Summary

  • “Not your key, not your coin”, whether it is a smart contract wallet or a personal account wallet, the private key has absolute control over the wallet. Once the private key is lost, our wallet will be completely exposed to risks.

  • The private key is the basis of the wallet, and the mnemonic is the recovery solution for the private key, which is also the current obstacle to the development of wallets.

  • The mnemonic-free solution brought by MPC and social recovery is the basis of Mass Adoption

  • More possibilities for future wallets, expectations for EIP-4337

text

In 2010, Ethereum founder Vitalik Buterin had a Warlock account in World of Warcraft. One day, Blizzard decided to nerf the Warlock character and removed the damage part of the Life Siphon spell. He cried himself to sleep, and on that day realized the horror of centralized servers, so he decided to quit and created the decentralized network Ethereum. In November 2022, the world's largest derivatives exchange FTX was exposed to misappropriation of user funds, and its founder SBF was arrested by the Bahamian police and was about to be transferred to the United States for trial.

From the Warlock player who was inexplicably backstabbed by Blizzard 13 years ago to the FTX victims who are defending their rights today, we are increasingly aware of the importance of the phrase “Not your key, not your coin”: even with third-party audits/regulatory agencies, centralized servers can still tamper with and whitewash data at will, while on a decentralized network, the on-chain ledger is transparent and cannot be tampered with. As long as we have the private key to our account, we have absolute control over our personal assets.

Decentralization is wonderful, but at what cost?

We who live in the blockchain network are the first responsible persons for our personal assets. When most users choose an on-chain wallet, the most critical consideration is how much risk and responsibility they are willing to take for their assets. Take traditional financial institutions as an example:

  • In the eyes of users who pursue security, they hope to put their money in banks with complicated account opening procedures but large scale: the fund security of large banks (risk) > standard and strict account opening procedures (responsibility)

  • In the eyes of users who pursue practicality, they only need to put their money in WeChat and Alipay. WeChat and Alipay can easily complete P2P transactions, and only require an ID card and a mobile phone number to complete registration, even though WeChat and Alipay are just two listed companies rather than state-supported banking institutions: WeChat's convenience (responsibility) > WeChat's operating status (risk)

Back to web3, there are two ways to store assets in web3, custodial wallets and non-custodial wallets. Before that, we need to give a brief introduction to the principles of wallets:

Wallet and Private Key

Account generation is the process of creating a private key. On Ethereum, there are two types of accounts: EOA accounts (External Owned Accounts) and contract accounts (smart contracts deployed on the chain through EOA accounts):

  1. Take the EOA account as an example.

    EOA address

  • By generating a 256-bit random number as the private key, and then using the private key to derive the corresponding public key through the SHA3 algorithm, and then calculating the address (the last 20 bytes of the original hash) through keccak-256, a personal account corresponding to a unique private key is obtained. In this process, the private key will calculate and generate 12 mnemonics, which can be used to re-derive the private key.

  • Currently, the most mainstream dApp wallets on major main chains are EOA wallets, such as Metamask, Phantom (Solana), BSC Wallet (BSC), and Keplr (Cosmos).

2. Smart accounts are EVM codes deployed on the chain through EOA accounts, which can realize different functions. However, unlike EOA accounts, contract accounts do not have private keys and cannot be actively executed. They can only be called by EOA accounts. Therefore, the ultimate control of smart contract wallets = the private key of the EOA account used to deploy the contract. At this level, smart contract accounts are also controlled by private keys. As long as the wallet address is a contract, it is a smart contract wallet.

  • Smart contract wallets are divided into multi-signature wallets (Multisig account) and account abstract wallets (Abstract account):

  • Multi-signature wallets: As early as 2013, multi-signature wallets have become the first choice for fund organizations. This technology was originally developed in the Bitcoin ecosystem, and now there are excellent multi-signature wallets in Ethereum (such as Gnosis Safe): The Ethereum Foundation uses a 4-of-7 multi-signature wallet (that is, creating a smart contract for storing funds, and controlling the contract through 7 EOA accounts. Only when more than 4/7 EOA accounts sign can the signature be completed)

  • Account abstraction is to control the contract address with a single EOA wallet, so as to simulate the EOA effect with smart contracts. Popular projects such as Argent/Loopring belong to account abstraction wallets.

