LIT-Protocol / LitGrants

Apply for a Lit grant and be part of the Lit ecosystem!
25 stars 2 forks source link

Open Grant: iOS In-App Purchase and Attestation Bridge #67

Open codynhat opened 1 year ago

codynhat commented 1 year ago

Open Grant Proposal: iOS In-App Purchase and Attestation Bridge

Name of Project: iOS In-App Purchase and Attestation Bridge

Proposal Category: integration-adoption

Proposer: codynhat

Do you agree to open source all work you do on behalf of this grant and dual-license under MIT, APACHE2, or GPL licenses?: Yes

Project Description

Apple's developer platforms and App Store have various methods of attestation that developers can use to verify app integrity or unlock features. These include:

This project is a set of Lit Actions that act as a bridge between these Apple-specific attestations and the new onchain standard Ethereum Attestation Service (EAS) . These onchain attestations would attest that an Ethereum user (wallet) has performed one of these actions in the Apple ecosystem.

image

Bringing these attestations onchain enable new use cases for dApp developers, including:

Value

Lit's programmatic signing is a great fit for implementing this bridge. These attestations use various cryptographic standards that can be difficult or very inefficient to use in the EVM. They also require reading certificate chains and verifying the trusted root as Apple, which would require some oracles if implemented in the EVM. Lit is a better solution to both of these problems than implementing a bridge as an EVM smart contract.

This project would bring new app developers to Lit who are looking to enable functionality for their iOS users in a Web3-native way. It can also set an example for how a solution like Lit can integrate with Ethereum Attestation Service to bring all kinds of attestations to the Ethereum ecosystem.

Some risks include unknowns around the complexity of verifying these attestations from Apple. They have recently transitioned to adopting JSON Web Signatures (JWS), which should help by allowing the use of existing tools and libraries. There are also unknowns around interacting with the Lit Protocol from an iOS device.

Deliverables

The final deliverables include:

  1. A repository for the Lit Actions and deployments
  2. A proxy service that receives App Store data from clients and forwards to the appropriate Lit PKP

image

Development Roadmap

Assuming roadmap starts Oct 30.

1. App Store Purchase Attestation

Budget: $2000 Time: Nov 12 (2 weeks)

Attestations needed to verify a user has purchased a specific version of a free or paid app from the App Store.

image

1a. Device nonce attestation

1b. AppTransaction attestation

2. In-App Purchase Attestation

Budget: $1500 Time: Nov 26 (2 weeks)

Attestations needed to verify a user has purchased a specific in-app purchase from a particular app in the App Store. Includes consumables, non-consumables, and subscriptions.

image

2a. App account token attestation

2b. Transaction attestation

3. App Integrity Attestation

Budget: $1500 Time: Dec 10 (2 weeks)

Attestations that verify some arbitrary piece of data is signed by a valid instance of a particular app. This is done by verifying from Apple that a particular keypair is stored in the on-device Secure Enclave and can only be used by a particular installed app.

3a. App keypair attestation

Total Budget Requested

Total Budget $5000

Maintenance and Upgrade Plans

I plan on deploying and maintaining instances of the Lit Actions and a proxy server. I have plans for future projects that will leverage these, and should have the incentive to keep them up and running.

Team

Team Members

Team Member: codynhat Github: codynhat Twitter: codynhat Telegram: codynhat

Team Member LinkedIn Profiles

https://www.linkedin.com/in/codyhatfield/

Team Website

https://codyhatfield.me

Relevant Experience

I have been developing iOS applications for over a decade and have spent the last few years in the Web3 space developing EVM smart contracts and dApps. I have experience from a past employer with verifying In-App purchases on the backend, as well as various device attestation checks across both iOS and Android.

I have not developed a Lit Action before, but have some experience with older versions of the Lit JS SDK using encryption/decryption.

Team code repositories

Github profile My main project in the Web3 space: https://github.com/Geo-Web-Project

Additional Information

I have been following Lit Protocol for over a year and have known about the open grants program for awhile. I probably originally learned about it when browsing the Lit documentation site.

cody.hatfield@me.com Telegram: codynhat