Passkey ushers in a pioneering era of Web3 account technology with seamless, installation-free wallet setup, robust security, user convenience, and commitment to privacy.
By integrating this innovative technology, Passkey wallets redefine the blockchain landscape, offering an unparalleled and novel wallet experience.
Surpassing traditional Web2 account experiences, Passkey wallets not only enhance user engagement but are also set to catalyze the development of new user scenarios.
With the entry barrier for new blockchain users now completely dismantled, the mass adoption of Web3 seems increasingly imminent.
To grasp the essence of Passkey, it’s essential first to understand WebAuthn. This innovative, passwordless authentication technology, endorsed by giants like Apple, Google, Microsoft, and Meta, originates from the FIDO Alliance. It deploys asymmetric key pairs generated on the user’s device, shifting away from the traditional password-based authentication system. This approach echoes the principles of traditional security tokens or hardware wallets, where the device-stored private key is utilized for digital signatures, affirming the user’s identity to a server.
WebAuthn’s private keys are securely generated and managed within specialized chips. These include Apple’s Secure Enclave, the Secure Element in Android devices, and the Trusted Platform Module (TPM) in PCs, all operating independently from the CPU and operating system, ensuring heightened security. A prime example of such secure storage is the handling of credit card details for Apple Pay. Notably, private keys housed in secure chips are inaccessible via external APIs; they are exclusively activated for digital signing by the system’s lock screen protocols, typically involving biometric verification.
Passkey builds upon the foundation of WebAuthn as a sophisticated key encryption and synchronization solution. It allows users to seamlessly encrypt and synchronize their devices’ private keys through services like iCloud or a Google account. This synchronization capability ensures a fluid, automatic login experience across multiple devices. Currently, Passkey enjoys comprehensive support across various platforms, including iOS, Android, and MacOS, while Windows 10/11 maintains support for WebAuthn only.
Passkey/WebAuthn, with their primary distinction being in-sync capabilities (hereafter collectively referred to as Passkey), represent the forefront of account authentication technology championed by leading companies. They bring to the table distinct advantages: eliminating the need for passwords, offering protection against loss and misuse, and ensuring simplicity in usage. Yet, Passkey is not without its drawbacks. A critical limitation is the lack of cross-brand authentication; Passkeys on iOS, for instance, cannot sync with Android devices, posing challenges for account logins across different hardware ecosystems.
Enhancing Web3 with Passkey’s Strengths
Originally tailored for the Web2 sphere, Passkey technology didn’t initially consider the specific needs and scenarios of Web3 or crypto. However, its underlying asymmetric key structure, once merged with Web3, unlocks tremendous potential.
- Passkey wallets empower the creation of non-custodial wallets that eliminate the need for passwords and seed phrases.
- These wallets maintain stringent privacy, not requiring users to share any personal details, including email, phone numbers, or even usernames.
- Elevating wallet security to a hardware level, Passkey wallets notably enhance the overall user experience for the everyday user.
- With a blockchain serving as a decentralized trust intermediate, Passkeys generated across different ecosystems or different devices can mutually recognize each other, potentially surpassing the user experience of Passkey in the Web2 domain.
- Passkey wallets blend the trio of security, ease of use, and non-custodial features — a quite difficult blend to achieve. This innovative synergy positions them as a pivotal catalyst in accelerating the widespread adoption of Web3.
Exploring ERC-4337 and MPC Wallets for Mass Adoption
As the drive towards mass cryptocurrency adoption continues, two key solutions have gained traction in the market: ERC-4337 Account Abstraction wallets and MPC (Multi-Party Computation) Secure Wallets. Let’s start with an overview of their foundational principles and distinctive characteristics.
At its core, ERC-4337 represents an application layer standard for EVM (Ethereum Virtual Machine) contract wallets. These contract wallets boast several inherent advantages, including the ability to reset lost private keys, enable developers to pay fees for their users, offer flexible permission management, and support batch transactions.
