Please describe your proposed solution.

We are developing a basic Web3 Single Sign-On (SSO): a service that will enable Cardano dApps to onboard Web2 users just by logging in using Google, Facebook and other social account login. The service creates an invisible crypto wallet in the background without the user even knowing about it. With this Catalyst proposal, we will be able to enhance the product with the features needed for a secure and seamless Web2-like user experience.

We validated our product with major Cardano dApps targeting the mass market and their feedback was extremely positive.

How does this help Cardano?

It allows any Web2, non-crypto, beginner user (who doesn’t have a wallet and doesn’t understand crypto) to onboard into a Cardano dApp in seconds without the hassle of setting up a crypto wallet.

By removing these barriers to entry, we make Cardano dApps instantly accessible to the mass market and make Cardano their gateway to Web3. Once the user gets familiar with the Web3 world, they can easily migrate to a typical crypto wallet for more advanced functionalities.

How NuFi Web3 SSO works

1. A user navigates to a dApp and chooses a social account to log in with (or gets a one-time code by email)
2. When the user logs in, a non-custodial wallet is created for them invisibly behind the scenes (using Web3Auth and NuFi wallet technology) and the user is connected to the dApp in a matter of seconds
3. Once connected, the user can confirm dApp transactions, manage assets, swap tokens and buy ADA using a wallet widget embedded inside the dApp

Plus: a dApp can directly sell digital assets to the user using a fiat on-ramp or fiat checkout and the assets are delivered to the user's NuFi Web3 SSO wallet where they are immediately visible in the widget.

It’s fully frictionless (nothing to install or write down) so the onboarding process takes less than 10 seconds and doesn’t include any crypto terminology (so a user may not even know they’re using the blockchain).

About the embedded SSO wallet

Web3 SSO embeds a wallet widget directly inside the dApp. From this widget, a user can approve dApp transactions (the widget will pop up automatically to prompt the user, and every transaction initiated by the dApp has to be confirmed). The SSO wallet widget is embedded in the dApp but the dApp does not have access to the private keys representing the SSO wallet; a user’s complete private keys are stored only on the user's device and only for the duration of the session.

NuFi Web3 SSO Beta Version – Coming January 2024 (self-funded)

We first proposed a Single Sign-On solution in Project Catalyst Fund10 but we didn’t receive funding. However, because of the overwhelmingly positive response from Cardano projects, we started developing the solution ourselves. We will begin releasing early versions of NuFi Web3 SSO for testing in January 2024.

In the beta version, only core functionalities are implemented in the wallet widget:

• Show user’s balances of ADA and Cardano tokens (fungible and non-fungible)
• NFT gallery
• Support dApp transactions confirmation flow
• See own Cardano address (and copy to clipboard)
• Change connected Account (if the user has more than one account, this option is disabled by default)

The rest of the non- functionalities will be available through the full NuFi web wallet (e.g. if the user clicks the “Swap” button in the widget, it will launch NuFi web wallet in a new web browser tab, log the user in automatically, and redirect to the appropriate section of the wallet).

You can see a working prototype in the video below, and you can try the prototype yourself here.

<https://www.youtube.com/watch?v=5cq79MUhDuY>What is this Catalyst Fund11 proposal for?

We are seeking Project Catalyst funding to enhance NuFi Web3 SSO from a beta version to a full product with a broad range of functionalities.

This update will embed key functionality so that a user – directly from whatever dApp they are using and without needing to leave the page – can swap Cardano tokens, purchase ADA, manage assets and more directly in the wallet widget.

We’ll also improve security (by enabling two-factor authentication and seed phrase backup), and allow dApps to customize the NuFi SSO widget look and feel to match the design of the dApp.

V2 FEATURES:

Add new functionalities inside the wallet widget:

• Cardano DEX aggregator (e.g. DexHunter), Fiat on-ramp (buy ADA with card)
• Settings, Transaction details/history and/or Session history (complete or within session)
• Transaction status tracking and presenting, non-blocking transactions

<u>Impact</u>: a user can swap Cardano tokens, manage assets and buy ADA without leaving the dApp’s page

Improve security:

• Seed phrase export (for backing up or migrating a wallet; the user will be able to restore their SSO wallet in any Cardano wallet using a seed phrase)

<u>Impact</u>: seed phrase backup ensures the wallet can always be restored and funds are always recoverable

Allow dApps to customize the embedded wallet widget (via a dashboard):

• Customize the wallet widget appearance (preset schemes or custom font/colors)
• Choose the position of the wallet widget, and if it should auto-hide or not
• Add a project’s logo in the wallet widget
• Pin (i.e. prioritize) a project’s token or NFT in the token list/NFT gallery so it is shown first
• Provide basic usage statistics for the dApp

<u>Impact</u>: Cardano projects will be able to customize their integration to provide the most seamless UX possible

Complete customization and own widget server instance; projects with very specific requirements (games, perpetual dexes, etc) can ask for full customization of the widget. For example, they can completely change the UI, add buttons directly executing specific smart contract transactions and more.

