Tavuk Civciv

2FA Time-based One-time Password App which utilizes Fully Homomorphic Encryption with Fhenix. This project implements a decentralized two-factor authentication (2FA) system using Fhenix. By integrating Time-based One-Time Passwords (TOTP) and Fully Homomorphic Encryption (FHE), we provide a secure and decentralized method for user authentication and transaction authorization without relying on centralized servers.

Note: The Project is not complete with smooth UI. UI integration has problems. OTP Randomness and generation is pseudo. UI is not complete. Contracts are not the best version.

Project Overview

The project consists of three main smart contracts:

• TwoFactorAuth.sol: Implements 2FA by requiring approvals from two separate Ethereum addresses—a primary address and a second signer.
• TOTPWallet.sol: A smart contract wallet that uses TOTP for transaction authorization for demonstration of the 2FA, with TOTP validation performed using FHE to ensure confidentiality.
• TwoFactorAuthTOTP.sol: Integrates the above contracts to provide a comprehensive 2FA system using encrypted OTPs.

Future Enhancements

• Confidentiality via FHE: By requiring approvals from two separate addresses and encrypted OTPs, the system significantly reduces unauthorized access risks. Use sealing and eaddress for confidentality.

• Decentralization: All authentication processes need to be on-chain like random OTP's etc. aligning with blockchain's trustless and decentralized principles.

• UI/UX Empowerment: Implement flawless and smooth UI

• Scalability: The modular design allows for future enhancements and integrations, such as additional authentication factors.

I used Solidity and Fhenix Protocol contracts for Smart Contracts which utilizes Fully Homomorphic Encryption. I used, next.js, react.js and Ethers.js for frontend. I used Fhenix partner project to enable secure handling of encrypted data directly on-chain, which is crucial for processing OTPs without revealing them because traditional smart contracts cannot securely process confidential data. FHE allows us to perform necessary computations while maintaining data privacy. The hacky thing that I made is the performing TOTP verification on-chain on the smart contract wallet without exposing the secret key or the OTP. I wrote the FHE computation of the OTP Algorithm.