  • Apecoin Contract Address

3. After the account is created, any on-chain activities we participate in cannot be separated from the participation of the private key.

  • According to teacher Liao Xuefeng’s introduction:

In a decentralized network, there is no trusted institution like a bank. In order to complete a transaction between two nodes, a mechanism for secure transactions under zero trust must be implemented.

Let's assume that Xiaoming and Xiaohong want to make a deal. One way to create a deal is for Xiaohong to claim that Xiaoming gave her 10,000 yuan, which is obviously unbelievable.

Another way to create a transaction is: Xiao Ming claims that he gave Xiao Hong 10,000 yuan. As long as it can be verified that this statement was indeed made by Xiao Ming and Xiao Ming really has 10,000 yuan, then the transaction is considered valid.

  • How to verify the statement made by Xiao Ming?

  1. The signature created by the private key allows the verifier to confirm the initiator of the statement: anyone can use the public key to verify the digital signature and the result of the transfer. Since only Xiao Ming, who has the private key, can initiate this statement, it can be confirmed that this statement was indeed made by Xiao Ming.

  2. In the Ethereum network, such transactions include not only P2P transfer transactions, but also calls to smart contracts.

  3. So when we use the wallet in daily life, it is equivalent to calling the local private key through the wallet platform to complete the signature on the chain.

Wallet security, barriers and censorship resistance

Everything about a wallet is built around private keys. A wallet is essentially a tool for 1. creating private keys, 2. keeping private keys, 3. using private keys, 4. backing up private keys, and 5. restoring private keys. The current mainstream private key backup/recovery solution is the mnemonic, which is a combination of 12/24 words that appears when registering a wallet:

  1. The mnemonic can be used to derive the plaintext of the private key. When the user migrates the wallet to a new device, he only needs to enter the mnemonic on the wallet app to derive the private key and regain control of the wallet.

  2. For users, private key = mnemonic, but these two concepts are still different in the daily use of wallets: mnemonics are the backup and recovery solutions for users’ private keys.

  3. A metaphor: the mnemonic is equivalent to copying your key. When your key is lost, you can use the mnemonic to generate a new key.

Since the private key is the only credential for us to interact with the blockchain network, it is our responsibility to keep our wallet private key and mnemonic phrase safe. The safest way to create an account is of course in an offline environment, running the random number (private key) and SHA256 algorithm through code to generate your own address, but this threshold is undoubtedly too high and is not suitable for most users. Therefore, when choosing a wallet, users need to consider three points: security, threshold and anti-censorship:

  1. Security: How much does it cost for a hacker to crack the wallet private key/mnemonic phrase?

    Taking hardware wallets as an example, hackers can only obtain user private keys through phishing or offline stealing.

  2. Threshold: How easy is the wallet to use?

    During the registration process of Metamask, users are required to record 12 mnemonics, and they need to re-enter the 12 mnemonics when changing devices. However, Binance exchange registration and device change login can be completed with one click through email login.

  3. Censorship resistance: Is the ultimate control of the wallet in the hands of the user?

    If the wallet app saves the plain text of the mnemonics imported by the user and uploads it to the server, hackers can steal the user's wallet by cracking the server. Even if there is no hacker attack, there is still the possibility that the Slope project party will steal from the project, which does not achieve anti-censorship.

There are two main types of wallets: non-custodial wallets and centralized custodial wallets.

  1. Non-custodial wallet: users keep their own mnemonic phrases

    a. Take the mainstream wallet Metamask as an example. Metamask is a non-custodial (or self-custodial) cryptocurrency wallet. Non-custodial means that Metamask does not store any data about the wallet, and the private key data is in the browser or mobile application at the local level. When the user needs to sign on the chain, Metamask will call the private key from the local file for signing. If the user's private key and mnemonic are lost/stolen, Metamask will not be able to help the user recover, and the user's assets will be permanently lost.

    b. Hardware wallets (such as Ledger) that are generally recognized as the safest use a hardware device to generate private keys and wallet addresses offline, and then import the public key of the address into a web wallet such as Metamask. When signing is required, it is confirmed offline through the Ledger hardware. Since the private key does not touch the Internet at all, it is difficult for hackers to steal the private key in the hardware wallet. However, if the user loses the mnemonic or is phished, the protection of the hardware wallet will be reduced to zero, and the user's assets will still be stolen.