Mobile optimization of the wallet widget to enable the use of NuFi Web3 SSO in mobile-friendly dApps.

Security

NuFi Web3 SSO is non-custodial and utilizes state-of-the-art technology:

• Web3auth: a non-custodial service that provides social account/email login options, manages authentication, and securely stores a user’s private key using distributed decentralized key storage.
• Distributed, decentralized key storage: The user’s private key is split into shards and stored securely by nodes of a decentralized Torus network operated by Web3Auth. When the user authenticates to nodes by logging in, the private key shards are fetched to the user’s device, where they are re-assembled into a complete private key (which never leaves the user’s device and isn’t ever shared with the dApp). Web3Auth’s decentralized network nodes operate the Distributed Key Generation, Proactive Secret Sharing and Key Assignment protocol, and consist of geographically distributed and diverse business institutions:

• 2FA (coming in later version): The user can enable Two-Factor Authentication (2FA) to add an extra layer of security to their wallet. With this layer enabled, the security of the wallet is higher than the security of a standard seed phrase wallet.

Risks

<u>The risk</u>: User loses access to the social or email account associated with their wallet.

<u>Risk mitigation</u>: NuFi has developed functionality that extracts the seed phrase of an SSO wallet and gives a user the option to download an encrypted backup file or write down the seed phrase to store offline. With this, a user can restore their wallet in the event that they lose access to the social/email account associated with it. Furthermore, the seed phrase can be used to restore the wallet into a non-custodial Cardano wallet when the user is ready to use a conventional mnemonic wallet.

<u>The risk</u>: Web3auth service or the underlying Torus decentralized cryptographic material storage network gets compromised.

<u>Risk mitigation</u>: We will be prompting users who cross an asset value threshold to activate the seed phrase backup if they haven't already (and, in later versions, enable 2FA protection). If the user backs up the SSO wallet's seed phrase before the Web3Auth service is compromised, the wallet is safe.

<u>The risk</u>: NuFi wallet is compromised.

<u>Risk mitigation</u>: We have a high bar of security measures in place to prevent this. This includes thorough code reviews, an internal audit of critical wallet components, a rigorous release process, careful selection and regular review of code dependencies. We are strong advocates of hardware wallets and therefore we would prompt users with high balances to switch to a regular NuFi wallet combined with Ledger or Trezor.

How can a dApp start using NuFi Web3 SSO?

A Cardano dApp with existing CIP-30 support can integrate the NuFi Web3 SSO SDK with a few hours of development work.

The cost of using the relay

NuFi Web3 SSO will be free to use up to a certain number of monthly users. The cost of the service should be not more expensive than 0.1$ per monthly active user. We expect our main revenues to be from in-app crypto-to-crypto swaps and fiat on-ramp (for which we receive a small percentage of the provider’s service fee as commission).

Please define the positive impact your project will have on the wider Cardano community.

Who will benefit from this solution?

Web2, mass-market users who can:

• start using a Cardano dApp just by logging in with a social account
• use the same SSO wallet across multiple dApps (dApps with NuFi Web3 SSO integration)
• use dApps’ services or purchase digital assets on a dApp (tokens, NFTs) using a credit card checkout
• execute transactions without needing to pay for gas (possible if the dApp chooses to pay transaction fees for users so users can execute in-game transactions, mint NFTs and so on without needing to top up their wallet)
• purchase ADA using a fiat onramp
• connect to dApps on any device using a social account
• enable 2FA and protect their wallet from unauthorized use (available in V3)
• create a seed phrase backup so funds are recoverable if social account login is lost
• migrate their SSO wallet to any regular Cardano wallet when they are ready to advance

Cardano projects, who can:

• target mass-market Web2 and non-crypto users with their product and services because the onboarding process is familiar
• quickly onboard users (takes a few seconds with no obstacles, friction or fuss)
• provide the user with wallet functionality through an embedded wallet widget
• access the user’s same wallet as all other dApps that adopt NuFi Web3 SSO; this is useful if a project’s token or NFTs need to be acquired on a different dApp like an external DEX or NFT marketplace

How does NuFi Web3 SSO improve on existing solutions?

Our solution solves three major problems of current SSO solutions. With NuFi Web3 SSO:

1) A user can re-use the same social account wallet across multiple dApps

This is not possible with existing SSO solutions; at present, if a dApp directly integrates Web3Auth or a similar provider, the user’s wallet is restricted to that dApp only for security reasons, meaning the user has a different wallet on each dApp even when logging in with the same social account.

