities where I would be reluctant to "reach for my credit card" but I would have no issue using lightning for. Similarly, remembering passwords and logging into sites is still a pain in the ass sometimes, if I can just scan a QR to get in no matter what that is amazing.

I see social networks, email, and all sorts of other web systems evolving to use this system where your "digital identity" is no longer tied to email as the foreign key (the thing that uniquely identifies you) + payment method, but to your wallet's private keys handling both identity AND payment method.

Thank you for the detailed information about LNURL-auth! I had been using Breez, BlueWallet and need to try out Phoenix!

Also your feedback as well on using Zeus which is connected to my umbrel node is even better!

We just developed a web app (https://lightsats.com) during the BOLT🔩FUN Legends of Lightning⚡️Tournament which we have enabled LNURL-auth for bitcoiners as the main authentication method!

It's such an easy authentication method and also great for privacy without having to give out any personal identifiable information and also not have to remember an email or password for each site.

Since we launched the web app 7 weeks ago we've been able to get around 600 users which surprisingly 54% have authenticated via LNURL-auth 🎉🎉

I really wish other wallets start supporting it besides just Breez, Phoenix or BlueWallet.

Also some sites have also started allowing users to link multiple wallets to their profile in case they don't have access to the device when trying to access the site, this is the case for the https://bolt.fun site.

Excellent post with a very clear explanation. Now, if we can only convince Musk to use LN Auth for Twitter accounts.

Looking for easy way to use LNAuth? I use Sparrow for this. Yes. Not a LN wallet, making it easy to log in Stacker.News without any usernames & passwords.

Thanks for sharing