Original text: "Dialogue with Braavos: In-depth Account Abstraction and the Future of Contract Wallets"
The second "StarkNet Chinese" community AMA event invited Motty Lavie, the founder of Braavos wallet, to discuss account abstraction and smart contract wallets, and to gain an in-depth understanding of the operating mechanism of Braavos' latest hardware signer. (Related reading: "Rollup on Rollup": Account abstraction solution in the Rollup era)
About Braavos
After the Braavos team built the first AMM protocol mySwap in StarkNet, they developed the first StarkNet wallet Braavos that can be used on mobile devices. The team aims to "stick to decentralization and self-custody, and we will never compromise on security and user experience." Braavos is a self-custodial native wallet in the StarkNet ecosystem. It has powerful features such as forgotten passwords, multi-authentication, and hardware signers. It helps users eliminate mnemonic phrase dependence, improves wallet security, and integrates DeFi functions to help users easily earn income from wallets, greatly meeting the needs of crypto users. Currently, Bravvos mobile and PC have over 150,000 downloads and has become one of the most commonly used tools on StarkNet.
Wonderful dialogue:
How to build a Braavos wallet? Why is the Braavos wallet built on StarkNet? Share the Braavos future roadmap Looking forward to the future of smart contract wallets Solutions for replacing hardware signer devices How does the hardware signer ensure wallet security?
The following is a portion of the translated conversation. The conversation has been edited for this article. Please click here for the full AMA audio recap.
Topic: Account Abstraction and the Future of Contract Wallets Moderator: Diamond Guest: Braavos Co-founder Motty Lavie Text
Moderator: Braavos is the native wallet on StarkNet and has been developing rapidly recently. Congratulations to Braavos for successfully raising $10 million some time ago. The hardware signature function recently released by Braavos has attracted widespread attention in the community, which is also the topic we want to discuss in depth this time. But before we start, Motty, can you tell us about your personal experience in the crypto industry? How did you start to create the Braavos project?
Motty: I used to say that I was a newcomer in the crypto industry, but after a few months or even years, this is no longer accurate. Over the years, I have become more and more experienced in the crypto industry and have a better understanding of STARK technology. At the very beginning, when STARK technology was made public, we were thinking about doing something. So there was the first investment, and then the mainnet. In fact, Braavos is the second project on StarkNet. The first is the classic AMM DEX, MySwap. It was launched on the StarkNet testnet in January last year and on the mainnet around August this year.
Host: Why did you choose to build Braavos on StarkNet?
Motty: That's a good question. I often joke that we are latecomers to the crypto industry. We started to enter the crypto field a few years ago and spent a lot of time studying different L1 solutions. We gradually realized that Ethereum will become the mainstream network in the future in terms of value and potential. But the problem is that if the focus is on decentralization and security, scalability will be severely limited. In the last bull market, we all experienced a sharp surge in gas, and a simple operation cost tens or even hundreds of dollars. So we started to study Ethereum's expansion solutions, learned about some side chains, but looked more at Rollup, which includes fraud proofs and ZK-Rollup, or validity proof. When faced with these choices, we thought that ZK-Rollup would be the best long-term solution from a technical point of view. At the time, StarkNet, which uses STARK proofs, and zkSync, which uses SNARK proofs, were competing with each other. These are two different proofs of validity. Among them, StarkNet, which uses STARK technology, has been tested in actual combat. It is a more mature technology used by StarkWare after StarkEx. StarkEx has been the infrastructure for projects like dYdX and DiversiFi, now called Rhino, and Immutable X.
Moderator: We all believe in the potential of StarkNet and Cairo. So what do you think is most promising about smart contract wallets?
Motty: It should be the great value that smart contract wallets will bring. I think in the next 3 to 5 years, all wallets will be smart contract wallets because of their better functionality, security and user experience. For Braavos, this is also what we want to take advantage of. We are thinking of taking advantage of the inherent characteristics of smart contract wallets to improve the overall security and user experience of wallets. We want to give users who are familiar with Web2 and centralized encryption solutions a similar experience without having to preset some settings. Then we all saw the FTX incident this time, and before that there was USD, Voyager, and so on. These centralized solutions are more attractive to users because they are much simpler to use than decentralized self-custody solutions. But with smart contract wallets, we can cross this hurdle and let users have a similar experience of centralized exchanges on decentralized products, while still being completely decentralized and self-custodial.
Moderator: What is the specific development progress of Braavos? Can you share the future roadmap?
