The Next Stop for Web3 Wallets: Why We Are Optimistic About the No-Mnemonic Wallet Track

Author: Jsquare Research

Compiled by: Planet Daily

According to data from statista.com, as of November 2022, the number of digital wallet users has reached 85 million (YOY ~ 6.3%). Digital wallets, as the entry point for Web3.0, are currently a hot topic during the bear market construction period. Their user experience and security directly affect when cryptocurrencies and their applications will be adopted on a large scale.

1. "No Private Key Equals No Token"

The premise of owning digital assets is to have complete and genuine control over one's private keys.

Self-custody digital wallets are secure, but mnemonic phrases and private keys are much more complex than the traditional Web2.0 entry point—"username-password." According to a report by Chainalysis in 2021, about 20% of Bitcoin is lost because its owners forget their private keys. Numerous hacker attacks and security incidents, such as the FTX collapse, have continuously drawn attention from the industry.

On Ethereum, there are two basic types of accounts:

• EOA Account (Externally Owned Account): Each unique private key of an EOA should be derived from 12 unique mnemonic phrases. Most mainstream dApp wallets are EOA wallets, such as Metamask, Phantom (Solana), BSC Wallet (BSC), Keplr (Cosmos), etc. These wallets are not programmable.

• Contract Account (Contract Account, smart contracts deployed on-chain via EOA accounts): A piece of programmable EVM code deployed on-chain via an EOA account that can only be called by EOA accounts.

In summary, each account is determined by a unique private key, but the mechanism has flaws, as forgetting, losing, or leaking the private key can lead to irreversible losses of digital assets.

Currently, two mainstream solutions have made significant progress, namely non-mnemonic encrypted wallets: smart contract wallets (including multi-signature wallets) and Multi-Party Computation (MPC) wallets.

2. Smart Contract Wallets and Account Abstraction

Smart contract wallets are smart contracts that manage on-chain assets using specific EOA accounts and can support further programming. For example, a multi-signature wallet is a type of smart contract wallet that requires M-of-N key signatures to approve transactions. This method can enhance the security of the wallet, as it requires multiple keys to control the assets instead of just one private key.

Recently, due to significant progress in the EIP-4337 proposal, account abstraction and smart contract wallets in Ethereum have become hot topics without requiring changes to the consensus layer protocol. Account abstraction decouples the relationship between signers and accounts, combining the programmability of CA with the ability of EOA to initiate transactions. Therefore, users can customize internal logic without needing improvements from the consensus layer or underlying layer.

In the past, many proposals regarding account abstraction were shelved due to technical limitations and the complexity of the consensus protocol layer. However, with the development of Ethereum and technological advancements, account abstraction has become possible, which will bring more development space for new wallets like smart contract wallets.

The main goal of EIP-4337 is to separate key functions such as signature verification, gas payment, and replay protection from Ethereum's core protocol and execute them in smart contracts. This way, smart contract wallets with arbitrary verification logic can act as main accounts without requiring any modifications to the consensus layer protocol. Validators, MEV searchers, or applications themselves can obtain transactions from the UserOperations pool and forward them to the blockchain for fee payment. The main advantage of this proposal is that it reduces the complexity of Ethereum's core protocol while enhancing flexibility and scalability.

EIP-4337 also has some issues regarding compatibility and the verification process, so it needs time for refinement. Additionally, introducing new contract mechanisms and functional modules may bring new contract risks and increase gas fees. Therefore, a wait-and-see phase is necessary for the application development of account abstraction wallets. However, over time and with continuous technological advancements, this form of wallet is expected to be widely adopted and promoted in the future.

3. MPC Wallets

The paper "Two-Party ECDSA from Hash Proof Systems and Efficient Instantiations" has brought the application of MPC (Multi-Party Computation) technology into public attention. Simply put, the most basic attributes that the MPC protocol aims to ensure are:

• Input Privacy: No information about the private data held by the parties can be inferred from the messages sent.

• Correctness: An appropriate subset of parties willing to share information or deviate from instructions should not be able to force honest parties to output incorrect results.

MPC wallets use threshold signature schemes (TSS) to create shares of a private key. They aim to enhance security by requiring multiple parties to jointly create key fragments and then verify transactions. Most importantly, the private key does not appear in any process during account creation, use, storage, backup, and recovery.

4. Are MPC Wallets a Better Solution?

Here, we will focus on the following attributes to evaluate WEB3.0 wallets:

Security:

Smart wallets use a single private key to control and access funds. Since smart contracts can be customized, there are risks such as contract vulnerabilities and compatibility issues. Even distributing storage across multiple devices, such as in multi-signature wallets, does not guarantee complete security. Experienced hackers can track and reconstruct keys, allowing them to move laterally across the network after compromising one server and compromising other servers or devices.

MPC wallets divide the private key into several parts and distribute them to multiple parties, making it more difficult for attackers to steal the private key. In certain specific cross-chain scenarios, if multi-chain transactions and high-frequency interactions with dApps are not required, MPC wallets are more secure. However, they cannot avoid off-chain governance, such as signing authorization policies and approving a quorum. It cannot be said that one is absolutely more secure than the other. We prefer to focus on improving user experience.

Usability:

Whether it provides a smooth and seamless experience like Web2.0 payment products.

Both wallets do not have mnemonic phrases, making them more user-friendly than traditional wallet solutions like MetaMask (browser-based).

