The Future is Now in Beta: Introducing the All New EthSign Signatures
We are thrilled to present you with EthSign Signatures Beta, the latest version of our e-signing product that provides the same functionality, UX, and legal validity as a Web2 e-signing platform while leveraging the power of blockchain to enhance transparency and security.
Users can upload documents, create annotation objects such as signing fields, text fields, and checkboxes, invite co-signers, track signing status, download documents, and view a history of the entire agreement lifecycle.
Technically and visually, EthSign Signatures has been rebuilt from the ground up based on extensive research and user feedback. Our new smart contract reduces gas consumption by 9X while preserving our ability to effectively capture relevant information. This is accomplished by implementing EIP-712, emitting solidity events to our own subgraph, and permanently storing documents and related data on Arweave via Bundlr.
Functionally, we are proud to add new features including:
- Read-only viewer permission
- Signing order between co-signers
- Expansive set of PDF annotations & text fields
- Address-locked encryption without passwords
- Permanent document storage on the blockchain
- Push notifications via EPNS & Blockscan Chat
- Increased hosting stability and accessibility
- … and more!
Practical Decentralization
In the past, we have strived for maximum decentralization by relying entirely on a decentralized tech stack. Although we champion the spirit of decentralization through and through, it’s simply not ready for production use yet. For instance, we hosted the web content of our previous version of EthSign Signatures on IPFS nodes and encountered sporadic outages and poor reachability in regions outside of North America and Europe. This caused us tremendous headaches and forced us to rethink our approach to decentralization.
In the latest version of EthSign Signatures, we have opted for a more practical approach to decentralization in order to maximize product usability while maintaining decentralization. On one hand, we actively host our web content on Arweave (ar.ethsign.xyz) to promote decentralization. On the other hand, we host the same web content on AWS to boost accessibility to our primary domain (ethsign.xyz & www.ethsign.xyz) in more challenged regions.
Optimally Capturing Intent and Consent
What does signing a document mean, really? Usually it means agreeing to a set of terms outlined in the document and leaving behind proof of doing so in case disputes arise in the future. At its most fundamental level, the act of signing captures intent and consent. In the case of any sort of contract, the contents capture intent and the signature captures consent. To keep track of a valid signature on a document, we only need to store information that can be used to identify said document and information that proves the signature was indeed generated by the signer.
In the context of a smart contract, these two key pieces of information correspond to the unique identifier that points to the signing document and a cryptographically-verifiable proof of signing respectively. In previous versions of EthSign Signatures, we opted to place document hash, signer’s raw elliptic curve digital signature, and the entire contract version history directly into our smart contract storage. This proved to be catastrophic in terms of gas consumption. We have since aggressively optimized our approach to information storage in an effort to reduce gas consumption.
Firstly, we no longer store raw ECDSA signatures inside the smart contract. We have, however, gated our record keeping data structure so that it can only be modified if the signing action can be authenticated via EIP-712 compliant ECDSA. This ensures optimal cryptographic verification of signer consent. These modifications improve intent capture and greatly reduce storage use, as we no longer store a string for each signature and EIP-712 provides much more context to signatures compared to our previous approach using personal_sign.
Secondly, we stopped explicitly saving past states of documents and signatures in smart contract storage. Instead, they are emitted as Solidity events, as they consume much less gas compared to explicit data storage. They are then captured by our own subgraph, powered by our partners at The Graph. We have also added support for signing order, which enables the uploader to specify a signing order between different signers. This added piece of information is stored with other relevant attributes and tightly packed into a single uint168 for maximum storage efficiency. Signing documents themselves are stored on Arweave via Bundlr, a permanent storage solution. Data on Arweave is guaranteed to exist as soon as they are mined and replicated on every single node after just a few confirmations, which is crucial when it comes to storing PDF contracts. IPFS pales in comparison where there is no guarantee of data integrity and its incentive layer, Filecoin, does not have true permanent storage as storage is rented and must be repaid periodically.
Last but not least, we are rolling out our 1-Tap Encryption feature on day 1, enabling asymmetrical encryption using the public encryption key derived from the user’s private key*. This is a huge step towards usability and security, as documents are now locked to the recipient’s wallet instead of anyone who holds the AES key, which also naturally eliminates the need to memorize and communicate passwords.
*1-Tap Encryption is available for supported wallets only. Currently, only MetaMask supports in-wallet encryption & decryption.
A Streamlined Experience
After launching the previous version of EthSign Signatures in June 2021, we continuously solicited user feedback and conducted extensive market, competitor, and user research. With a greater understanding of the pain points and true needs of our users, we have been able to trim away inefficient and irrelevant features to provide the most lightweight and streamlined signing experience on the market.
To do so, we decided to completely rebuild the product to be easily maintainable and upgradeable. The smart contract has also been rewritten from scratch and gone through various audits. You can find the audit reports here.
The Future is Now in Beta, Thanks to You
It is not an exaggeration to say that none of this could have been done without the support of our users and the EthSign community around the world. As we continue to build a more decentralized and secure world, end user DApps that bestow true ownership upon their users are becoming increasingly important. Like EthSign, these DApps don’t function without the engagement, feedback, and dedication of users. That being said, we thank you for playing an integral role in developing the future of EthSign and the greater ecosystem. As this is a beta release, certain features are still pending completion and updates are pushed daily. We hope you enjoy trying out the beta version of Signatures at ethsign.xyz!
