LNURL-auth

LNURL-auth is the LNURL subprotocol (LUD-04) that turns a Lightning wallet into a password-free login credential. Instead of a username and password, the user proves identity by signing a server-issued challenge with a key that the wallet derives deterministically, so the service never stores a secret that can be leaked.

How the flow works

The service generates a random 32-byte challenge called k1 and encodes it into a login QR or link. The wallet shows the user the domain and the action (login, register, link, or auth), then signs k1 with a linkingPrivKey using secp256k1 and submits the signature together with the corresponding public key. The service verifies the signature, and on success the supplied key becomes the user's stable identifier for that site. Services cache unused k1 values and reject reused ones to prevent replay attacks.

Why the linking key matters

The signing key is domain-specific: the wallet derives a distinct linkingKey per service from its master seed (for example via a BIP32 path hashed against the domain), so the same wallet presents a different, unlinkable identity to each site. There is no shared password to phish or database of hashes to breach, and the user carries identity in their seed rather than on a server.

It is one of several flows under the broader LNURL umbrella and shares the challenge-signing spirit of a NIP-07 browser signer. D-Central documents LNURL-auth for Bitcoiners who want key-based, self-sovereign authentication.