One passkey. Full-stack access. No passwords, no seed phrases, no cloud accounts. Your identity lives on your device — not on someone else's server.
rIDs is the identity layer of rStack — a zero-knowledge authentication system that turns a fingerprint or face scan into encrypted storage, signed votes, community treasury access, and portable credentials across every r* app. Built on WebAuthn passkeys with on-device key derivation, social recovery, and wallet abstraction.
A single identity layer that turns a fingerprint or face scan into everything a community member needs — without passwords, seed phrases, or cloud accounts.
Built on WebAuthn passkeys — the same standard behind Face ID and fingerprint unlock. Your identity is bound to your device's secure hardware (TPM / Secure Enclave). Nothing to type, nothing to remember, nothing that can be phished.
Authentication derives a full set of cryptographic keys entirely on your device using HKDF. Encryption keys for files, signing keys for votes, DID keys for portable identity — all generated locally. The server is a relay, never an authority.
Lost your phone? Designate trusted guardians (friends, family, community leaders). Any 3 of 5 guardians can approve recovery after a 48-hour time-lock. No seed phrases, no email resets. Guardians never see each other's identities or your private keys.
Every user gets an ERC-4337 smart wallet — without ever seeing a wallet address or gas fee. Your passkey is your wallet signer. A paymaster sponsors fees. Session keys allow daily operations with a single biometric prompt per session.
You (fingerprint / face scan)
|
v
+---------------------------------------------------------+
| rIDs (powered by EncryptID) |
| |
| Layer 1: WebAuthn Passkey (hardware-backed) |
| | |
| Layer 2: Derived Keys (on-device, HKDF) |
| |-- Encryption Key -- rFiles, rNotes, rChats E2E |
| |-- Signing Key ----- rVote ballots, authorship |
| +-- DID Key --------- portable identity |
| | |
| Layer 3: Smart Wallet (Account Abstraction) |
| |-- Gasless transactions (paymaster-sponsored) |
| |-- Session keys (one prompt per session) |
| +-- Community treasury (multi-sig) |
| | |
| Layer 4: Cross-App SSO |
| +-- One login for all r* apps |
+---------------------------------------------------------+
|
v
rSpace - rVote - rWallet - rFunds - rMaps - rFiles - rChats ...
rIDs doesn't ask you to trust the server. The cryptographic architecture makes it impossible for anyone but you to access your identity material.
Passkeys replace passwords entirely. Nothing to leak, nothing to forget, nothing to phish. Your biometrics stay on your device — the server only sees a public key.
The server cannot decrypt your data, forge your signature, or impersonate you. It stores encrypted blobs and public keys. All sensitive operations happen on-device.
Your DID (Decentralized Identifier) is yours. Export it, use it across r* instances, or take it to any DID-compatible platform. No vendor lock-in for identity.
One passkey, every app. Create your rID once and sign into rSpace, rVote, rChats, rWallet, rFiles — the entire r* ecosystem with a single biometric prompt.
No seed phrases to write down. Designate trusted guardians who can help you recover. Threshold signatures protect against loss without creating backdoors.
ERC-4337 account abstraction with paymaster sponsorship. Community members never see gas fees, wallet addresses, or blockchain complexity. It just works.
rIDs provides the authentication and encryption backbone for every app in the rStack ecosystem. Here's how your identity integrates across the platform.
End-to-end encrypted messages using keys derived from your passkey. Only community members can read them.
Cryptographically signed ballots tied to your rID. Verifiable yet private voting on community proposals.
Your passkey signs smart wallet transactions. Gasless transfers, multi-sig treasuries, and community funds.
File encryption keys derived from your identity. Shared files use group keys that only members can unlock.
Canvas access controlled by your rID. Collaborate in real-time with verified, pseudonymous identities.
Shared album access managed through community roles. Your identity gates who can view, upload, and curate.