Wallet 2.0 era: MPC wallet vs. Smart Contract wallet
Author: Chloe , IOSG Ventures
In the Devcon 6 conference held in Bogota, Tomasz Tunguz mentioned some statistics about Web3.0: the accumulated DAU of each mainstream public chain is about 2.5 million, while the DAU of traditional Internet is 5 billion, the former is barely enough for 0.05% of the latter. From the supply side, there are about 16,000 developers developing on Web3.0, while the total number of developers in the world reaches 27 million. The data show that Web3 developers account for less than 0.06% of them visible, thus, Web3.0 is still a long way from mass adoption.
Wallets, which serve as the start of Web 3.0, directly affect when the cryptocurrency market will achieve widespread acceptance. Despite the efforts of big wallets in this area, most users still do not find using wallets to be a pleasing experience. Custodian wallets are easy to use, but there have been numerous incidents of wallet theft. Self-hosted wallets are relatively secure, but keeping long seed phases and private keys is much more complicated than the traditional Internet username and password system. According to a study by Chainalysis, about 20% of all bitcoins in circulation as of 2021 are lost because the owner does not remember the private key. Many people may wonder why we can’t apply traditional authentication methods to Web 3.0.
Why it is called “external” because this account has no code and is independent of the Ether virtual machine and is controlled by the user through the private key.
Although a contract account has custom logic, it is not able to initiate transactions actively. So any change in contract state relies on an external account to initiate and pay Ether from the external account. How do we verify the legitimacy of a transaction? The way to verify on Ether is to check that the initiator of the transaction and the owner of the asset (Ether), i.e. the owner of this external account, are the same. So the user needs to sign the transaction through the wallet. And the default verification logic of Ether is secp256k1 designed by Satoshi Nakamoto, which also generates the key pair by this algorithm. The correctness of the signature can be checked by verifying that the signature comes from a private key corresponding to a certain co-key, so the user must have this private key. This is why the user experience cannot bypass the private key regardless of how the wallet is optimized.
As mentioned before, external accounts do not have code logic. If you want to implement other features by introducing more complex logic, such as multiple signatures, etc., you can’t do it directly on the external account. What are the current ways to solve this problem? I will introduce the two solutions that are considered the most feasible and effective: MPC Wallet and Smart Contract Wallet.
MPC Wallet
MPC, called Multi-Party Computation, is an essential cryptographic security measure. It contains many kinds of technical solutions, in this paper, we mainly refer to MPC-TSS, while MPC wallet is a more complex authentication method to achieve “multi-signature” and “cross-chain” under the chain by multiparty computation of private keys. Simply put, a private key is broken into multiple pieces, and the pieces are handed over to a decentralized network for computation and encryption. The core idea of MPC is to achieve the purpose of risk diversification or disaster preparedness by decentralizing control, effectively avoiding security problems such as single points of failure.
MPC Wallet’s “Multi-Party Participation” concept is similar to “Multi-Signature Wallet”. But in fact, although they both implement the “multi-signature” feature, they do so in different ways. Previously known multi-signature wallets, such as Gnosis Safe, are wallets built on smart contracts, which define the verification logic. For example, if you want to verify a transaction, you need more than one private key or at least three out of five private keys for verification. This type of wallet is one of the smart wallets that will be mentioned later. MPC wallets, on the other hand, are made by breaking a private key into multiple pieces, with the verification process involving only one private key. And the computational network is off-chain and not linked to the smart contract.
Smart Wallet
Smart contract wallets, as the name implies, are wallets based on smart contracts rather than external accounts. There are already a number of smart contract wallets on the market, but because these smart contracts are customizable, there is a lack of a unified industry standard. There are also contract vulnerabilities and compatibility issues with other contracts that are not widely used. Recently, smart contract wallets have become a hot topic again due to the significant progress of the “account abstraction” proposal EIP-4337. What exactly does account abstraction mean? What kind of new experience can be brought to users after the implementation of account abstraction? Before introducing account abstraction on Ether, we need to understand the concept of abstraction in CS.
