Next-gen crypto UX: How we made “DeFi for the World”

Carter Appleton
goldfinch_fi
Published in
5 min readAug 8, 2023

At Warbler Labs, we want DeFi to be for everyone. Historically, crypto has required deep knowledge of multiple novel, complex areas- wallets, seed phrases, networks, signatures- which has made it inaccessible to people without the time or means. To truly enable DeFi for the whole world, we had to reimagine the core experience: no hardware wallets, usernames and passwords, seed phrases, mnemonics, browser extensions, etc.

Just you.

We couldn’t wait for this future, so we put together a demo. If you’d like to experience it, go to https://defifortheworld.com/. But if you want to know how we made the demo work, read on!

Challenge 1: Authentication

If our constraint is no username and password and no hardware wallets, while still maintaining self custody, then we didn’t have a lot of options for authenticating users, until about one year ago when both Apple and Google brought Passkeys to their platforms.

Passkeys are a new way of securing your account without the need for a password. Usually guarded with biometrics, Passkeys require the user to verify who they are before signing a message. For example, a user might use FaceId on their iPhone to log into a website.

Using an on-device secure enclave (similar to a hardware wallet), Passkeys use private/public key attestation to take actions. These key-pairs are website-associated which significantly reduces phishing; they’ll only apply to the domain they’re registered on, so it’s impossible for a similar-looking domain to activate them. Also, the Passkey never leaves the device! Only messages signed with the Passkey are sent publicly. So everyone is able to verify where the message came from, but not able to forge on themselves.

Passkeys solve our first challenge: We now have a way to easily and securely allow users to sign messages.

Passkey signing a transaction

💡 Passkeys aren’t just for Apple and Google platforms! Generation 5 YubiKeys can store Passkeys, acting exactly like a physical key you can carry around and plug into any device.

Challenge 2: Signature Transmutation

Passkeys solve a huge hurdle on the user experience. The only problem is they can’t actually sign Ethereum transactions! The two systems speak completely different languages: Passkeys use the secp256r1 elliptical curve, but Ethereum currently expects all signers to use the secp256k1 curve. So our next challenge is to transmute a Passkey signature into an Ethereum one. A key constraint here: we have to do this in a non-custodial way. So however we end up signing the Ethereum transaction, only the Passkey should be able to initiate the experience.

This gives us a few options:

  1. MPC
    Multi-party computation is a protocol allowing multiple parties to compute a function together, without revealing their inputs. One of the parties could be a Passkey controlled by the user.
  2. Cloud-based Trusted Execution Environments
    Special built cloud-based compute that offers cryptographic attestation to guarantee only authorized code is running and accepting specific operations. A passkey can be an exclusive signer for a secure enclave that contains an Ethereum private key and the ability to sign transactions sent from the Passkey.
  3. On Chain
    Adding the signature verification in natively to the chain. It’s possible to implement this already in the EVM, but gas is prohibitively expensive to support in practice. However, there is a proposed EIP to include this as a precompile and significantly reduce gas in the future!

After investigating many different options for MPC and Cloud-based Secure Enclaves, we partnered with Turnkey and their cloud-base secure enclave approach. While both options are viable, we found the flexibility and performance of the secure enclave approach to the best fit for creating a truly seamless, Goldfinch-branded experience. At this point we’ve solved our second challenge: We now have a signed Ethereum transaction!

User signing a transaction with a Passkey and sending it to Turnkey to be transformed into an Ethereum transaction.

Challenge 3: Sending the Transaction

We might have a signed transaction, but we also have no gas or any way to actually submit it on chain. There are two critical developments in the past year that help solve this: Account Abstraction and Layer 2 networks.

Account Abstraction (EIP-4337)
Also called Smart Wallets, this allows users to sign transactions with different mechanisms, have their gas sponsored by other parties, and allow other addresses to aid in account recovery- it’s a programmable wallet, anything is possible!

AA is brand new- the ERC was just standardized earlier this year. We’re partnering with ZeroDev for their implementation.

Layer 2 Networks (L2s)
These networks build upon the security of the Ethereum Mainnet to offer faster and cheaper transactions. Two popular types of L2s are Optimistic Rollups and Zero Knowledge Rollups. Both types can achieve 20x (or more) cost savings by cleverly rolling up transactions together when submitting to Mainnet, while recording the transaction almost instantly.

L2s are quickly evolving and about to become even cheaper this year with an EIP introducing a new transaction format. For the demo, we’re excited to partner with Base, maintained by Coinbase, who has been a leader in bringing crypto to the masses for a decade.

Combining Account Abstraction and an L2 network, we solve our third challenge: We can sponsor user’s transactions at reasonable cost and almost instantly have them included in the network!

The Complete System

We’ve solved all three challenges to simplify crypto UX. No username, password, mnemonic, or private key. With only things they already have, users can easily and securely interact with the blockchain. Woo!

Goldfinch will be integrating all of these technologies into their new user experience, which will be launching this year. To get a taste of that future, please check out our demo at https://defifortheworld.com/.

--

--