Functionality:

Whether it meets the actual needs of Web3 users, such as daily transactions, investments, digital identity, and web3 social interactions in DeFi or NFT.

Compared to traditional EOA wallets with limited functionality, smart wallets offer advanced features such as multi-signature transactions, daily transfer limits, emergency account freezes, and more secure account recovery. Certain organizations, such as exchanges, custodians, and other large digital asset enterprises, may prefer MPC wallets because this technology can prevent trust issues with any employee holding a single asset key. Some solutions like Lit Protocol can interact with off-chain data via HTTP requests, which may make MPC useful for Web assets.

Scalability:

Whether it is easier to build new features and integrations in the ecosystem.

Smart wallets are essentially smart contracts, allowing the developer ecosystem to expand wallet functionality by default, and anyone can audit implementations and functional expansions.

MPC protocols are not standardized, and the existing ecosystem mainly consists of customized MPC wallet products.

Cost:

Due to the need to verify multiple signatures, a single operation from multi-signature smart wallets is usually more expensive than current MPC solutions, although transaction batching can help save costs in the long run.

MPC wallets may have lower transaction and recovery costs. MPC wallets are represented as a single address on the blockchain and do not incur additional gas fees, which may be important for B2C users conducting hundreds of transactions daily.

Transparency:

Smart wallets have a more transparent and auditable codebase. Since key generation and signing occur off-chain, and many MPC protocols are not open-source, the ecosystem lacks a straightforward way to independently audit and integrate them for analysis in case of issues. MPC wallets hinder transparency and require stricter operational audits.

MPC wallets, as an off-chain wallet solution, can control both ordinary wallets based on external accounts and smart wallets. They do not involve changes to the Ethereum consensus layer or contract layer. They are more cost-effective for users and more feasible in the short term. However, off-chain multi-party accountability cannot be avoided, and the competitive edge of wallet products in terms of security or user experience improvement is not significant.

Smart wallets are products with many innovative opportunities that can bring more new applications and use cases. However, account abstraction is a large project that requires collaboration from other smart contracts, developers, and Ethereum architects for upgrades. Notably, L2s have significantly accelerated adoption speed, reduced costs, and improved scalability, such as Starkware, which has already made all Starknet accounts native smart wallets, and zkSync 2.0 will also launch with AA.

In summary, we believe that the two are not contradictory, and the choice between them depends on specific needs. MPC provides security in key generation and management, while smart contracts bring scalability and more applications for ecosystem development. They are essentially not on the same dimension in solving the private key management issue. We look forward to seeing more innovative products that apply both technologies. For example, the MPC protocol may be combined with multi-signature wallets.

5. Summary Comparison of the Two Wallets

It is precisely because wallet developers can continuously update new features based on smart contracts, and due to the demand for programmatic payments and high-frequency trading in gaming applications, more and more developers and teams are dedicating themselves to the development and innovation of smart wallets. We hold a positive attitude towards the new narrative of wallet abstraction accounts.

As discussed in the article "Auto Payments for Self-Custodial Wallets" published by Visa, it explores the implementation of automatic payments using the account abstraction wallet Argent on the StarNet network. Programmatic payments allow users to automatically pay with self-custodial wallets without signing each transaction.

In addition, several smart wallet products have emerged in the market, such as Argent, MetaMask, Gnosis Safe, Rainbow, etc., which have made varying degrees of breakthroughs and innovations in user experience, security, and functionality. At the same time, some wallet teams are developing customized wallets for specific scenarios, such as the widely used MetaHero wallet in the NFT field.

It is important to note that the development of smart wallets is not only a technical challenge but also requires careful consideration of user needs and experience. In terms of user privacy protection and authorization management, smart wallets need to have higher security and convenience. On this basis, the functionality and design of smart wallets also need to be closer to user needs, providing more personalized and segmented services. Furthermore, smart wallets need to be deeply integrated with other applications and ecosystems to provide more complete and integrated services.

In conclusion, MPC wallets and smart wallets each have their advantages and disadvantages, and choosing the right wallet solution for different scenarios and needs is key. For individual users, smart wallets may be more suitable for daily transactions and managing digital assets, as they offer broader applications and better user experiences.

For institutional or enterprise users, MPC wallets may be more suitable because they are more secure, easier to implement multi-party accountability, and have lower costs and better scalability. Additionally, with technological advancements, we may see more wallet products that integrate smart contract and MPC technologies to provide more comprehensive solutions.

Conclusion

Technology is merely a sufficient condition for functional realization, while functionality will inevitably lead to changes in market patterns.

It is not difficult to discuss technologies like the MPC protocol and account abstraction; the challenge lies in how to apply these technologies in the product iteration process in the market. Besides the security issues that everyone cares about, improving user experience will be a very important dimension for us to evaluate wallet products. After all, as a tool for entering Web3.0, wallet products should not only serve users who are already accustomed to private keys and mnemonic phrases; the more important goal should be to "go beyond the circle," providing a smoother product experience to attract more Web2.0 users to join.

Currently, EIP-4337 is the most feasible account abstraction solution. Many smart wallet projects are already exploring this path. We suggest paying more attention to the construction of account abstraction and smart wallet projects, especially products in the Layer 2 direction. In contrast, the MPC protocol may also be a more secure and reliable technology, but how to better apply it in practical MPC wallet scenarios is key to product refinement. We may need more patience to see more diversified and targeted wallet solutions for individuals and institutions.