RANCANG BANGUN FRAMEWORK AUTENTIKASI PASSWORDLESS BERBASIS WEB3 DENGAN SOULBOND TOKENS

Dedy Sumarhadi; Agung Yusup Resman

doi:10.31949/infotech.v12i1.17921

Authors

Dedy Sumarhadi Universitas Ahmad Dahlan, Indonesia
Agung Yusup Resman STMIK LPKIA Bandung, Indonesia

DOI:

https://doi.org/10.31949/infotech.v12i1.17921

Abstract

Penelitian ini berfokus pada pengembangan framework autentikasi tanpa kata sandi (passwordless) berbasis Web3 yang diimplementasikan pada platform mobile guna mengatasi kerentanan metode tradisional terhadap serangan phishing dan brute force. Framework yang diusulkan mengintegrasikan aplikasi mobile dengan backend Node.js/Express.js dan smart contract standar ERC-5192 pada jaringan Ethereum Sepolia Testnet sebagai representasi identitas digital Soulbound Tokens (SBT) yang permanen dan non-transferable. Demi menjaga privasi, sistem ini menerapkan teknologi Zero-Knowledge Proof (ZKP) berbasis zk-SNARKs skema Groth16 menggunakan Circom dan SnarkJS yang dieksekusi di sisi klien (client-side browser) menggunakan WebAssembly (WASM), serta dipadukan dengan struktur data Merkle Tree tingkat kedalaman 20 dan mekanisme nullifier untuk mencegah replay attack. Hasil pengujian menunjukkan tingkat keberhasilan autentikasi mencapai 100% dari 50 kali percobaan. Pemindahan beban komputasi sirkuit ZKP (5.359 konstrain) ke sisi klien terbukti efisien dengan waktu eksekusi komputasi lokal jika diakumulasikan dari tahap awal koneksi wallet (0,8 detik), pembuatan witness (1,2 detik), pembuatan proof (4,8 detik), hingga verifikasi smart contract (210 ms), maka Total Authentication Time adalah sebesar 6,3 detik. Nilai ini membuktikan kelayakan framework ini sebagai solusi manajemen identitas yang aman, privat, dan responsif.

Keywords:

Soulbound Tokens, Web3, Android, Passwordless Authentication, Zero Knowledge Proof

Downloads

Download data is not yet available.

References

Berrios Moya, J. A., Ayoade, J., & Uddin, M. A. (2025). A Zero-Knowledge Proof-Enabled Blockchain-Based Academic Record Verification System. Sensors 2025, Vol. 25, Page 3450, 25(11), 3450. https://doi.org/10.3390/S25113450

Boi, B., Cirillo, F., De Santis, M., & Esposito, C. (2024). Soulbound Tokens: Enabler for Privacy-Aware and Decentralized Authentication Mechanism in Medical Data Storage. Blockchain in Healthcare Today, 7(2). https://doi.org/10.30953/bhty.v7.334

Cabot-Nadal, M. A., Playford, B., Payeras-Capella, M. M., Gerske, S., Mut-Puigserver, M., & Pericas-Gornals, R. (2023). Private Identity-Related Attribute Verification Protocol Using SoulBound Tokens and Zero-Knowledge Proofs. 2023 7th Cyber Security in Networking Conference, CSNet 2023, 153–156. https://doi.org/10.1109/CSNET59123.2023.10339754

Deng, H., Liang, J., Zhang, C., Liu, X., Zhu, L., & Guo, S. (2024). FutureDID: A Fully Decentralized Identity System with Multi-Party Verification. IEEE Transactions on Computers, 73(8), 2051–2065. https://doi.org/10.1109/TC.2024.3398509

El-Hajj, M., & Oude Roelink, B. (2024). Evaluating the Efficiency of zk-SNARK, zk-STARK, and Bulletproof in Real-World Scenarios: A Benchmark Study. Information 2024, Vol. 15, Page 463, 15(8), 463. https://doi.org/10.3390/INFO15080463

FIDO2 Overview, Use Cases, and Security Considerations. (n.d.). Retrieved April 12, 2026, from https://www.researchgate.net/publication/370750978_FIDO2_Overview_Use_Cases_and_Security_Considerations

Gai, K., Zhu, L., Lai, Y., Yang, J., Liu, M., Li, Y., & Li, S. (2023). Web3: Exploring Decentralized Technologies and Applications for the Future of Empowerment and Ownership. Blockchains 2023, Vol. 1, Pages 111-131, 1(2), 111–131. https://doi.org/10.3390/BLOCKCHAINS1020008

Gajbhiye, B., Jain, S., & Chhapola, A. (2024). Secure SDLC: Incorporating Blockchain for Enhanced Security. Scientific Journal of Metaverse and Blockchain Technologies, 2(2), 97–110. https://doi.org/10.36676/SJMBT.V2.I2.40

Kim, G., & Ryou, J. (2023). Digital Authentication System in Avatar Using DID and SBT. Mathematics 2023, Vol. 11, Page 4387, 11(20), 4387. https://doi.org/10.3390/MATH11204387

Kuznetsov, O., Khavikova, Y., Bushkov, V., Shchytov, D., & Mormul, N. (2025). Performance Analysis of Groth16 zkSNARK: Systematic Benchmarking with Circom-snarkjs. International Journal of Computing, 24(4), 645–660. https://doi.org/10.47839/IJC.24.4.4329

Lodder, M., & Lodder, M. (2023). Token Based Authentication and Authorization with Zero-Knowledge Proofs for Enhancing Web API Security and Privacy. Masters Theses & Doctoral Dissertations. https://scholar.dsu.edu/theses/425

Oduguwa, T., & Arabo, A. (2024). Passwordless Authentication Using a Combination of Cryptography, Steganography, and Biometrics. Journal of Cybersecurity and Privacy 2024, Vol. 4, Pages 278-297, 4(2), 278–297. https://doi.org/10.3390/JCP4020014

Sheybani, N., Ahmed, A., Kinsy, M., & Koushanfar, F. (2025). Zero-Knowledge Proof Frameworks: A Systematic Survey. https://arxiv.org/pdf/2502.07063

Tortola, D., Pelosi, A., Russo, G. G., Mori, P., & Ricci, L. (2024). zkSNARKs Libraries for Blockchains: a Comparative Study.

Wu, G., Wang, H. P., Lai, X., Wang, M., He, D., & Chan, S. (2024). A comprehensive survey of smart contract security: State of the art and research directions. Journal of Network and Computer Applications, 226, 103882. https://doi.org/10.1016/J.JNCA.2024.103882