3.2.2 Wallet Verification

1. Nonce-Based Signatures to Confirm Ownership of the Wallet Address:

• Nonce Generation: When a user initiates the verification process, the backend server generates a unique, cryptographically secure random number known as a nonce. This nonce serves as a one-time challenge to ensure the authenticity of the user's wallet.

• User Signature: The generated nonce is sent to the user's wallet application, prompting the user to sign this unique message with their private key. This action produces a signature that serves as proof of ownership of the wallet address.

• Security Considerations: Utilizing nonce-based signatures prevents replay attacks, as each nonce is used only once and is time-sensitive. This ensures that even if a signature is intercepted, it cannot be reused maliciously.

2. Backend Association of Wallet with User’s Account Upon Successful Verification:

• Signature Verification: Upon receiving the signed nonce, the backend server uses the corresponding public key to verify the signature's validity. This step confirms that the user possesses the private key associated with the wallet address, thereby authenticating ownership.

• Account Association: Once verification is successful, the backend securely links the verified wallet address to the user's account within the platform. This association enables personalized services, seamless transactions, and enhanced security for the user.

• Implementation Details: The backend maintains a mapping of user accounts to their associated wallet addresses, ensuring that each wallet is uniquely linked to a single user account. This structure facilitates efficient management of user data and permissions.

By implementing this nonce-based wallet verification process, SUM+1 ensures a secure and user-friendly authentication system, reinforcing trust and integrity within the platform.