Wallet 2.0 Era: MPC Wallet vs. Smart Contract Wallet

*Author: Chloe, *IOSG Ventures

At the Devcon 6 conference held in Bogotá, Tomasz Tunguz mentioned some statistics about Web 3.0: the cumulative DAU of major public chains is about 2.5 million, while the DAU of traditional internet is 5 billion, with the former barely reaching 0.05% of the latter. From the supply side, there are about 16,000 developers working on Web 3.0, while the total number of developers in the world has reached 27 million, meaning Web 3.0 developers account for less than 0.06%. Therefore, Web 3.0 is still far from mass adoption.

Wallets, as the entry point to Web 3.0, have a user experience that directly affects when the crypto industry can achieve large-scale adoption. Although major wallets are making efforts in this regard, the user experience of wallets is still unsatisfactory in the eyes of ordinary users. Custodial wallets are easy to use, but security is a significant concern, with theft incidents occurring frequently. Self-custodial wallets, while relatively secure, have a much more complex method of managing long mnemonic phrases and private keys compared to the traditional internet's username-password system. According to a research report by Chainalysis, as of 2021, about 20% of circulating Bitcoin was lost because the owners forgot their private keys. Many may wonder why we cannot apply traditional verification methods to Web 3.0.

Why can we only verify through private keys? To answer this question, we need some background knowledge and concepts. First, there are two types of accounts on Ethereum: external accounts and contract accounts. Contract accounts are smart contracts, and their code is executed by the Ethereum Virtual Machine. External accounts are the wallet accounts we usually use to initiate transactions; they are called "external" because these accounts do not have code themselves and are therefore independent of the Ethereum Virtual Machine, controlled by users through private keys.

Although contract accounts have custom logic, they cannot initiate transactions on their own. Therefore, any change in contract state relies on external accounts to initiate and pay for Ether. So how is the legality of transactions verified? The verification method on Ethereum checks that the initiator of the transaction and the owner of the asset (Ether) are consistent, meaning that the owner of this external account must be the same. Therefore, users need to sign transactions through their wallets. The default verification logic on Ethereum is the secp256k1 designed by Satoshi Nakamoto, which generates key pairs through this algorithm. The correctness of the signature can be verified by checking whether the signature comes from the private key corresponding to a public key, so users must possess this private key. This is why no matter how much we optimize the user experience of wallets, we cannot bypass the issue of private keys.

As mentioned earlier, external accounts do not have code logic. If we want to introduce more complex logic to achieve other functions, such as multi-signature, it cannot be done directly on external accounts. So, what methods are currently available to solve this problem? The author will introduce two solutions that are considered the most feasible and effective: MPC wallets and smart contract wallets.

MPC Wallets

MPC, which stands for Multi-Party Computation, is an important cryptographic security measure. It includes many technical solutions, and in the context of this article, it mainly refers to MPC-TSS. An MPC wallet is a wallet that achieves "multi-signature", "cross-chain", and other more complex verification methods through multi-party computation of private keys off-chain. In simple terms, it breaks a private key into multiple pieces and distributes these pieces to a decentralized network for computation and encryption. When a private key signature is needed, the pieces are reassembled to form a complete private key. The core idea of MPC is to decentralize control to mitigate risks or enhance disaster recovery, effectively avoiding security issues such as single points of failure.

The concept of "multi-party participation" in MPC wallets is somewhat similar to "multi-signature wallets," but in reality, although both can achieve "multi-signature" functionality, their implementation methods are different. The multi-signature wallets we are familiar with, such as Gnosis Safe, are wallets built on smart contracts, where the verification logic is defined in the contract. For example, to verify a transaction, more than one private key is needed, or at least three out of five private keys must be used for verification. These wallets belong to the category of smart wallets that will be mentioned later. In contrast, MPC wallets break a private key into multiple fragments, and the verification process only involves one private key. Additionally, the computation network is off-chain and has no connection to smart contracts.

