The New Wallet Frontier
Lets dive into smart contract wallets, MPC and what it means for Wallets
Usability has always been at the heart of the Web3 adoption discussion. It is essential if we are to cross the infamous chasm from early adopters to the early majority. And for many, the first touchpoint in the world of Web3 is the wallet.
The first touchpoint for anyone's application, let alone the first interaction with a new technology, should blow the user out of the water. They should be engaged, curious and eager to continue discovering. Yet, wallets cannot currently do this.
Today wallets succumb to a lot of flaws. Many, if not all, have a poor and unfamiliar UX, which is driven by infra limitations further down the stack. Wallets offer a limited number of integrations and functions. And to top it off, there are security vulnerabilities.
However, given smart contract wallets and other developments, improved wallet usability is coming.
Let's get into traditional wallets. From there, we’ll examine the new developments in the wallet space and see just how much of a difference they will make to the wallets we all know and love (🥲).
Traditional Wallets
How individuals manage their digital assets today is more or less binary. Some prefer to give up custody to a central exchange which is more convenient, while others desire full control at the cost of full responsibility. For the latter, the choice is the traditional wallet we have all become accustomed to.
Looking from the outside in, wallets are simply a means to store value for someone who desires full custody. But this is not entirely true.
How an individual can interact with Ethereum is through externally owned accounts (EOA) - accounts with no code associated with them but can hold and transfer value as well as interact with smart contracts so long as the function being called is signed by the associated private key. This private key allows users to prove ownership over their EOA and is created using a seed phrase.
Wallets serve as a gateway to these EOA. They allow users to generate private keys used to sign transactions and recover all keys using the seed phrase. Keys do not have to be stored in the wallet (hardware wallets), and the seed phrase can be stored offline. Furthermore, multi-signature EOAs exist that require a set threshold of signatures before a transaction can be signed.
While many take these measures to improve security, it is this single point of failure that many, unfortunately, succumb to. Even those that use hardware wallets. If someone gains access to your seed phrase, your wallet is compromised, along with the funds associated with it. And if you lose your seed phrase and private key, they can never be recovered.
Education regarding wallet and key security is critical in mitigating this risk. But this only goes so far.
Try telling this to someone coming into Web3 or, better yet, someone who needs convincing. The whole argument of having full custody and ownership is quickly dismissed. And this is just one of the flaws with today’s wallets. There is the management of multiple public addresses, the numerous prompts to sign and approve transactions as well as switching networks. We cannot expect the masses to adopt the technology.
The New Schools of Thought
As we navigate toward improving wallets, there are currently two schools of thought; smart contract wallets and multi-party computation (MPC).
Smart Contract Wallets
While transactions still originate from EOAs, smart contract wallets are programmable, taking the logic associated with account management and embedding it into a smart contract. They behave just like a wallet, but if a user wishes to embed any other logic into the smart contract, they can.
What smart contract wallets introduce more than anything is flexibility, especially when it comes to security. Anyone can implement their own access control, which, for example, could involve sharing security across trusted devices. One can also program multi-sig authorization. And while multi-sig is not new, one can program the contract so that they are capable of recovering the account if one loses their keys.
More examples of programmable security logic can be found here.
Smart contract wallets also unlock innovation regarding user experience, notably in the domains of onboarding and engagement with DApps. With onboarding, we see projects like Transak and Safe{Core} focusing on on-ramps and completely removing the complexity of moving from fiat to crypto.
And when it comes to engagement and specifically transactions, these can be bundled and even sponsored by other accounts. Transactions could be signed via email or SSO. The numerous prompts and individual transactions would be gone. Interactions with DApps would immediately become more familiar. As put in the Ethereum docs:
“The experience could be more like familiar online shopping where a user could fill a "basket" with items and click once to purchase all at once, with all the logic required handled by the contract, not the user.”
Multi-Party Computation (MPC)
While smart contracts shine when it comes to programmability, MPC focuses on enhancing key management.
Utilizing distributed key generation, MPC split the private key that would manage an account into shards. Multiple parties can then manage these shards, which can be refreshed, removed and added to all without additional costs. When combined, these shards form the private key and can unlock and manage the account. MPC multi-sigs also remove the single point of failure, as no one individual manages the private key or keys associated with an account.
Current Multi-sigs look completely inefficient when compared to those that leverage MPC.
And for users/institutions that value privacy, MPC wallets can provide such. This is due to the nature in which an MPC wallet signs a transaction.