Custodial Wallet

Exchange wallets such as Coinbase/Binance use a custodial wallet approach. The difference is that the account displayed in Coinbase is not the user holding their own private key, but only the accounting number displayed in the Coinbase program rather than the on-chain assets displayed on Etherscan. It can be understood that the user trusts Coinbase and entrusts the assets to Coinbase instead of owning them themselves, so the Coinbase account cannot interact with dAPPs such as Uniswap.

Source: Binance

In general, in a custodial wallet, the project party keeps the mnemonic phrase on behalf of the user, and the threshold for registering and restoring the wallet is low, but the security of the wallet depends on the project party rather than the user himself, and the project party has actual control over the wallet; the mnemonic phrase of a non-custodial wallet is in the hands of the user, and the threshold for registering and restoring the wallet is high, but the security and anti-censorship are very high.



The flaws of mnemonic solutions

As WEB3 continues to move forward, more and more demands and application scenarios have emerged, and the on-chain ecology has flourished, especially the Defi Summer in 2021, which attracted a large number of users who originally only traded on exchanges to migrate their assets to the chain. As of March 2022, MetaMask's monthly active users have reached 30 million, but at the same time, mnemonics, as the most mainstream mnemonic account recovery solution, have become the main target of hackers: for ordinary users, the most common wallet theft is that the mnemonic is copied on the clipboard, or the private key file stored locally is stolen when encountering a phishing website.

  • When a hacker launches an attack, he needs to weigh the cost of the attack and the reward he gets. All private keys (12 mnemonics) are subsets of the dictionary. As long as the dictionary is exhausted, the hacker can obtain all assets on the chain. However, this input-output ratio is poor. If the dictionary is arranged through a brute force algorithm, all combinations;

  • The current mainstream mnemonics are 12 English words, and the vocabulary has a total of 2048 words. That is, 2048^12=5.44e39 words (5444517870735000000000000000000000000000000000);

  • If such a huge computing power were to be used, hackers could already control the BTC network through a 51% attack;

  • Therefore, a method with a higher return rate for hackers is to obtain the user's mnemonic phrase through phishing, or steal the private key stored on the user's local device.

Continuing with Metamask as an example, hackers can obtain saved mnemonics and private keys in two places:

  1. Mnemonics

    a. After the wallet is created, the user needs to keep the generated mnemonic phrase. It is generally recommended to write it down on a piece of white paper with a pen and paper and keep it properly. However, some lazy people may use the clipboard to copy and paste, save it in a doc document, or even in WeChat chat history;

    b. If the hacker has installed malware on the user's phone/computer and is constantly monitoring the user's clipboard, they can steal the private key that was just created. For example, QuickQ VPN was once exposed to copying the user's clipboard to steal the mnemonic.

  2. Private Key

    a. At the same time, Metamask generally encrypts the private key and saves it on the local device where the wallet is created so that it can be called at any time. If the Metamask plug-in is installed on Chrome:

    i. Storage location on Windows, Metamask private key save address:

    C:\Users\USER_NAME\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn

    ii. Storage location on Mac: Library>Application Support>Google>Chrome>Default>Local Extension Settings>nkbihfbeogaeaoehlefnkodbefgpgknn

    b. The security of Metamask depends on the security of Chrome. Once the Chrome firewall is breached by hackers, hackers can obtain the user's address private key and transfer all assets. This is why hardware wallets are more secure than plug-in wallets such as Metamask.

In addition to Metamask, some non-custodial wallets do not even achieve high censorship resistance, such as the theft of the Slope wallet on Solana: Slope's mobile app sent mnemonics to their Sentry server via TLS when creating a Phantom wallet. These mnemonics are then stored in plain text, which means that anyone who can access Sentry can access the user's private key.

