The next stop for Web3 wallets: Why we are optimistic about the wallet track without mnemonics

Author: Jsquare Research
 
According to statista.com data, as of November 2022, the number of digital wallet users has reached 85 million (YOY ~ 6.3%). As the entrance to Web3.0, digital wallets have been in the hot spot during the bear market construction period. Its user experience and security directly affect when cryptocurrencies and their applications are widely adopted.
 
1. “No private key means no token”
 
The prerequisite for owning digital assets is to fully and truly control your own private keys.
Although self-hosted digital wallets are safe, mnemonics and private keys are much more complicated than the traditional Web2.0 entry-"username-password". According to a report by Chainalysis in 2021, about 20% of Bitcoin is lost because its owner does not remember the private key. Countless hacker attacks and security incidents such as FTX's collapse continue to attract attention from the industry.
On Ethereum, there are two basic types of accounts:
EOA account (Externally Owned Account): Each unique private key of an EOA should be derived from 12 unique mnemonics. Currently, most mainstream dApp wallets are EOA wallets, such as Metamask, Phantom (Solana), BSC Wallet (BSC), Keplr (Cosmos), etc. These wallets are not programmable.
Contract Account (a smart contract deployed on the chain through an EOA account): is a programmable EVM code deployed on the chain through an EOA account and can only be called by an EOA account.
In short, each account is identified by a unique private key, but the mechanism has defects, that is, the forgetting, loss and leakage of the private key will cause irreversible loss of digital assets.
There have been significant advances in two mainstream solutions for crypto wallets without mnemonics: smart contract wallets (including multi-signature wallets) and multi-party computation (MPC) wallets.
 
2. Smart contract wallet and abstract account
 
Smart contract wallets are smart contracts that use specific EOA accounts to manage on-chain assets and can support further programming. For example, a multi-signature wallet is a smart contract wallet that requires signatures from M-of-N keys to approve transactions. This approach can enhance the security of the wallet because it requires multiple keys to control assets instead of just one private key.
Recently, due to the significant progress of the EIP-4337 proposal, account abstraction and smart contract wallets in Ethereum that do not require consensus layer protocol changes have become hot topics again. Account abstraction decouples the relationship between signers and accounts, combining the programmability of CA and the ability of EOA to actively initiate transactions. Therefore, users can customize internal logic without making improvements from the consensus layer or the underlying layer.
In the past, many proposals for account abstraction were shelved due to technical limitations and the complexity of the consensus protocol layer. However, with the development of Ethereum and technological progress, account abstraction has become possible, which will bring more development space for new wallets such as smart contract wallets.
The main goal of EIP-4337 is to separate key functions such as signature verification, gas payment, and replay protection from the core protocol of Ethereum and put them into smart contracts for execution. In this way, a smart contract wallet with arbitrary verification logic can be used as a master account without any consensus layer protocol modifications. Validators, MEV searchers, or the application itself can take transactions from the UserOperations pool and forward them to the blockchain to pay fees. The main advantage of this proposal is that it reduces the complexity of the Ethereum core protocol while increasing flexibility and scalability.
EIP-4337 still has some issues with compatibility and verification process, so it will take time to perfect. In addition, the introduction of new contract mechanisms and functional modules may bring new contract risks and increase gas fees. Therefore, for the application development of account abstract wallets, a wait-and-see phase is necessary. However, with the passage of time and the continuous advancement of technology, this form of wallet is expected to be widely used and promoted in the future.
 
3. MPC Wallet
 
The paper Two-Party ECDSA from Hash Proof Systems and Efficient Instantiations brought the application of MPC (multi-party computation) technology to the public’s attention. In layman’s terms, the most basic properties that the MPC protocol aims to ensure are:
Input Privacy: Information about private data held by parties cannot be inferred from the messages sent.
Correctness: Any appropriate subset of parties willing to share information or deviate from instructions should not be able to force an honest party to output an incorrect result.
MPC wallets use threshold signature schemes (TSS) to create a share of a private key. They are designed to improve security by requiring multiple parties to jointly create a private key fragment and then verify transactions. Most importantly, the private key will not appear in any process during account creation, use, storage, backup and recovery.
 