Smart Contract Wallets

As the name suggests, smart contract wallets are wallets based on smart contracts rather than external accounts. There are already many smart contract wallets on the market, but because these smart contracts are custom and lack a unified industry standard, they have not gained widespread adoption due to issues such as contract vulnerabilities and compatibility with other contracts. Recently, smart contract wallets have become a hot topic again due to significant progress in the "account abstraction" proposal EIP-4337. So what does account abstraction mean? What new experiences can it bring to users after account abstraction is achieved? Before understanding account abstraction on Ethereum, we first need to understand the concept of abstraction in computer science.

"Abstraction" is one of the most important concepts in computer science, referring to the process of providing necessary key information to the outside world while hiding the implementation details behind it, allowing developers to focus solely on the task at that abstract layer. To give a relatable example: when we, as viewers, want to use a television, we only need to be familiar with the operations that a television viewer needs to know, such as how to turn the power on and off, adjust the volume, switch channels, and connect other devices like game consoles or DVDs.

Viewers do not need to understand the internal implementation details of the television, such as how it receives signals through cables, how it converts signals, or how these signals are displayed on the television screen. These implementation details are what the manufacturers of the television need to understand. As viewers, we only need to control the television through external interfaces, such as the power button, remote control, or DVD.

Similarly, in account abstraction, as wallet users, we still need to consider many factors, such as gas price, gas limit, transaction blocking, and other complex fee logic. The fundamental reason is that wallets based on external accounts cannot be well "abstracted," directly leading to users having to deal with many issues that should not be the user's responsibility. So how can we solve this? The logic is simple: we can abstract external accounts and contract accounts, making external accounts closer to contract accounts, thereby allowing smart contracts to endow wallets with more complex logic. The functionalities that smart contract wallets can achieve are not limited to just "multi-signature."

If EIP-4337 can achieve a systematic upgrade of Ethereum accounts, what new experiences can we, as users, gain? Theoretically, any functionality defined by smart contract code can be realized. First, smart contract wallets can use non-secp256k1 verification algorithms, meaning users do not have to face long key pairs and mnemonic phrases. At the same time, smart contracts can also endow keys with more logic. For example, in a multi-signature scenario, different permissions can be defined for each private key: transactions below 50 USDC require signature from private key A, transactions above 50 USDC require signature from private key B, and transactions exceeding 2000 USDC require signatures from private keys A, B, and C together.

Additionally, interacting with the blockchain via mobile devices will become easier; we can authorize a key specifically for the phone and define restrictions for this key, such as only allowing interactions with a fixed number of smart contracts or enabling smart verification for smaller transactions. Other functionalities that can be realized include one-click authorization for batch transactions, transaction blacklists, and more. In summary, the potential for smart contract wallets is vast.

Conclusion

After introducing the two types of wallets, readers may wonder which of these two solutions is better. The author believes it is difficult to compare because MPC wallets and smart contract wallets essentially address problems at different levels. MPC wallets are off-chain solutions that can control both ordinary wallets based on external accounts and smart wallets. Both have their use cases and do not conflict. Therefore, the author will list the opportunities and challenges of both solutions.

As an off-chain solution, MPC wallets do not involve changes to the Ethereum consensus layer or contract layer, resulting in lower user costs and greater feasibility in the short term. Additionally, they have advantages in specific use cases, such as cross-chain keys. Smart contract wallets represent a systematic upgrade for Ethereum, potentially offering users many new experiences and use cases. However, account abstraction is a large project that requires collaboration from other smart contracts, developers, and the Ethereum architecture for an upgrade. The significant practical difficulty has prevented the vision proposed since 2015 from being fully realized today. Moreover, for users, the most immediate issue with smart contract wallets is that the cost of using the wallet will increase, requiring fees from the moment of wallet creation.

The author believes that smart contract wallets are our ultimate vision, while MPC is a more feasible solution in the short term and has advantages in specific scenarios. Due to cost issues, the feasibility and possibility of implementing smart wallets on the Ethereum mainnet in the future are relatively low. Readers can pay more attention to the progress of account abstraction and smart wallets on Layer 2. Currently, EIP-4337 is the most feasible account abstraction solution, and many smart contract wallet projects are exploring this path. The comprehensive realization of smart wallets may be closer than we think.