In addition, there are more wallet security incidents that deserve our reflection:

EOA account stolen

  1. Fenbushi Capital founder’s wallet was stolen:

    The reason for the theft of Shen Bo's wallet was the leakage of the mnemonic phrase. The wallet used at the time of the theft was Trust Wallet. The stolen amount included approximately 38.23 million USDC, 1,607 ETH, 720,000 USDT, and 4.13 BTC.

  2. Wintermute wallet was attacked and lost about 160 million US dollars. The reason for the theft was that Wintermute used Profanity to create Vanity wallet in order to save gas fees (starting with 0x0000000, which can save gas when calling smart contracts):

    Profanity is designed to help people generate an account with special visual effects, such as an account that starts or ends with special characters. On the other hand, some developers use it to generate accounts that start with a lot of 0s.

    After Profanity obtains the first 32-bit private key SeedPrivateKey, in order to collide with the required account address, it will continuously iterate the private key through a fixed algorithm, up to 2 million times (the value comes from the article disclosed by 1inch). When the PublicKey is known, we can get the SeedPrivateKey by exhaustively enumerating the SeedPrivateKey and Iterator. The calculation amount is about 2^32 times 2 million times, and a graphics card with high computing power can complete it in a few days or even hours.

Contract account stolen

  1. Paraswap’s contract deployment address was stolen:

    According to SlowMist's investigation report: The hacker address (0xf358..7036) has obtained the private key permissions of ParaSwap Deployer and QANplatform Deployer. The hacker withdrew $1,000 from ParaSwap Deployer and transferred it to and from the QANplatform deployer address as a test. After analyzing 0xf358..7036 using the AML platform, we found that the hacker also stole The SolaVerse Deployer and multiple other vanity addresses. So far, the hacker has stolen more than $170,000 in funds.

  2. Ronin Bridge was hacked in March this year, losing 173,600 ETH and 25.5 million USDC:

    The hacker created a non-existent company and hooked up with a senior engineer at Axie through Linkedin and WhatsApp. He lured him with a new job opportunity, arranged an interview, and finally offered him a generous salary. However, the offer document was poisonous, so he successfully hacked into the Axie system and stole the private key of the EOA address where the engineer deployed the contract.

In addition to being a major target for hackers, mnemonic phrases are also a high barrier to entry for new users on WEB3.

  1. When creating a wallet, you need to manually copy 12 words for security reasons, and it is best not to take a photo of this white paper. Even if you use a trusted open source password storage software (such as 1password), we cannot use the convenient copy and paste method to save because there is a risk of clipboard theft.

  2. When restoring your wallet, that is, when you change your login device, you need to turn over this blank paper and re-enter the 12 words

Keeping a piece of white paper with 12 words on it sounds unreliable and un-web3: We look forward to living in the future of metaverse, but the security of our accounts depends on a piece of white paper invented in the Song Dynasty. So far, these two steps are enough to discourage most web2 players. After all, in the web2 world, most registration processes can be logged in with one click using a Google account/iOS account.

New solution for account recovery without mnemonics

In order to lower the threshold of wallets and attract more users to WEB3, we need to use social account login solutions such as Web2 without losing the security and anti-censorship of wallets. Therefore, we need a more convenient and secure account recovery solution. All current discussions point to one end: no mnemonics. There are currently two implementation solutions for no mnemonics: MPC solution and social recovery solution.

  1. MPC solution: The private key is generated by multiple parties through joint calculation, thus avoiding single point accidents caused by loss/theft of the user's private key.

    It can be understood that MPC is a 3FA. Each verification method holds a key fragment. The door lock does not have a separate key. When one of the key fragments is lost, the user can use other verification methods to restore the lost key fragment.

  2. Social recovery solution: Store funds in smart contracts, controlled by EOA wallets through a multi-signature/single-signature solution, and designate trusted third-party guardians. When the EOA wallet private key is lost, the control of the contract is replaced by a third-party guardian, so users do not need to save mnemonics.

