Does the public key for users remain unchanged when transitioning from Single Factor Authentication to MFA?

alekhinalexandr.94 · November 20, 2024, 12:48pm

If I first integrate Single Factor Authentication ( One-click login via Google) and then migrate my app to an MFA solution ( Enhanced security login - 2/3 Key Shares required to login), am I correct in understanding that the customer’s public key created during Single Factor Registration will remain unchanged?

w3abot · November 20, 2024, 12:49pm

Hi Alexander!

Thank you for your question regarding the public key during the transition from Single Factor Authentication to MFA using Web3Auth.

To clarify, the public key generated during Single Factor Authentication (SFA) will remain unchanged even when you migrate to a Multi-Factor Authentication (MFA) solution. The key pair (public and private keys) associated with a user is generally consistent throughout the lifecycle of the authentication methods, ensuring the continuity of the user’s identity.

If you have any further questions or need additional assistance regarding your integration, please let me know!

Note: This response was generated by an AI bot and may require further verification. The Web3Auth support team has tracked this issue and will be responding as soon as possible.

alekhinalexandr.94 · November 20, 2024, 12:53pm

How does this work technically? If the public key is initially generated based on Google ID information, and I later add a new authentication source, the reconstruction of the original private key remains independent of the new source…So can you please explain how adding new factors affects private keys (and there shares) and public key

alekhinalexandr.94 · November 24, 2024, 10:18am

Someone please help @w3abot

maharshi · November 27, 2024, 7:18am

Hey @alekhinalexandr.94,

When you say this, are you referring to transitioning to our Plug and Play (PnP) SDKs or the MPC CoreKit SDKs?

Both scenarios allow you to maintain the same keys. Here’s how:

1. Transitioning to Plug and Play (PnP) SDKs:

If you’re transitioning to our PnP SDKs, which provide an MFA setup managed by Web3Auth (unless configured otherwise), this solution offers convenience for developers but limits customization for each MFA factor. To keep the keys consistent:

Pass the parameter useCoreKitKey in the Web3Auth initialization with a true value.
This ensures that the keys remain the same as those used with the Single Factor Auth SDK.

2. Transitioning to MPC CoreKit SDK:

If you’re transitioning to the MPC CoreKit SDK, which provides fine-grained control over every MFA factor:

The keys will remain the same as long as all the configurations (verifier, client ID, Web3Auth environment, etc.) stay unchanged.

Assumptions:

Both solutions assume that the following parameters are consistent across the transition:

Verifier
Client ID
Web3Auth environment
Other settings specified in our documentation: Different Private Key Troubleshooting

Please apply the scenario that best fits your use case.