Motty: We launched Braavos five or six months ago. In the first few months, we focused on the basic functions of the wallet. We had to provide users with functions that other wallets include. Some of these functions are novel in StarkNet, but they are already available in other wallets. For example, allowing users to view NFT collections in the wallet; launching plug-ins on multiple browsers; releasing mobile applications for Android and iOS; adding transaction functions to exchange funds in the wallet; and concisely explaining transaction information. These are the most basic wallet functions until the hardware signer function we launched two weeks ago. It uses a hardware security module, which is mainly implemented through account abstraction. The security module we use in mobile devices is almost equal to the security of using a crypto wallet on the chain, so the security of the wallet is very high. So far, this technology has not been used by any other blockchain.
Smart contract wallets that use account abstraction have the ability to verify any signature, so we can verify any cryptography, including the cryptography used by mobile device security modules. In the future, users will no longer need to rely on wallets, because our hardware signers are compatible with both mobile devices and computers, include two-factor authentication, define different types of accounts and set different restrictions on them. Braavos also plans to launch the ability to pay network gas fees with multiple tokens. For example, if a user has USDC in their wallet, they no longer need to buy network native tokens to conduct transactions, but can use the USDC already in their wallet to pay transaction gas fees.
Host: Motty, how do you think the future of crypto wallets will develop?
Motty: Braavos aims to become a fully decentralized wallet, where all assets in the wallet are self-hosted by the user, and the experience is similar to that of Web2 applications. Therefore, users do not need to worry about leaking private keys and mnemonics, hacker attacks, losing private keys and being unable to log in to the wallet, forgetting private keys and mnemonics, etc. Therefore, our goal is to bring users a brand new experience. On the one hand, using technology, security measures, etc., it is as convenient as in the real world. For example, what if I lose my passport? I can restore it in a variety of ways, so no one will worry about losing their passport and not being able to find it back. On the other hand, by adding new features to the Braavos wallet, as many user needs as possible are met, such as built-in exchanges, asset pledge channels, mortgage lending, etc.
Braavos not only puts user security first, but also pays equal attention to the decentralization and self-custody solutions of wallets to avoid the FTX incident. "We will never compromise on security and user experience" is our unchanging slogan.
Moderator: Regarding the hardware signature device, some audience members think that it works well on mobile devices, so how to use the hardware signature device in browser plug-ins? Because currently users use plug-ins more frequently than mobile terminals.
Motty: I would like to reiterate that there are many users using the Braavos mobile terminal, so we also focus on the mobile experience. The number of users using browser plug-ins is also growing. So for the experience of both user groups, our hardware signer uses the built-in security subsystem on the device to protect your account, such as the Secure Enclave of the iPhone and the Titan HSM of Android. The computer can also set up a dedicated, isolated system that is completely separated from the application processor to generate private keys and sign information. There will be no conflict between the mobile terminal and the computer terminal, and we also encourage users to use the Braavos wallet on different devices.
Regarding the update of the hardware signer. Since the private key of the hardware signer system is unknown to anyone, not to the user or the application itself, it is seamlessly connected just like the update and upgrade of applications and protocols, and no user operation is required.
In addition, we also envisioned another scenario: when the user changes the device, we designed two solutions. The first solution is to transfer the hardware signature to the new device by scanning the QR code set in the old device and approve this operation on the chain. It should be noted that once the user transfers to the new device, the old device will no longer have access rights. The second solution is a compromise. We currently retain the option to allow users to send approval requests through mnemonics and give them four days to regain control of their wallets. When an attacker steals the wallet and intends to transfer assets, the user restores the wallet through the mnemonic and cancels the malicious request to ensure the safety of the assets. The above are two solutions provided by Braavos. We support users to update and upgrade their devices because Braavos will ensure the safety of user assets.
Moderator: If a thief steals and hacks into my device, when I use the mnemonic phrase to request to delete the wallet, can the thief cancel the request? How can I ensure the safety of my assets?
Motty: Yes, we have considered this, so the premise of the hardware signer is that it is supported by the security module on the user's device, which is a completely separate subsystem with built-in biometrics. To approve transactions, the user's fingerprint or facial recognition is required, and even if the device is stolen or hacked, the security module cannot be accessed to initiate transactions on behalf of the original user. For example, the security chip inside the iPhone is called the "Secure Enclave", and it has never had a major vulnerability until the data incident in 2018. A group of attackers gained control of the phone and went to great lengths to tamper with the data, but even then they could not sign transactions on behalf of the original user. Now, four years later, there is still no way to break the iPhone's security chip, and the same is true for the Titan HSM in Android phones. These security modules are tested every day by companies and governments around the world, and no one has yet broken them, so these time-tested modules are very secure. If someone can hack into your phone, it's already a government-level attack. Then he needs to spend days or even weeks bypassing Google and other security verification. And as mentioned before, this has not happened in four years. The dual protection of hardware signature and biometrics should give users peace of mind.
