Identity & Security
Learn how Refract unifies Web2 social identities into a single, secure Web3 profile using the zkMPC wallet infrastructure.
Concept: Identity & Security
Refract Network fundamentally redefines Web3 identity by anchoring it to a user’s existing Web2 social graph. We abstract away the complexity of seed phrases and wallet addresses, allowing users to leverage their established digital presence on platforms like TikTok and Telegram as the foundation for a single, secure, and self-custodial Web3 profile.
Unifying Web2 Mobile Platforms with Refract AnyAuth
The Refract AnyAuth engine is the identity layer that makes this possible. It acts as a bridge, transforming platform-specific authentication tokens into a unified, chain-agnostic identity within the Refract ecosystem.
Technical Flow:
- Platform Authentication: A user initiates a login or transaction within a host app (e.g., a Telegram Mini App).
- Credential Verification: The host platform provides a short-lived, verifiable credential. For example, Telegram provides a signed
initDatastring, while TikTok provides an OAuth 2.0 access token. - AnyAuth Validation: The Refract Passport client sends this platform-specific credential to the AnyAuth engine. AnyAuth uses the platform’s public keys (for Telegram) or validation APIs (for TikTok) to cryptographically verify that the credential is valid and belongs to the claimed user.
- Unified Identity Mapping: Once validated, AnyAuth maps the platform-specific ID (e.g.,
telegramId) to a stable, internal RefractuserId. If the user logs in from another platform, AnyAuth can link the new social account to the sameuserId, creating a multi-platform, single-user profile.
This process allows a user to access the exact same wallet and dApp history whether they are coming from Telegram, TikTok, or another supported platform, without needing to manage separate keys for each one.
The zkMPC Wallet Infrastructure
The security of this unified identity is guaranteed by our zkMPC (Zero-Knowledge Multi-Party Computation) Wallet Infrastructure. This system ensures that a user’s Web2-derived identity is bound to a self-custodial wallet without ever concentrating key material in a single, vulnerable location.
As detailed in our Security Section, the user’s wallet is not a single private key but is instead composed of three mathematically-linked shares managed by a cggmp-24 threshold-ECDSA scheme.
The key insight is that the user’s social login, verified by AnyAuth, becomes the “key” to authorize the participation of the Client Shard (xC) and Enclave Shard (xS) in a transaction. This architecture binds the ease-of-use of a Web2 login to the robust, non-custodial security of a cutting-edge MPC wallet.