2) Wallet functionality is provided for the user by NuFi

Web3Auth and similar providers do not offer a Cardano wallet in their tech stack, meaning, with these solutions, a Cardano project would need to integrate and maintain wallet functionality separately.

3) dApps can enjoy easy integration

NuFi will provide an SDK that will enable easy integration of the NuFi Web3 SSO service into a Cardano dApp.

Metrics to measure the impact of this proposal:

Number of new wallets created via this solution:

• Target: 50,000 new wallets created in the first 12 months
• Achieving this will indicate to us that the solution makes it easy for Web2 users to onboard into Cardano dApps.
• We will track this data using Google Analytics and/or internal tracking tools and share it via NuFi's social media channels on a quarterly basis (see below for links).

Number of dApps that use this solution:

• Target: 20 dApps implement the solution within the first 12 months
• Achieving the targets will indicate that our proposed solution not only satisfies dApps' requirements for a Web2 onboarding solution but is simple enough to integrate.
• We will announce each new dApp/widget integration on our social media channels (and the social media channels listed in the section below), and provide quarterly updates regarding adoption via NuFi's social media channels.

Qualitative feedback from users:

• Feedback from users will tell us how easy it is to connect to dApps as a Web2 user; we hope to hear that the familiar Web2 experience encourages users to connect to Cardano dApps, and that the onboarding process is frictionless.
• We will collect this data using Google Forms and from feedback posted on our Twitter and Discord channels and from support tickets (submitted through our helpdesk at support.nu.fi), and share this via NuFi's social media channels. This data will be used to improve the solution and the improvements will be shared via NuFi's social media channels on a quarterly basis.

Qualitative feedback from dApps:

• Feedback from dApps will indicate whether or not our solution is easy to integrate and whether or not it provides an effective onboarding solution.
• We will collect this data by corresponding directly with the dApps and this data will be used to improve the solution; improvements will be shared via NuFi's social media channels on a quarterly basis.

We will share ongoing progress and completed milestones via:

• NuFi’s social media channels and newsletters (Twitter | Discord | Medium)
• Cardano news sites, Twitter channels, Cardano ambassadors and influencers
• Project Catalyst-related town halls and events
• The social media channels of dApps that are using the beta version of NuFi Web3 SSO

What is your capability to deliver your project with high levels of trust and accountability? How do you intend to validate if your approach is feasible?

The NuFi wallet team has a long track record of delivering high-quality development work:

• Created NuFi wallet (a Cardano-first Web3 wallet with support for 6 chains)
• Created AdaLite wallet (the first-ever light wallet on the Cardano blockchain)
• Team members were developing Cardano firmware for Ledger and Trezor hardware wallets in the past
• Completed a Project Catalyst Fund9 proposal which added Ethereum and Milkomeda C1 support to NuFi wallet to aid in ‘The Great migration from Ethereum to Cardano’
• We experimented with web2 user onboarding and created a simple experimental walletless solution for Flow hackathon, winning the 2nd place prize (see it at https://walletless.nu.fi)

Our extensive experience of Web3Auth technology and wallet products makes us best suited to deliver this project to the highest standards. In terms of our team’s ability to manage funds properly, we demonstrated our ability to do this in Fund9, where we received Project Catalyst funding and handled funds effectively so as to complete the project on time and in full.

What are the key milestones you need to achieve in order to complete your project successfully?

Integrate new functionality into the wallet widget and enable seed phrase backup - 1 month

<u>Output</u>: Integrate Cardano DEX aggregator

<u>Output</u>: Integrate fiat on/off-ramp

<u>Output</u>: Enable seed phrase backup functionality

<u>Acceptance criteria</u>: The above functionality works properly inside the wallet widget and seed phrase backup/restore functionality works as expected (we will provide video evidence showing the above functionality integrated and working)

>Enable customization by dApps and enable asset management functionality - 1 month

<u>Output</u>: Refactor SDK to enable customizations

<u>Output</u>: Create customizations and basic statistics dashboard

<u>Output</u>: Add asset management functionality: Transaction (pending/completed), status tracking and presenting, transaction details and history

<u>Acceptance criteria</u>: The customization dashboard functions properly and customizations can be applied (we will provide video evidence showing customizations)

>Mobile optimization - 1 month

<u>Output</u>: Optimize the widget experience for use on mobile web-dapps

<u>Output</u>: Research capability and prepare PoC for mobile apps widget

<u>Acceptance criteria</u>: The onboarding process is seamless and wallet widget easy to use on mobile devices (we will provide video evidence showing the optimized service in action on a smartphone)

