Kitefin Capital invests in early stage start-up INTU
Kitefin Capital is excited to share the philosophy behind our recent investment into the early stage investment start-up INTU (intu.xyz) $2M (US) pre-seed round.
This investment arose directly out of a personal need for the solution. At Kitefin we set out to find a digital assets management approach that met our institutional-grade design criteria relating to security, joint custody according to organisational roles, inexpensive real time access and the ability to automate various elements of account management such as recovery and rotation. Moreover, we require the ability to encode and exert fine-grained, responsive custody controls that align with our business risk policies. All while retaining full custodial control.
Industry solutions that did not fit the bill included;
- Centralised custodians (Drawbacks: non-custodial or at best shared custody, centralised, expensive)
- Smart contract wallets/vaults (Drawbacks: smart contract risk, no insurance, basic risk management layer)
- Decentralised custodians (Drawbacks: custody on bespoke L2 chains, shared custody, very basic risk management layer)
After extensive surveying of the industry’s solutions, we concluded that our only option was an expensive internal project that would yield a compromise at best. Until we happened across INTU.
INTU is a vital ingredient to solving one of the most intractable barriers to crypto-asset adoption; human-friendly but institutional-grade true self-custody. The project is game-changing in nature. With INTU we think not only liquid trading desks, funds, DAO’s and validators will benefit. But in fact, over time, it will offer a secure, human friendly alternative to all entities participating in digitally native economies.
Hot wallets have the benefit of being compatible for use in automated payment and trading tools. Unfortunately they come with significant risk of private key compromise. The private key is with just one party usually with a constant connection to the internet (singular and always accessible target) . Cold wallets greatly reduce this risk but are best suited when infrequent wallet access is required and do not support automation. INTU will help narrow this gap using distributed key generation (DKG) allowing multiple parties to contribute to the calculation of a shared public and private key set. The distributed key is spread across multiple parties meaning the compromise of one party does not put the private key at risk. Such parties can be nodes (servers) running autonomously. Whilst they are most likely always connected to the internet we have now increased the attack vector to obtain the full private key.
The custody dilemma
The perfect custody solution would offer full self custody. This allows for zero trust (in other words no trust) between the digital asset owner and the web3 platform looking to provide services to the asset owner via their digital wallet. The problem faced is how to make full self custody palatable for human consumption. The perfect custody solution would also be easy to use with no information to keep secure and private forever such as a seed phrase (humans are not very good at doing this).
The perfect custody solution may be thought of as “trustless self custody made for humans”. Let’s split this already short phrase into even smaller pieces……..
Trustless self custody
Self custody is a fundamental tenet of bitcoin, Defi and the wider web3 ecosystem. It underpins the dispersal of power away from centralised entities such as banks and governments towards individuals, who so long as they hold the private key of a wallet, fully control who has access to their assets. In the self custody model, control of digital assets is never relinquished to a third party.
Self custody is achieved by the digital asset owner having the only copy of a wallet’s private key. Naturally this can be achieved using paper or hard wallets. But if the owner wants to actively manage their assets whether through staking, voting, investing or exchanging they are going to have to access that private key to sign transactions. Depending on how active they are this could be multiple times per day or for DeFi “high frequency” traders, per minute. And let’s not forget that validators, the first blockchain native businesses, require their key for activities such as participating in consensus rounds and validating blocks.
Many digital asset platforms today do not offer true self custody.
Many platforms today either fully custody funds (digital asset owner has no copy of private key) or partially custody funds (digital asset owner has partial but not full control of the private key). Full custody is a failed model requiring complete trust in the people running the web3 platform but is still common (FTX and Celsius collapses are prime examples). Partial custody is commonly used especially by MPC and digital asset custodian providers and has many variants. However all require some form of consent by the said provider for assets to trade in the offered wallet.
Partial custody is often sold as self custody — where in fact the solution involves some form of trust in the provider.
When, inevitably, providers fail whether due to mismanagement, fraud, censorship or theft — trust in the overall digital assets ecosystem is eroded and slows adoption, particularly amongst high-net-worth individuals and large corporations.
We acknowledge some web3 platforms (CEX, Custodians etc) that offer partial self custody solutions do allow digital asset owners to migrate their assets away from them without their consent (force migration). This provides some comfort to the digital asset owner however it also defeats the purpose of using the web3 provider and all their features in the first place. Today a due diligence consideration before using a web3 platform is whether the said provider relationship can be terminated without consent as most providers require partial or full custody in order to offer their services. An ecosystem whereby web3 providers could offer their services freely without having to take partial or full key custody would be a vast improvement. True self custody is very important and improving access to self custody solutions is critical for mass web3 adoption.
Let’s now look at the second half of the sentence.
Made for Humans
Self custody is very simple to achieve from a technical standpoint. Wallet software today can be used by the digital asset owner to generate EOA (Externally Owned Account) wallets with private keys for exclusive use by them. A seed phrase is used to provide the entropy required for this process and shared with the asset owner only. Knowing the seed phrase (12+ words) and derivation path gives access to funds. To be useful this private key needs to be secure but accessible which is challenging to achieve in practice.
It should be noted that smart contract accounts (which can custody funds and have no seed phrase) are executed by a transaction that must be initiated from an EOA. So smart contracts do not change the end requirement for a seed phrase.
Solutions to keep the seed phrase and its resultant private key(s) both secure yet also allow the wallet to be accessible for transactions make trade-offs between these two competing priorities. In other words they prioritise one above the other. See here for a deeper dive explaining the different wallet types. Solutions fall into several categories (smart contract wallets, hot wallets, cold wallets, centralised MPC wallets) with no wallet solution having the perfect solution. All trade off security for accessibility to some extent. Those that offer higher levels of accessibility are less secure. So humans getting involved in self custody has resulted in four categories of wallet types of which zero have the perfect solution! A real problem for web3!
