On April 5, JoyID founder and CEO Cipher shared the JoyID Wallet product and its principles in a live broadcast on the Denglian community, and also looked forward to the future development of wallets in the Web3 field.
The following is a summary of the content compiled by Byte Jun based on the live video:
Will wallet innovation be the next push for blockchain?
We can see 3 status quos:
1. More and more capital and developers have entered Web3. It is generally believed that Web3 is still an important narrative. Although it has been stolen by AI recently, capital and developers are still willing to come in.
2. The current mainstream user profile of Web3 is speculative users, and there are also users who care about others.
3. In the entire Web3 DApp field, the DeFi narrative is declining, even weak, and out-of-circle applications such as Game, Social, NFT, and music are on the rise.
At this time, you will find that there is a contradiction between the narrative of Web3 and the current situation. The narrative of Web3 is to replace Web2, or at least the user base is the same as Web2, but currently there are not many real users of Web3, and the number of users using wallets may not exceed 20 to 30 million people worldwide.
Why is there this contradiction? A very important reason is that the wallet blocks users and prevents them from entering.
There are three common problems with wallets: the mnemonic learning curve is too high, the private key cannot be recovered if it is lost, and the user needs to pay a handling fee. These current wallet products are safe but inconvenient for technology geeks; they are neither safe nor convenient for 99% of people. They are unsafe because most of them do not have the ability to manage private keys.
Of course, there are currently several solutions for wallets:
Smart contract wallet: It can solve the two major problems of losing the private key and requiring users to pay the handling fee, but it does not solve the problem of the high learning curve of the mnemonic phrase. Smart contract wallets also have problems with high costs and multi-chain synchronization.
MPC (Multi-Party Secure Computing): It can solve the problem of too high mnemonic learning curve and unrecoverable private key loss, and unconditionally supports multi-chain, but it does not solve the problem of user payment for handling fees. The essence of MPC is SaaS. No matter how many fragments the MPC wallet helps you divide the private key into, in the end every transaction signature actually relies on the MPC server to help you do something, and you can only rely on it, so there is Very high risk.
Other options: custodial wallets, or custodial wallets disguised as MPC, and hybrid wallets using MPC, contracts, and other technologies.
Special reminder, as long as MPC is involved, you need to ask yourself whether you really plan to use a SaaS wallet? In addition, be especially wary of MPC wallets that only require one verification to complete the login.
Features of JoyID Wallet
Before introducing JoyID, you can try out the beta version of JoyID, which supports Windows computers, Mac computers, iPhones, and Android phones with Google Services (GMS) installed.
Beta version link: https://app.joyid.dev
CKB test coin collection address: https://faucet.nervos.org
JoyID wallet has the following features:
No password, no words to remember: Create a wallet directly through your fingerprint and confirm the transaction.
No need to rely on any Web2 account: no mobile phone number, no email...
Decentralized, truly non-custodial: The key is generated in the security chip of your device. JoyID can only read your public key and request a signature, but cannot read your private key.
No installation required: No need to download the App, just open the web page, and it is also easy to integrate with other applications.
Multi-device login: The beta version requires you to enter the address on other devices before authorizing the login. Later, it will be optimized to directly scan the QR code to log in (similar to Telegram’s multi-device login method).
Supports mnemonic phrases, social recovery, Passkey and other recovery solutions (optional).
Have an experience beyond Web2 accounts.
JoyID has a very wide range of device support. Account creation can be achieved in browsers of Windows 10/11, MacOS (requires TouchID support), Android 7.0+ (requires GMS), iOS 14.5+ and other systems (do not use "magic modification" browser, such as WeChat browser), and the login of JoyID account has no requirements on the device system and supports login on all platforms. It can also be used later on Linux systems, but you need to use Yubikey to generate public and private keys.
Introduction to the principles of JoyID
First, let’s popularize the cryptography basics of JoyID: WebAuthn/Passkey.
WebAuthn is a next-generation passwordless account technology launched by the FIDO Alliance and supported by many major Web2 companies (such as Microsoft, Google, Apple, etc.). This technology builds a TEE called a security chip or security zone (independent of the CPU chip) into each device, and then generates a public-private key pair inside. Its security has reached hardware-level security, and biometric technology is used to further ensure safe use.
Passkey is based on WebAuthn and realizes interoperability or mutual authorization between multiple devices.