    Current discussions usually discuss social recovery and account abstraction wallets side by side. It should be noted that the social recovery scheme is a standard and function on smart contracts, proposed by EIP-2429 in 2019, which means that users can change the control private key of the contract through the guardian; the recently hotly discussed EIP-4337 is a discussion about account abstraction, which we will discuss in the following chapters.

MPC Solution

The MPC solution is that when creating an EOA wallet, multiple parties jointly create private key fragments. In 2019, the paper "Two-party Elliptic Curve Digital Signature Based on Secure Multi-party Computation" was published at CRYPTO 2019, officially bringing the implementation of MPC into everyone's vision. MPC stands for Secure Multi-Party Computation.

  1. Multi-party computation (MPC) is a branch of cryptography that began with the pioneering work of Andrew C. Yao nearly 40 years ago. With multi-party computation, the generation of private keys no longer needs to be completed at a single point, but can be jointly calculated and held by a group of mutually untrusted parties (n parties) (n fragmented private keys). This technology is DKG (Distributed Key Generation).

  2. Distributed key generation can be done in a way that allows different types of access structures: the conventional "t out of n" setup will be able to withstand at most t arbitrary failures in operations related to the private key without compromising security.

  3. Threshold Signature Scheme (TSS) is the name for the combination of Distributed Key Generation (DKG) and distributed signature.

  4. At the same time, when the private key fragments of one party are lost/exposed, the MPC solution supports the recovery and replacement of private key fragments, thereby ensuring the security of the account without changing the account.

The MPC solution does not have a complete private key in account creation, use, storage, backup and recovery. Through the joint generation/holding of private key fragments by multiple parties and the "t out of n" TSS threshold signature scheme, it is more convenient than Metamask and other single-point generation/holding private key wallets. Security and anti-censorship: Compared with traditional mnemonic solutions, it greatly improves the security of user use and can even be comparable to hardware wallets

  1. safety

    a. No private key/mnemonic phrase: During the wallet generation process, each party (wallet project party and user) generates private key fragments through MPC. The complete private key has never appeared in the entire process. It can be understood that MPC is a true private keyless wallet;

    b. The cost of hacker attacks is greatly increased: Even if hackers invade the user's local device, they can only obtain private key fragments. Only when hackers control the wallet's server + the user's local device can they steal the user's property.

  2. threshold:

    Social login: Users can create an account on the MPC wallet through identity authentication methods such as email (assuming that the MPC wallet adopts a 2/2 signature scheme, that is, two private key fragments must be used at the same time to sign).

  3. Censorship Resistance:

    Centralized institutions (wallets/backup devices) only hold fragments of account private keys and cannot control user accounts.

Social Recovery Program

The social recovery solution is deployed on the smart contract account. The smart contract wallet can be understood as a contract for managing funds deployed on the chain using the EOA account. Like ordinary smart contracts, the deployer's EOA wallet has control over the smart contract.

  • Smart contract wallets are not a keyless solution because the controlled EOA wallets have private keys;

  • However, smart contract wallets can change the user's signature private key through social recovery schemes;

  • The social recovery solution is to have a guardian give you a replacement key after your key is lost.

Two years after the EIP-2929 proposal, in 2021, Vitalik first proposed a social recovery wallet application case in the forum:

  1. When creating a smart contract wallet, users can specify other EOA addresses as "guardians". The "guardian" address needs to sign and confirm on the chain and pay a gas fee;

  2. The user's EOA account serves as a "signature private key" and can be used to approve transactions;

  3. There are at least 3 (or more) "guardian" EOA accounts, which cannot approve transactions but can change the "signature private key". Changing the "signature private key" also requires the "guardian" to pay a gas fee for signature confirmation;

  4. The signing private key has the ability to add or remove guardians, but the whole process takes some time (usually 1-3 days).