When the shards are combined, along with the message or transaction that needs to be signed, a signature is generated off-chain, improving efficiency and costs. This signature is indistinguishable from that of an EOA private key today. This means that to an outside observer, there's no way to tell if a transaction was created using an MPC wallet or a traditional private key. This helps preserve the privacy of the user, as their activities are not easily distinguishable from the broader network.
Implementing Standards
Smart Contract Wallets
Smart contracts do exist today but to a limited degree. EIP-4337 introduces account abstraction, where the execution process of smart contracts is abstracted away from the core protocol, enabling more advanced use cases and optimizations. Without getting into the specifics, a transaction (still signed by an EOA) is relayed to an “entrypoint
” smart contract that bundles transactions, similar to a mempool. This is all done on a higher level than the consensus layer. Once bundled, the transactions can be added to Ethereum, the same as any other transaction.
One wallet that is currently offering this utility is Avocado, along with network abstraction.
If we are to completely move away from EOAs, further progress in smart contract wallets involves core protocol changes and, as a result, will need significant time to implement. These improvement proposals include:
EIP-2771 introduces gasless and sponsored transactions.
EIP-3074 aims to update Ethereum's EOAs by allowing them to delegate control to a smart contract.
EIP-5003 aims to facilitate the change of a private key of one’s EOA. This is particularly important as currently if your private key is stolen or lost, it cannot be revoked.
MPCs
MPCs are chain agnostic and require little to no on-chain change. As a result, a lot more progress has been made in implementing MPCs. Zengo offers a more consumer-friendly MPC wallet, while the likes of Fireblocks, who target institutions, are utilizing MPC so that clients can define their own security workflows. And on the SDK side, Web3Auth released an MPC SDK that facilitates key generation customization for application developers.
Smart vs Secure
While both aim to improve the current wallet infra, there is competition emerging between the two regarding where the focus should be.
Smart contract wallets certainly hold the upper hand when it comes to programmability and implementing novel features such as transaction batching. However, this comes with increased security vulnerabilities and potentially higher gas fees depending on how complex the contract is.
Meanwhile, MPC offers stronger privacy and security guarantees by allowing multiple parties to collaborate on computations without revealing their individual inputs. However, signing authorization policies and approval quorums are managed off-chain, so these custom rules are still subject to centralized failures.
These are points that get thrown around in these arguments. But the primary starter to this argument is in regard to the compatibility of the two. While both technologies can offer significant benefits individually, their integration can be challenging due to fundamental differences in their design principles and objectives.
Smart contract wallets are built within the context of blockchain platforms, leveraging the transparency, immutability, and decentralized nature of blockchains to execute programmable logic. In contrast, MPC primarily operates in off-chain settings and focuses on secure, privacy-preserving computations among multiple parties.
As far as I see it, both solutions serve two different purposes. Theoretically, there should be no reason why we can’t see both co-exist in one system, with MPCs focusing on key generation and smart contract wallets focusing on programmability.
I do think MPCs will see more adoption in the short term, however, given the implementation time of smart contract wallets.
Closing Thoughts
In the rapidly evolving landscape of Web3 wallets, the central theme of usability has remained paramount. It's evident that the solutions above hold immense promise for transforming the user experience for wallets and the security landscape of digital asset management in general.
The ongoing debate between these two approaches need not lead to conflict, but rather, they should be seen as complementary solutions that can coexist and address different aspects of the usability puzzle. While smart contract wallets introduce programmability and novel features, MPC strengthens security and privacy guarantees. In this dichotomy, there's an opportunity for balance and collaboration.
Furthermore, as developers embrace these solutions, it's imperative to recognize the importance of familiarity. Despite the allure of innovation at the foundational layers, the end-users seek convenience and a sense of continuity from their prior experiences. The value proposition of custody and ownership alone does not resonate sufficiently. In this light, prioritizing usability becomes pivotal.
The key to bridging the gap between the complex world of blockchain and mass adoption lies in replicating a familiar Web2 experience. We must strive to create wallets that not only empower users with control and security but also make interactions intuitive and engaging. The industry's focus should be on crafting an onboarding process that resonates with newcomers and provides an interface that simplifies complex processes.
In conclusion, as we navigate the intricate path of Web3 wallet development, the crux of the matter is to recognize that both innovation and familiarity have their place. The realm of blockchain technology undoubtedly thrives on innovation at its core, but it's the consumer-facing side that thrives on convenience and familiarity. The promise of enhanced usability is on the horizon, and as wallet developers, security experts, and innovators, we have the responsibility to ensure that the transition to Web3 is not only seamless but also delightful. The lessons learned from the challenges of traditional wallets are the stepping stones toward a more user-friendly and inclusive Web3 future.