This technology was originally used for the Web2 account system, but we used it on the blockchain and named it “device account”. What does device account mean? Essentially it is a contract account, but the private key of this blockchain contract account is not saved through a mnemonic, but is saved using the hardware chip on the device. By using WebAuthn/Passkey technology, you can use the system's security chip directly in the web environment to generate and sign keys without installation, and then bind multiple device keys to the same device through account abstraction technology. The address is published on the blockchain, and the account recovery function is also provided.
The cryptographic algorithms used by WebAuthn/Passkey are P256/RS256, etc., which are different from the secp256k1 used by mainstream blockchains. Therefore, the blockchain needs to have the ability to abstract accounts and support other cryptographic source languages. There are very few such blockchains, and Nervos CKB can meet this requirement, so JoyID chose to develop on the Nervos CKB blockchain.
Here is another popular science about the UTXO-based account abstraction on Nervos CKB. In fact, each UTXO is managed by a locking script. Users only need to provide correct proof to unlock the locking script. Usually, the "proof" is the digital signature; the "locking script" is the signature verification algorithm, such as secp256k1, and the locking script is the "address". Bitcoin is the first blockchain to use the UTXO model, but Bitcoin's locking script is not Turing complete and has significant limitations. Nervos CKB improves on the Bitcoin UTXO model and provides Turing-complete scripts based on the RISC-V virtual machine, so all accounts on CKB are full-featured abstract accounts.
Many people may ask, JoyID is developed based on Nervos CKB. Does it only support CKB and not other EVM chains? Actually no, JoyID will support multiple chains. In addition to the CKB chain, it will also support CKB’s side chain Axon. Axon is 100% compatible with EVM and has a very high TPS. In fact, as long as other EVM ecosystems are seamlessly migrated and combined with JoyID, a low-threshold wallet, the needs of new users can be met, because they will not particularly care which chain they are playing on, but only care about what is playable in the ecosystem. There are not many projects.
Here we explain the technical principles behind it. Transactions on Ethereum consist of two parts: the original transaction and the digital signature. The digital signature is verified by the node. After the verification is passed, the EVM is allowed to execute the transaction content. The EVM will not verify the digital signature. Therefore, we can replace the Ethereum digital signature with the JoyID signature. When the node encounters the JoyID signature, it throws the signature to CKB for verification. After the verification passes, the transaction content is handed over to the EVM for execution. This will achieve 100% EVM compatibility.
The development of Axon is now nearing completion, so you can see that the beta version of JoyID includes ETH and USDT. It is currently gray and unavailable, but it will be available for play in a few months.
Finally, it is necessary to mention that JoyID’s entire process is open source and decentralized. JoyID's contract is still under audit. After the audit is completed, it will be open source and open to access; the middleware will also be open source and allows third parties to deploy themselves; the front end will also be open source and can be deployed by anyone and supports offline signatures. JoyID's account key is completely held and managed on the user side. Therefore, JoyID truly realizes the entire process of open source and decentralization.
Full-process open source and decentralization are very important in the entire Web3 infrastructure, because when your number of users reaches a certain level, such as more than 100,000, sooner or later you will realize that you cannot always rely on one center. oriented, opaque SaaS.
The future of Web3 wallets
First let me talk about two of my own judgments:
1. Wallets are designed to replace Web2 accounts.
2. Wallets that use email, mobile phone number, username and password, Google login, etc. as the entrance must be in an intermediate state, because if the wallet wants to replace the Web2 account, it cannot be dependent on the Web2 account service.
Some people may ask, I am using the Web2 account service very well, why should I switch to a Web3 account? Because Web3 accounts have many advantages:
1. No password, no fear of server leakage or social engineering, more secure;
2. There is no need to provide an email/mobile phone number, and the privacy is stronger;
3. Application-side docking does not require permission from the central party, making it more open;
4. The account is self-sovereign, does not rely on a central party, exists independently, and is more reliable;
5. Naturally equipped with payment and collection functions, as well as more decentralized services.
Some people may also ask, since Web3 accounts are so good, why are so few people using them now? Of course there are historical reasons for this, but I think the more important thing is that the threshold for Web3 is too high. That’s why JoyID wants to lower the threshold lower than Web2.
After the threshold is lowered, it is obvious that more people will enter the Web3 world, and the permissionless, open and composable nature of Web3 accounts will make more and more Web2 applications start to use Web3 accounts, eventually leading to no clear boundary between Web2 and Web3 .