  5. In daily use scenarios, users can use smart contract wallets with social recovery functions (such as Argent and Loopring) like ordinary wallets, confirming transactions with their signing keys. In this way, each transaction can be completed quickly with one confirmation, just like in traditional wallets (such as Metamask):

    a. Create a private key

    The account abstraction wallet is no different from Metamask in terms of private key creation.

    b. Keep private keys

    Since the EOA wallet that controls the contract is only used as a "signature private key" and control can be transferred through the guardian, users do not need to keep the mnemonic phrase specifically.

    c. Use private key

    ○ Contract wallets are also transfer/transactions, but because they need to call contracts, they are more expensive than MPC wallets and traditional wallets;

    ○ But because it is a contract call, it supports payment using non-Native tokens such as USDC/USDT (such as ETH is the native token used to pay gas fees on Ethereum), which will undoubtedly greatly reduce the difficulty of interaction for new players of Web3: in principle, the project party will swap the user's USDC into ETH in the same transaction and then pay the gas fee on their behalf.

    d. Back up the private key

    The private key backup step of the account abstraction wallet is replaced by a "guardian", which is counterintuitive and costly:

    ① When a user uses web3 for the first time and wants to register a wallet, he needs to find three trusted friends who already have EOA wallets in web3 and ask them to pay the gas fee to become his guardian;

    ② If the user wants to compensate his friend for the gas fee and use the newly created wallet to make three transfers, then to create a wallet, a total of 6 gas fees need to be paid, while the MPC wallet is free to create an account.

    e. Recover private key

    If a user loses their signing key, they can apply for social recovery. The user needs to contact their guardian and have them sign a special transaction (the user or guardian pays the gas fee) to change the signing public key registered in the wallet contract to a new signature. This is much simpler: the guardian can visit a web page, such as security.loopring, view the recovery request and sign it.

    However, in terms of the security of private keys, it does not reach the level of MPC wallets:

    1. Cost of being attacked: Hackers can still obtain the complete private key by invading the user's device. In other words, using a smart contract wallet only provides users with an additional means of retrieving their private key in the event that the private key is lost.

    2. Low censorship resistance: Since the social recovery scheme requires the appointment of “guardians”, there is a possibility that “guardians” may collude with each other to commit evil

    3. The main risks of social recovery are:

      ① Collusion: If some users know that they are part of a recovery, they may be interested in the execution of the recovery attack;

      ② Targeted attack: An external agent may know the owner of the recovery and target the weakest point required to perform a recovery attack;

      ③ General Exposure: If an attacker manages to infect a large user base environment dependency and gain access to multiple identities, it may also cause side effects to unaffected users through recovery.

    MPC vs. Social Recovery: Security, Threshold, and Censorship Resistance

The Future of Mass Adoption: Web3 Wallets

With the solution of account recovery without mnemonics, we can look forward to a new generation of Web3 wallets, that is, wallets that can be registered and logged in using email addresses. We selected representative projects of MPC wallets and account abstraction wallets for analysis: they both meet the low threshold of mnemonics-free user access, and we evaluate them from the perspectives of security and anti-censorship.

#Bitizen

Among MPC wallets, Bitizen wallet, which is more censorship-resistant and convenient, adopts 2/3 TSS solution. Let us analyze it from the perspective of wallet security and censorship-resistant:

  1. safety:

    a. Create

    In order to achieve strong auditability, after completing the wallet registration, the user can use a second device to back up the private key fragments via Bluetooth, using a 2/3TSS solution: Bitizen server, user local device and user second device.

    b. Custody

    Since no complete private key is generated during the wallet creation process, there is no mnemonic phrase: the user's Bitizen account will be associated with the user's cloud disk and email. The user only needs to log in with the email to use the Bitizen wallet normally.

    c. Use

    ① The user obtains the private key fragments stored in the Bitizen cloud and the private key fragments stored in the local device through facial recognition authentication for signing (2/3);

    ② After the second device backs up the private key fragments via Bluetooth, it can be saved completely offline and does not need to be used on weekdays (the signature only needs to be completed by Bitizen's server and the user's main device).

    d. Backup

    ①Back up the local private key fragments to the user's cloud disk;

    ② When the user needs to change the device to log in, he only needs to pass the email and face authentication. Bitizen will request the user to restore the backup of the private key fragments from the cloud disk.

    e.Recovery

    ① Similarly, when the user's device loses/accidentally deletes Bitizen's local files, the private key fragments can be restored through the cloud disk;

    ② When the user cannot even log in to the cloud disk, Bitizen will recalculate the private key fragments through the private key fragments on the server and the user's second backup device, allowing the user to resume normal use.

