Use-case Free Description

Revision as of 14:17, 9 March 2015 by Ramriot (Talk | contribs)

Jump to: navigation, search

{Page Build In Progress}



This is a deliberately use-case agnostic description of SQRL, such that it can form a guide to production of use-case specific implementations more simply without compromising core advantages.

What is SQRL

The SQRL system (pronounced “squirrel”) revolutionizes many forms of electronic authentication. It eliminates many problems inherent in traditional login techniques. SQRL is an open licence, patent unencumbered, pseudonymous resource authentication protocol.

The user Experience

The user can tap or click directly on the SQRL code to login,or launch their smartphone's SQRL app, and scan the QR code.For verification, SQRL displays the domain name contained in the SQRL code.After verifying the domain, the user permits the SQRL app to authenticate their identity.Leaving the login information blank, the user clicks the “Log in” button... and is logged in.(A bit of page automation could even eliminate the need to click the “Log in” button.)

Key Functional Parts of SQRL

Broadly SQRL consists of four main parts (see below and diagram>>). Depending upon use-case these four parts may be combined in a number of ways into a smaller number of logical devices.

Functional outline with data flows


This is the (item, transaction, state, interactive session identifier etc.) being authenticated to by a user. A reference to it is specified within an SQRL-Link generated by the Server and presented upon the Display where an action by the user transfers that link from the Display to the Client.


A place (PC browser, Sticker, POS device, Voting sheet) where an SQRL-Link fetched from the Server is displayed such that it can be passed from the Display to the Client.


A SQRL-Client application (PC Program, Smartphone App, Single use device) in the possession of the user that captures the SQRL link and uses it to authenticate the users chosen identity to the Server in a pseudonymous way in relation to the predefined Resource referenced by the SQRL-Link.


A device that can accept network queries from, and make responses to, the Client, the resource and possibly also the Display. Perform all the action needed to securely and uniquely authenticate the Clients presented identity to the requested Resource.

SQRL Internal Structures

The SQRL-Link

A reference to a Resource possibly though not exclusively in the form of a QR-Code with possibly an associated active hypertext link both of which contain the same information (For HTTP use-case see SQRL Over HTTP).

This link is divided into four major often overlapping parts:-


This is used to designate an SQRL Client as the application to launch by action upon the SQRL-link

Domain / Path

This part identifies the destination address to where Client queries should be directed.


This always includes the whole domain, and optionally some of the path where a specific non-path valid character is replaced for the normal path divider.


This is the unique Resource reference, that leaks no information as to the exact Resource but can be associated to a specific predefined one by the Server. The Nut can be static over time or dynamically generated each time it is displayed.

At its core it makes use of Elliptic Curve Cryptographic (ECC) processes {Ed25519, Curve25519} and a simple keyed-Hashed Message Authentication Code (HMAC-SHA256) to deterministically produce Resource specific key-pairs that are used to offer a zero knowledge proof of secret key possession on a random challenge.