4. Is MPC wallet a better solution?
 
Here, we will focus on the following attributes to evaluate WEB3.0 wallets:
safety:
Smart wallets use a single private key to control and access funds. Because smart contracts can be customized, there are risks such as contract vulnerabilities and compatibility. Even decentralized storage on multiple devices such as multi-signature wallets cannot guarantee complete security. Experienced hackers can track and reconstruct keys, allowing them to move laterally in the network and compromise other servers or devices after compromising one server.
MPC wallets divide private keys into several parts and distribute them to multiple parties, making it more difficult for attackers to steal private keys. In certain specific cross-chain scenarios, if multi-chain transactions and high-frequency interactions with dApps are not required, MPC wallets will be more secure. However, they cannot avoid off-chain governance, such as signing authorization policies and approving quorums. It cannot be said which of the two has absolute security. We prefer to focus on improving user experience.
Ease of use:
Is it as smooth and seamless an experience as Web2.0 payment products?
Both wallets do not require mnemonics, making them more user-friendly than traditional wallet solutions such as MetaMask (browser-based).
Feature:
Whether it meets the actual needs of Web3 users, such as DeFi or NFT daily transactions, investment, digital identity, web3 social networking, etc.
Compared to traditional EOA wallets with limited functionality, Smart Wallets have advanced features such as multi-signature transactions, daily transfer limits, emergency account freezes, and more secure account recovery. Some organizations, such as exchanges, custodians, and other large digital asset businesses may prefer MPC wallets because this technology prevents trust in any employee with a single asset key. Some solutions, such as Lit Protocol, can interact with off-chain data through HTTP requests, which may make MPC useful for Web assets.
Scalability:
Is it easier to build new features and integrations into the ecosystem?
Smart Wallets are essentially smart contracts that enable an ecosystem of developers to extend wallet functionality by default, and anyone can audit implementations and feature extensions.
The MPC protocol is not standardized, and the existing ecosystem mainly consists of customized MPC wallet products.
cost:
Due to the need to verify multiple signatures, a single operation from a multi-signature smart wallet is generally more expensive than today’s MPC, although transaction batching could help save costs in the long run.
MPC wallets may have lower transaction and recovery costs. MPC wallets are represented as an address on the blockchain and do not charge additional gas fees, which may be important for B2C users who conduct hundreds of transactions per day.
transparency:
Smart wallets have a more transparent and auditable code base. Because key generation and signatures are generated off-chain, and many MPC protocols are not open source, the ecosystem has no easy way to independently audit and integrate them for analysis when problems arise. MPC wallets hinder transparency and require more rigorous operational audits.
As an off-chain wallet solution, the MPC wallet can control both ordinary wallets based on external accounts and smart wallets. It does not involve changes to the Ethereum consensus layer or contract layer. It is cheaper for users and more feasible in the short term. However, the off-chain multi-party accountability system cannot be avoided, and the competitiveness of wallet products in terms of security or user experience has not been significantly improved.
Smart wallets are a product with many opportunities for innovation, which can bring more new applications and use cases. However, account abstraction is a big project that requires other smart contracts, developers, and Ethereum architects to cooperate and upgrade. It is worth noting that L2 s greatly accelerates the speed of adoption, reduces costs, and improves scalability. For example, Starkware has made all Starknet accounts native smart wallets, and zkSync 2.0 will also be launched with AA.
In summary, we believe that the two are not contradictory, and the choice between the two depends on specific needs. MPC provides security at the level of key generation and management, while smart contracts bring scalability and more applications to the development of the ecosystem. They are essentially not in the same dimension to solve the problem of private key management. We look forward to seeing more innovative products that apply these two technologies. For example, the MPC protocol may be used in combination with a multi-signature wallet.
 
5. Comparison of the two wallets
 
It is precisely because wallet developers can continuously update new features based on smart contracts, as well as the demand for application scenarios such as programmatic payment and high-frequency trading in games, that more and more developers and teams are engaged in the development and innovation of smart wallets. We are positive about the new narrative of wallet abstract accounts.
For example, Visa published an article titled "Auto Payments for Self-Custodial Wallets" that explores the use of the account abstraction wallet Argent to achieve automatic payments on the StarNet network. Programmatic payments allow users to use self-custodial wallets to automatically pay without signing each transaction.
In addition, a number of smart wallet products have emerged in the market, such as Argent, MetaMask, Gnosis Safe, Rainbow, etc. They have different degrees of breakthroughs and innovations in user experience, security, and functionality. At the same time, there are also some wallet teams developing customized wallets for specific scenarios, such as the MetaHero wallet, which is widely used in the NFT field.
It should be noted that the development of smart wallets is not only a technical challenge, but also requires full consideration of user needs and experience. In terms of user privacy protection and authorization management, smart wallets need to have higher security and convenience. On this basis, the functions and designs of smart wallets also need to be closer to user needs and provide more personalized and segmented services. In addition, smart wallets also need to be deeply integrated with other applications and ecosystems to provide more complete and integrated services.
In short, MPC wallets and smart wallets each have their own advantages and disadvantages, and choosing the right wallet solution for different scenarios and needs is the key. For individual users, smart wallets may be more suitable for daily transactions and management of digital assets because they have a wider range of applications and better user experience.
For institutional or corporate users, MPC wallets may be more suitable because they are more secure, easier to implement multi-party accountability, and have lower costs and better scalability. In addition, as technology develops, we may also see more wallet products that integrate smart contracts and MPC technology to provide a more comprehensive solution.
 
Summarize
 
Technology is only a sufficient condition for the realization of functions, and functions will lead to inevitable changes in the market structure.
It is not difficult to talk about technologies such as the MPC protocol and account abstraction. What is difficult is how to implement the product iteration process of applying technology to the market. In addition to the security issues that everyone is concerned about, improving user experience will be a very important dimension for us to evaluate wallet products. After all, as a tool to enter Web3.0, wallet products should not only serve users who are now accustomed to private keys and mnemonics. The more important purpose should be to "go out of the circle", provide a smoother product experience, and attract more Web2.0 users to join.
At present, EIP-4337 is the most feasible account abstraction solution. There are already many smart wallet projects exploring this path. We suggest that you pay more attention to the construction of account abstraction and smart wallet projects, especially Layer 2 products. In contrast, the MPC protocol will also be a more secure and reliable technology, but how to better apply it in actual MPC wallet scenarios is the key to product polishing. We may need more patience to see more diverse and targeted wallet solutions for individuals and institutions.