Standard Grant: Nydia: Passkey Holder. Chapter 2

Project Name: “Nydia: Passkey Holder. Chapter 2”
Project Lead: Oleh N.

Project Description

Like a phoenix rising from Chrome and Firefox foundations, Nydia will spread its wings to Safari and embrace the elegance of Ed25519 cryptography.

This research and development initiative will focus on two significant contributions to the field: the implementation of Ed25519 elliptic curve cryptography in passkey authentication - a first in the domain of virtual WebAuthn authenticators - and the extension of decentralized credential management to the Safari browser.

This project introduces Ed25519 support to virtual WebAuthn authenticators - an important capability defined in the specification but not yet implemented in existing solutions in this domain. While existing virtual authenticators rely predominantly on traditional cryptographic approaches, this novel implementation will introduce Ed25519’s inherent security advantages, offering a cryptographically refined and elegant solution. This advancement holds particular significance as it establishes a new reference point in the convergence of modern cryptography and WebAuthn implementations.

Additionally, this endeavor builds upon insights gained from the initial phase of Nydia’s development. Previous research has revealed that certain web services remain incompatible with Nydia’s authentication mechanism. Further study of the WebAuthn specification has suggested that these limitations might be related to specific attestation requirements that relying parties impose on authenticators. This phase will investigate this hypothesis and, if confirmed, implement necessary solutions to expand Nydia’s compatibility with previously unsupported web services.

Therefore this expansion transcends the mere integration with a new browser; it realizes Nydia’s vision by combining passkey management, advanced Ed25519 cryptography, and decentralized cloud storage, charting new territory in secure credential handling across browser ecosystems.

Who benefits from your project?

Those who believe authentication shouldn’t require allegiance to a specific ecosystem.
Those who believe choice of browser shouldn’t dictate the fate of their credentials.
Those who have ever wondered why their “cloud” feels more like someone else’s vault.
And, of course, the countless users who didn’t know they needed this freedom until they tried to move their passkeys between browsers.

How does the projected outcome serve the Foundation’s mission of user-owned data?

The fundamental question of data sovereignty in digital identity systems finds a compelling answer in this project’s dual approach: the Safari implementation removes artificial barriers to passkey portability, while the pioneering Ed25519 integration establishes new primitives for user-controlled authentication security.

Milestones & Project Goals

Month 1

• Explore browser-specific Ed25519 implementations, design integration approach, and implement initial functionality in Nydia.

Month 2

• Develop Safari extension while maintaining feature parity with Chrome and Firefox.

Month 3

• Research WebAuthn attestation mechanisms to expand web service compatibility.

Month 4

• Contingent on successful implementation of attestation enhancements, this phase will focus on extensive compatibility testing across web services supporting passkey authentication. Achieving compatibility with key web services will establish the critical threshold necessary for public beta release, marking Nydia’s readiness for extension store submissions. The phase will then transition to thorough refinement of the extension and research into relevant browser extension store requirements, laying the groundwork for future deployment later in the year.

Potential Risk

While the WebAuthn specification itself is thoroughly documented, web services rarely disclose their specific authenticator requirements. During extensive testing, only one service provided a list of supported passkey managers, without delving into any concrete technical aspects. Interestingly, Nydia successfully registered passkeys on this service despite not being listed among supported authenticators, highlighting the opacity of actual implementation requirements across the web. In such an environment, the most robust approach appears to be rigorous adherence to the full WebAuthn specification, implementing its advanced features to meet the potential requirements of even the most demanding web services.

Budget Justification

The project requires funding of $22,000 distributed over a 4-month research and development period. This allocation reflects the pioneering nature of implementing Ed25519 in the context of virtual passkey authentication, an undertaking that demands rigorous cryptographic research, and conducting an in-depth study of attestation requirements for broader web service compatibility, necessitating full-time dedication to the project.

Are you a resident of any jurisdiction on that list? Will your payment bank account be located in any jurisdiction on that list?

Yes, to both questions.

Will all of your project’s code be open-source?

Yes.

Where code will be accessible for review?

Do you agree to submit monthly progress reports?

Yes.

Contact info

Email: [email protected]
Discord: new0ne

Hello @new0ne, thanks for your latest proposal and for the work done on your previous Passkey Holder grant. This proposal certainly looks interesting and we appreciate the work you put into it.

Unfortunately our updated grant guidelines restrict us from funding proposals when the answer is “yes” to either the jurisdiction or the bank account location questions. This is a newer requirement for us that didn’t affect your first grant.

We’ll be moving this grant to the Rejected section of our forum for now. Please reach out here in this thread or via email if you have any further questions.

Dear Grant Committee,

Thank you for reviewing my proposal and providing feedback. I appreciate the transparency of your grant process and would like to respectfully address a potential discrepancy regarding the jurisdictional restrictions mentioned in your response.

I would like to bring to your attention a discrepancy between Ukraine’s current FATF (Financial Action Task Force) monitoring status and its inclusion in the jurisdictional restrictions list in your grant guidelines. According to the latest official FATF “Jurisdictions under Increased Monitoring” list (published on October 25, 2024, and available on the FATF website), Ukraine is not included among the countries under increased monitoring. This appears to conflict with the December 2024 list your guidelines reference, where Ukraine is noted as restricted.

Furthermore, Ukraine is an active member of MONEYVAL (the Council of Europe’s Committee of Experts on the Evaluation of Anti-Money Laundering Measures and the Financing of Terrorism), a FATF-style regional body. In practice, jurisdictions in good standing with MONEYVAL are generally not subject to the FATF’s International Cooperation Review Group (ICRG) process simultaneously. This underscores Ukraine’s adherence to international AML/CFT standards.

Based on the current official FATF “Black and Grey Lists” I can confirm that:

• Neither my country of residence (Ukraine) nor the location of my payment bank account appears on the list of jurisdictions under increased monitoring.
• This would indicate compliance with both jurisdictional requirements specified in the grant guidelines.

In light of these points, I respectfully request that you reconsider my application based on the most recent official FATF status for Ukraine. I remain fully committed to complying with all AML/CFT obligations and would be happy to provide any additional documentation you may require.

Thank you for your time and consideration. I look forward to the possibility of working together and remain available for any further questions.

Sincerely,

Oleh

Hi @new0ne, thanks for providing this extensive info!

We’ve confirmed that because your specific location is not within the sanctioned regions, the committee can consider this grant. We see that you’ve already resubmitted - we appreciate that and will review Nydia during our next meeting on February 18th.