Account Creation and Checkout flow

A combination of different cryptography schemes is used to create account abstractions

Account Creation

When creating and account, Alice needs to compute a secret that will be used to control the account. The secret is used to compute a commitment which is a poseidon hash of the secret.
The secret is then encrypted once with a user supplied password and then the cipher text is encrypted again with a Public Key that belongs to DebitLlama. When the smart contract is called to create the account, the encrypted secret is saved along with the commitment.

Checkout flow

When Alice navigates to the checkout page first she needs to log in.
Pass key authentication is optional for now, it's active by default if an authenticator device is added.
After the identity of Alice is verified the debitLlama service will decrypt the encrypted cipher with it's private key and forward it to Alice. Alice needs to use her password to decrypt the final cipher to reveal the secret.
The secret is used to compute a zkProof using a commitment-reveal scheme and it contains the parameters of the subscription which are immutable. The zero-knowledge proof is passed to the server, while the secret is deleted from the browser's memory.
The proof is picked up by the relayer who will submit the transaction on-behalf of alice to call the smart contract and relay the payments to the merchant, Bob.

Subscription Flow

The subscription only requires the ZKSnark and will be automatically completed, no more interaction required from the users as long as the wallet balance covers the payments.