    Source: Bitizen

  2. Censorship Resistance:

    The 2/3 TSS solution allows users to have absolute control over their own wallets (2/3 of the private key fragments are in the hands of the users). Even if Bitizen goes bankrupt or runs away, users can still exercise control over their wallets normally.

#Unipass

Taking Unipass as an example, Unipass adopts the smart contract + MPC wallet approach, combining the advantages of the two solutions:

  1. In transactions, you can use any token supported by the wallet (mainstream, liquid tokens) to pay the gas fee;

    In terms of private key custody, MPC (2/2) and TSS technologies are used to generate private keys in a distributed manner, so that the private keys will not be obtained by hackers at a single point. The private keys are divided into two pieces, one is stored on the Unipass server, and the other is stored on the user's local device.

  2. To recover the private key, Unipass uses the DomainKeys Identified Mail (DKIM) solution. Users can use an email address as a "guardian" instead of other EOA addresses. This greatly reduces the threshold for users to find guardians: guardians are not required to use the blockchain, only the guardian's email address is required.

    Source: Unipass

Low threshold -> high applicability

Low-threshold wallets are not the end of wallet applications. The current Web3 infrastructure is still a long way from the traditional finance of Web2. The automatic deduction and regular automatic payment functions provided by Visa have brought great convenience to users, but it is still difficult to implement on Ethereum. Account abstraction accounts may be the next highly applicable blockchain wallet narrative: Visa published an article "Auto Payments for Self-Custodial Wallets", exploring the use of account abstraction wallet Argent to achieve automatic programmable payments on the StarNet network, allowing users to use self-custodial wallets to automatically pay without signing each transaction. How is the account abstraction wallet implemented specifically? This concept actually originated a long time ago.

Account Abstraction - From EIP-2938 to EIP-4337

With the proposal of EIP-4337, the topic of account abstraction has returned to everyone's attention. Social recovery solutions and account abstraction (using smart contracts as EOA wallets, i.e. account abstraction) were proposed earlier than EIP-1271, and wallets such as Argent have completed the implementation of StarkNet and other Layer2 applications. What is the difference between the EIP-4337 solution (account abstraction) that has been hotly discussed in the community recently?

From EIP-86 in 2015 to the recent hot topic EIP-4337, the core idea of ​​developers revolves around "contract as wallet", and account abstraction enables users to interact with the main network in an intuitive way. This allows users to precisely control the key permissions of the account. Since the code of the EOA account has been specified, it is impossible to perform modular and functional design on the EOA wallet, such as adding functions such as batch transfer/social recovery, so everyone puts the breakthrough on the smart contract. The proposal closest to EIP-4337 is EIP-2938. EIP-2938 also defines a new smart contract operation protocol, but it needs to be modified at the consensus layer, which is difficult for developers to maintain. The main innovation of EIP-4337 is that the main network does not need to make consensus-level protocol changes.

  • In EIP-1237, the signature initiation of the contract address needs to rely on the centralized Relayer for signature, but the Relayer is centralized, and the standards between different Relayers are different, which is not compatible with multiple chains/multiple dAPPs;

  • In EIP-4337, it is proposed to replace Relayer with Bunbler. Bundler is a decentralized multi-party, which improves the anti-censorship of smart contract wallets and unifies the signature standards, which can greatly reduce the integration difficulty for developers;

  • EIP-4337 will have an impact in the future, but for now it has not improved the user experience. Therefore, the discussion of this solution is limited to VCs and developers, just like Move to Aptos, which makes VCs and other investors and developer communities crazy. For web3 users, whether this Layer1 is written in solidity or Move does not make much difference to the user experience.