>Create documents, collect feedback, and make improvements - 1 month

<u>Output</u>: Create documentation and collect feedback

<u>Output</u>: Create how-to documentation for users and integration docs for developers

<u>Output</u>: Collect user feedback with incentivized social media campaign

<u>Output</u>: Collect feedback from dApps who have integrated or are interested to integrate the solution

<u>Output</u>: Make improvements to the SSO service based on feedback from dApps and users

<u>Acceptance criteria</u>: We collect feedback from dApps and users and make improvements to the solution (we will provide video evidence showing the updates)

>Final closeout stage

<u>Output</u>: Create and submit closeout video and report

<u>Acceptance criteria</u>: The video and report is received by the Project Catalyst management and accepted as complete.

Who is in the project team and what are their roles?

Michal Petro - Project Lead

<https://www.linkedin.com/in/michalpetro/>

Lubos Svolik - Project Manager

<https://www.linkedin.com/in/lubossvolik/>

Rafael Korbaš - CTO

<https://www.linkedin.com/in/rafael-korba%C5%A1-4b2a31b7/>

Richard Izip - FE Lead, UX/UI design

<https://www.linkedin.com/in/richard-izip-253622112/>

Kamil Džurman - Full-Stack Developer

<https://www.linkedin.com/in/kamil-d%C5%BEurman-0b18b6149/>

Andrej Želonka - FE Developer, UX/UI design

<https://www.linkedin.com/in/andrej-%C5%BEelonka-0563681a9/>

Gabriel Kerekeš - Full-Stack Developer

<https://www.linkedin.com/in/gabriel-kerekes/>

Peter Benc - Full-Stack Developer

<https://www.linkedin.com/in/peter-benc-290b76142/>

Ben Goldie - Community Manager

<https://www.linkedin.com/in/goldieben/>

Please provide a cost breakdown of the proposed work and resources.

Milestone 1: Integrate new functionality into the wallet widget and enable seed phrase backup

Integrate Cardano DEX aggregator

Research, implementation, testing = 12 days @ 1579 ADA/day = 18,947 ADA

Cost of using the aggregator service = 0

Integrate fiat on/off-ramp

Research, implementation, testing = 14 days @ 1579 ADA/day = 22,105 ADA

Cost of using the fiat on-ramp service = 0

Enable seed phrase backup functionality

Research, implementation, testing = 12 days @ 1579 ADA/day = 18,947 ADA

Hire a lawyer to help with the creation of Terms & Conditions and usage policy documents = 4 days @ 3158 ADA/day = 12,632 ADA

TOTAL = 72,632 ADA

Milestone 2: Enable customization by dApps and enable asset management functionality - 1 month

Enable customizations and create customizations and basic statistics dashboard

Research, implementation, testing = 45 days @ 1579 ADA/day = 71,053 ADA

Add asset management functionality (Transaction (pending/completed) status tracking and presenting, tx details and history)

Research, implementation, testing = 20 days @ 1579 ADA/day = 31,579 ADA

TOTAL = 102,632 ADA

Milestone 3: Mobile optimization - 1 month

Optimize the widget experience for use on mobile web-dapps

Research, implementation, testing = 20 days @ 1579 ADA/day = 31,579 ADA

Research capability and prepare PoC for mobile apps widget

Research, implementation, testing = 20 days @ 1579 ADA/day = 31,579 ADA

TOTAL = 63,158 ADA

Milestone 4: Create documents, collect feedback, and make improvements - 1 month

Create documentation and collect feedback

Create how-to documentation for users and integration docs for developers = 3 days @ 842 ADA/day = 2526 ADA

Collect user feedback with incentivized social media campaign = 3 days @ 842 ADA/day = 2526 ADA

Collect feedback from dApps who have integrated or are interested to integrate the solution = 5 days @ 842 ADA/day = 4211 ADA

Make improvements to the SSO service based on feedback from dApps and users

Research, implementation, testing = 30 days @ 1579 ADA/day = 47,368 ADA

TOTAL = 56,632 ADA

Total ADA requested: 295,053 ADA

How does the cost of the project represent value for money for the Cardano ecosystem?

In terms of why this proposal is value for money for Cardano’s ecosystem, we believe that the one-time cost of building this solution will be offset by the increased adoption of Cardano dApps among Web2 users/crypto beginners and the liquidity that this can bring into the ecosystem.

Once created, this solution will be available to all current and future Cardano dApps, and we hope that the plug-n-play nature and ease of onboarding provided by our solution can also encourage new projects to build on Cardano.

This solution also saves development time and money for dApps because it is much easier to integrate NuFi Web3 SSO than it is to directly integrate a Web2 onboarding provider like Web3Auth and wallet functionality separately.