“Abstraction” is one of the most important concepts in computer science and refers to hiding the back-end implementation details while providing the necessary key information to the outside world. It allows developers to focus on only one abstraction layer when working on a task at that layer. As a close example: when we as viewers want to use the TV, we only need to be familiar with the operations we need to know as TV viewers, such as how to turn the power on and off, adjust the volume, switch channels, connect other devices such as game consoles, DVDs, and so on. Viewers do not need to understand the internal implementation details of the TV, such as how the TV is receiving signals through the cable, how to convert the signal, how to present these signals on the TV screen, etc. These implementation details are understood by the people who create the TV. As viewers, we only need to control the TV through external interfaces, such as power buttons, remote controls, DVDs, etc.
Similarly to account abstraction, as a wallet user, you still need to consider multiple factors, such as gas price, gas limit, transaction blocking and other complex cost logic. This is because wallets based on external accounts are not well “abstracted”, which directly leads to the user having to deal with many issues that the user should not handle. So how do we solve it? The logic is simple: we can abstract the external account from the contract account, making the external account more similar to the contract account. This will give the wallet more complex logic through smart contracts. Smart contract wallets can achieve more than just “multi-signature” scenarios.
If EIP-4337 enables a systematic upgrade of Ether accounts, what new experiences can we as users gain? Theoretically, any feature that can be defined by smart contract code can be implemented. First of all, smart contract wallets can be verified by a non-secp256k1 verification algorithm, and users do not need to deal with long key pairs and helper words. Also, smart contracts can give more logic to the keys. For example, in a multi-signature scenario, different permissions are defined for each private key: transactions below 50 USDC require private key A signature, transactions above 50 USDC require private key B signature, transactions over 2000 USDC require private key ABC co-signature, etc. In addition, it will become easier to interact with the blockchain via mobile, we can authorize a key that belongs exclusively to the phone and can define this key with restrictions, such as only interacting with a fixed number of smart contracts, or intelligently verifying transactions of smaller amounts, etc. Other features that can be implemented include one-click authorization for bulk transactions, transaction blacklists, and more. In short, the application space for smart contract wallets is unimaginable.
Summary
After introducing the two types of wallets you may wonder, which of these two solutions is better? I think it is difficult to compare because MPC wallets and smart contract wallets are not essentially solving problems at the same level. MPC wallets are off-chain solutions that can control both ordinary wallets based on external accounts and smart wallets. Both have useful examples and do not conflict with each other. Therefore, I will list the opportunities and challenges of the two solutions separately for you.
MPC wallet as an off-chain solution does not involve changes to the Ether consensus layer or contract layer, which is cheaper for users and more feasible in the short term. In addition, it will be more advantageous in some special usage scenarios such as cross-chain keys. Smart contract wallet is a systemic upgrade of Ether, which can bring more new experiences to users. However, account abstraction is a big project that requires a lot of work, requiring other smart contracts, developers, and the Ethernet architecture to cooperate with the upgrade. The difficulty of implementation makes this vision, which was proposed in 2015, has not been fully implemented even today. The most immediate problem for users of smart contract wallets is that the cost of using the wallets will increase, and they will have to pay fees from the moment they create them.
I believe that smart contract wallet is our ultimate vision, MPC is a more feasible solution in the short term and more advantageous in some special scenarios. In the future, the feasibility and possibility of implementing smart wallets in the Ethernet mainnet are low due to cost considerations. Readers can pay more attention to the account abstraction and smart wallet progress on Layer2. At present, EIP-4337 is the most feasible account abstraction scheme, and there are already many smart contract wallet projects exploring this path. I believe the full implementation of smart wallets may come sooner than we expect.
😊 About Us
IOSG ventures started investing in crypto in 2017 and has been an early investor in each major vertical of Web 3.0, making early bets on L1s such as NEAR and Polkadot, and spending most of the resources in the recent years in the broader Ethereum ecosystem, from DeFi (0x, 1inch, Synthetix, MakerDAO, Liquity), over gaming (Illuvium, Big Time) and social (Galxe, Roll, CyberConnect) to Ethereum scaling (Arbitrum, StarkWare) and privacy solutions (Aztec, Sismo).