    ① After all, Argent, an account abstraction wallet, has completed $56.2 million in financing since 2018. After four years of development, it only has 74,000 addresses: just as after the rise of DeFi, cryptocurrency users turned from exchanges to Metamask to mine high APY mines, which led to the rise of Metamask. At present, the craze for smart contract wallets still needs a new catalyst;

    Source: Dune

    ② The current user deposits on Argent are not as much as the financing amount

    Source: Dune

    ③However, with the implementation of the account abstraction proposal of the Ethereum mainnet, it means that Argent users can seamlessly connect from StarkNet to the Ethereum mainnet, and the sparks ignited in this process are also worth looking forward to.

  • Use Cases

    ① Refined authority control: Refine the single signature authority of EOA:

    ▽Give user A a transfer limit of X TokenB in the contract

    ▽Give B the authorization contract to trade tokenC instead of the transfer authority

    ▽When a contract is not used for a long time, the right to use the contract will be automatically transferred

    ②Diversified payment methods for Gas: payment by others or payment with any token

    ③Automatic deduction/automatic refund

Embracing the Future of Web3

As a cliché, there are 4.8 billion web2 users, and web3 users have just exceeded 100 million in 22 years. We are still in the early and wild stages of blockchain development.



Let’s go back to the question at the beginning of the article: “How much risk and responsibility am I willing to take for my assets?” Is it possible to ensure that my wallet is not lost without having to remember my private key?

I have always heard traditional VCs questioning: Is there any scenario that only web3 can do but web2 can't? We believe that Web3 wallets are one of the examples that slap the face of traditional Web2: only in the decentralized network of Web3 can we expect a good wallet that meets anti-censorship, security and user experience, and users do not have to bear risks or responsibilities. The emergence of such wallets is also an important foundation for 4.7 billion Web2 users to embrace the future of Web3: wallets are not only the first entrance to Web3, but also the foundation for the development of on-chain domain names (such as ENS), soul-bound tokens (Soul-Bounded Token), on-chain reputation systems (Decentralized Identifiers), etc. Without a secure wallet environment, the construction of Web3 Lego will not have a solid foundation.

We need to think more seriously. There are not many opportunities to fire in a bear market. MPC shows us a future where EOA wallets are easier to use and safer, and can be adapted to all current EVM chains. There is still a long way to go for smart contracts to be connected to dAPP. The social recovery solution currently looks useless, but the future possibilities of smart contracts are exciting. Who should we bet on? We will give this answer with real money.

2022 is a dark year for cryptocurrency, but we still believe that the future is bright. We are awakened warlocks in World of Warcraft, and we hope to create a world where no one can take away our life siphon (unless the proposal is voted through).



Disclaimer: Part of this article is based on an interview with Winson, CEO of Web3 wallet Bitizen. Bitizen is one of RedlineDAO’s portfolios. We would like to thank Bitizen and Winson for their support for this article.

references

  1. Threshold signature description: https://www.wwsww.cn/btbjiaoxue/1273.html

  2. Bringing Web2 users to Web3 — The future belongs to mnemonic-free wallets: https://mp.weixin.qq.com/s/TF2FCQDyyApzEVHQjxgZRg

  3. V God: Why do we need to widely adopt social recovery wallets? :https://www.163.com/dy/article/GNQ4K9D905373E94.html

  4. Non-custodial Solana wallet Phantom was hacked and multiple users’ funds were stolen: https://chainfeeds.xyz/search

  5. Fenbushi Capital founding partner Shen Bo: Personal assets valued at 42 million were stolen and the case has been reported: https://chainfeeds.xyz/feed/flash/detail/7a02d517-5a54-4892-a42a-ac519406da12

  6. Wintermute lost $160 million in DeFi hack: https://chainfeeds.xyz/feed/flash/detail/39c24b5e-693c-49a1-bf5c-ec04b829f8b6

  7. The private key of the ParaSwap contract deployment address may have been leaked, and the funds on the chain have been stolen: https://chainfeeds.xyz/feed/flash/detail/04c9a5d2-6e86-4207-9b1d-913eced8d2a7

  8. Reasons for the Ronin cross-chain bridge theft: https://chainfeeds.xyz/feed/flash/detail/7a810726-80eb-4fef-a40b-a38c3c9f9738

All rights reserved. Reproduction without permission is prohibited.