The solution — Lets back in a new variant of MPC
Of all the wallet types, centralised MPC seems to show the most promise in one day being able to provide accessibility without trading away much if any security. It seems likely to become the wallet that will offer up a self custody solution that humans can use and understand. Today it allows for high levels of key security, partial self-custody, sophisticated transaction control and mitigates the need for secure seed phrase storage.
However barriers to its adoption include:
- Centralised solution. Key shards are stored on a relatively small number of servers (often 3 can be more, however higher server numbers increase server environment complexity and signing latency). Requires trust in the MPC provider to continue providing a high-quality always on solution. This is true even if the digital asset owner has partial self-custody (by running their own node) as to complete a transaction it also relies on the provider supplied nodes. It also does not mitigate the risks of server centralisation itself (hacking, downtime via technical faults or DDOS, government control).
- Technically complex. Digital asset participants who want partial self-custody need to run and maintain a node server. For those participants who want true self-custody all nodes must be under their control. This requires licensing of MPC solution software and involves a lengthy vetting process by software supplier. It also setup and maintenance of a server environment running multiple nodes. Even these lengths do not solve the problems of centralisation (hacking, downtime via technical faults or DDOS, government control).
- Expensive. Solutions charge minimum usage fees often beyond reach of the individual and in some cases also small business. MPC solutions today are targeted at enterprise clients who along with a minimum spend must also agree to commit to the solution for a specific time often 12m+
- Red Tape. Cumbersome on-boarding process to gain access to an MPC wallet environment is common, involving the use of legal contracts (NDA’s) and KYC requirements in most cases (this is now changing amongst some of the newest market entrants).
MPC wallet solutions that look to solve these barriers to adoption are likely to be successful. To do so will involve innovation and development of new technology intellectual property. INTU falls into this category.
Now we have painted a picture of current wallet technology and more deeply MPC wallet technology lets delve into why Kitefin partnered with INTU. In one sentence this project is aiming to create an open decentralised MPC protocol “made for humans” that anyone can use. The protocol offers MPC wallets whereby users will truly own and control their own assets via full self-custody of assets in their wallets. No shared custody. Self-custody with complete control on who manages the key shards on wallet creation. Better still down the track who manages those key shards can be changed (the protocol has tools to intelligently manage key rotation). Web3 providers can integrate INTU wallets into their solutions and provide services to users that leverage the automation benefits of MPC. Services such as position liquidations, transaction execution etc without the need for those users to sacrifice self custody or alternately take on smart contract risk. All without entering into a shared or full custody arrangement with the provider. Finally (to clear up any confusion) INTU as an organisation are the protocol developers key custody sits solely with the wallet owner.
What is described above is truly revolutionary! Now people can make their own risk management decisions and not be tied to the decisions of a wallet provider, node operator, web3 platform (including but not limited to trading platforms, dApps etc) or custodian. This is a bold ambition and an exciting undertaking! The protocol will allow the benefits of MPC whilst breaking down its barriers to adoption. The same wallet (containing a user’s digital assets) can now be integrated with multiple web3 platforms and each platform’s access controlled by the wallet owner at all times. Goodbye many different wallets just to use many different platforms.
Better yet the wallet itself can now have independent risk controls placed on it unrelated to each platform’s offered risk controls. This is a huge leap from where we are today! It will allow wallet owners to control how the assets in their wallets are managed and traded at a wallet level. Risk controls can be thought of as policies such as whitelists, transaction limits or approved asset types. Policies can be applied to wallets. Doing risk control at a wallet level has major advantages:
- Risk control is all managed all in one place. For example one whitelist policy applies across all platforms the wallet is connected to.
- Risk controls are not at the behest of each platform. Risk controls now sit at wallet level.
- Service provider risk can easily be split. For example its now easy to utilise multiple custodians as they all access the same wallet protected by wallet level risk controls.
Kitefin Labs is seizing on this opportunity with development of Kagami, a digital asset control platform. It will offer a suite of risk control policies that can be integrated automatically across multiple wallets. Kagami will support INTU wallets of course! Whilst Kagami can offer some basic risk control features to any wallet address its offering is most compelling with tight wallet integration because advanced transaction control can then be offered (transaction holds, automated key rotation etc). Learn more at www.kagami.pro
Kitefin Labs is excited to have the opportunity to work closely with the INTU team as it builds out the Kagami platform. The feeling is mutual on both sides.
“It’s been incredible to partner with Kitefin for INTU, to have an investor and stakeholder whom also is a user is optimal for any founder and has been amazingly valuable during our development process”
— Max Radelius INTU
We are sure many developers will be excited to integrate INTU wallets not just Kitefin Labs. INTU is an EVM compatible decentralised protocol. Wallet creation, key rotation, transaction signing and other features (some listed below) are handled by Ethereum smart contracts. This is exciting as it removes the centralisation risks evident in MPC solutions today.
More specific INTU goals include:
- Seamless onboarding to protocol. Turnkey solution suited to dApp integration.
- Decentralised key generation (DKG) using EVM compatible smart contracts.
- Decentralised transaction signing option using EVM compatible smart contracts.
- Centralised transaction signing option (suits certain use cases) via lightweight nodes that comfortably run on a simple laptop. INTU does not host any nodes or perform shared custody. It’s a full self-custody protocol.
- Decentralised social recovery options.
- Ensure low counterparty risk. Protocol itself deployed to the blockchain and built to be future proofed. The existence of the protocol is independent of the existence of INTU.
You can read more about INTU at https://intu.xyz/
Kitefin can be reached at https://www.kitefin.xyz/ and we are on Twitter and Github
Authored by Jason Rudolph. Edited by Tamlyn Rudolph. Feb 2023.