Sign-In with Ethereum (SIWE)

Sign-In with Ethereum (SIWE) is an open authentication protocol defined by Ethereum Improvement Proposal 4361 (EIP-4361). It allows users to authenticate themselves to a web service by signing a standard, human-readable message with their Ethereum private key, proving control of their blockchain account. This process replaces traditional username/password credentials or centralized OAuth providers, shifting control of digital identity directly to the user. The signed message, or SIWE message, contains critical details like the service's domain, a nonce for replay protection, and a timestamp, ensuring the request is specific and secure.

The core mechanism involves a challenge-response flow. When a user initiates login, the service presents a structured SIWE message. The user's wallet (e.g., MetaMask, Rainbow) prompts them to review and sign this message cryptographically. The service then verifies the signature against the user's public Ethereum address using the ecrecover function. Successful verification proves the user controls the private key for that address, granting them access. This establishes a cryptographic proof of ownership as the basis for authentication, eliminating the need for the service to store sensitive passwords or rely on external identity providers.

SIWE enables self-sovereign identity, where users have full custody and control over their login credentials—their private keys. Key benefits include enhanced security by removing phishing-prone passwords, improved user privacy by minimizing data shared with services, and seamless interoperability across the Ethereum ecosystem. Developers integrate SIWE to offer a familiar 'Sign in with...' experience while leveraging blockchain's trust model. It is a foundational primitive for decentralized applications (dApps), decentralized autonomous organizations (DAOs), and other Web3 services requiring verifiable user identity without central authority.

The core mechanism of SIWE is a user signing a standardized, human-readable message—the SIWE Message—with their private key. This message contains critical session details like the application's domain, a nonce to prevent replay attacks, and the statement of intent (e.g., "Sign in to example.com"). By signing this structured data, the user cryptographically proves control of their Ethereum address without exposing their private key. The application's backend then verifies the signature's validity against the public address and the message contents.

This process leverages the EIP-4361 standard, which defines the exact format for these sign-in messages. The standard ensures interoperability across different wallets and applications, preventing phishing by binding the signature to a specific domain. Wallets that support SIWE, like MetaMask or Rainbow, parse this message and present it clearly to the user for review before signing, enhancing security and user consent. The backend verification typically uses a library like siwe to validate the signature, the nonce, and the domain.

For developers, integrating SIWE involves generating a unique nonce for each login attempt, presenting the formatted EIP-4361 message to the user's wallet, and implementing a verification endpoint. Upon successful verification, the application establishes a session, often using a session cookie or a JSON Web Token (JWT). This provides a self-sovereign login flow where users control their identity, eliminating the need for a central authority to manage passwords or personal data, thereby reducing attack surfaces like credential databases.

The SIWE message format is defined by EIP-4361 and follows a specific template to ensure interoperability across wallets and applications. Its primary components are the domain (the dapp requesting the signature), the address of the Ethereum account, a statement for user consent, a URI for the resource, a version, a chain ID, a nonce to prevent replay attacks, an issued-at timestamp, and optional fields like expiration time, not-before time, and a request ID. This structured data is concatenated into a plaintext string following the domain wants you to sign in... preamble.

Before signing, the message string is hashed using the keccak256 algorithm, and the resulting digest is what the user's wallet actually signs with their private key, producing an Ethereum-signed message. This process cryptographically binds the user's identity (their Ethereum address) to the specific terms and context of the login request. The signed message and the recovered address are then sent to the dapp's backend for verification, which involves hashing the original message parameters, recovering the signer from the signature, and validating all constraints like domain, nonce, and timestamps.

The format's design emphasizes security and user awareness. The human-readable preamble and statement ensure informed consent, as users see exactly what they are signing. Technical safeguards like the nonce and chain ID prevent signature reuse across sessions or networks, while timestamps allow for session expiration. By standardizing this format, SIWE enables a secure, self-custodial alternative to traditional password-based or OAuth logins, where the user's Ethereum account serves as a universal identifier.