Yet, they’re not without drawbacks, including high costs for initial setup and individual transactions, along with suboptimal dApp (decentralized applications) compatibility. While these are some theoretical pros and cons, practical applications reveal more complex challenges:
- Private keys are still necessary: Users still require a private key, the generation and management of which present unresolved issues.
- Trust anchor for authorization reset: Determining who holds the ability to reset a user’s wallet private key raises significant trust concerns.
- Multi-chain synchronization in authorization resetting: For example, if a user only holds assets on Polygon and decides to reset their private key, should the same action apply to the Ethereum smart contract wallet’s key? Resetting it involves substantial fees, yet avoiding a reset could restrict future Ethereum account usability.
- Source of initial deployment fees: Whether these should be user-funded or subsidized by third parties remains an open question.
- Incentives for bundlers in the ERC-4337 ecosystem: Creating the right motivational structures for bundlers (entities that bundle transactions together) under ERC-4337 remains challenging.
These multifaceted theoretical and practical hurdles have unfortunately impeded the widespread adoption and integration of ERC-4337 wallets, falling somewhat short of the community’s initial expectations.
Multi-Party Computation (MPC) wallets introduce a novel approach to key management by splitting a private key into multiple fragments, which are then distributed across several parties. When a signature is required, the process involves either piecing these fragments back together to form a complete key for signing, or enabling each fragment to contribute to a partial signature, which is subsequently combined into a final, complete signature.
Key benefits of MPC wallets include:
- Reduced on-chain costs: Users are not burdened with additional fees for executing complex wallet contract invocations, making transactions more cost-effective.
- Versatile recovery mechanisms: MPC wallets offer various methods for key fragment recovery, such as email, phone numbers, passwords, and cloud storage solutions, enhancing user convenience and security.
- Broad blockchain compatibility: Far from being limited to EVM platforms, MPC wallets theoretically support a wide array of blockchain ecosystems, highlighting their flexibility and universal appeal.
Nevertheless, MPC wallets have a significant limitation: the dependence on centralized services for fragment custody and signature processing. This centralization requires significant investment to ensure the security and backup of fragment servers and to guarantee prompt processing of user signature requests. As a result, the typical business model for MPC wallets leans heavily towards a B2B (Business-to-Business), SaaS (Software as a Service) approach. This might make it difficult to transfer their wallet to other MPC ecosystems and might discourage application developers from binding their user base to any single MPC service provider, considering the potential risks and dependencies involved.
In-Depth Analysis of the Passkey Wallet Market
In evaluating the current spectrum of Passkey wallets on the market, three primary technological trajectories have been identified:
- Account Abstraction (AA) + Passkey Signature Verification Approach: Exemplified by products like Clave and Banana SDK.
- Centralized Authentication Delegation Model: With Turnkey as a notable example.
- Signature Transform Technique: Illustrated by solutions such as JoyID.
Each category represents a unique strategy for integrating Passkey technology into wallet applications. Below is a closer look and analysis of these approaches.
Clave & Banana SDK
The first category incorporates an innovative AA + Passkey signature architecture. In this model, EVM-compatible chains host an abstract account that directly authenticates Passkey signatures.
Originating as a standout project named opClave at the EthGlobal Hackathon 2023, Clave stands out for its implementation strategy. It calculates Passkey-required secp256r1 signatures (not the Ethereum standard secp256k1 signature) using EVM contracts. This method has its drawbacks, particularly in gas consumption; namely, verifying a Passkey signature can require a substantial 600,000 to 900,000 gas. Given the impracticality of such high costs in everyday or mass-adoption contexts, Clave is exploring a novel solution.
Their proposal involves initiating a dedicated Layer 3 chain, integrating a pre-compiled contract specifically for secp256r1 signature verification. This solution aims to substantially decrease gas expenses. However, this modification might lead to a significant reduction in the wallet’s compatibility across multiple blockchains, potentially hindering its mass adoption efforts.
On the other hand, Banana SDK is positioned more as a B2B (Business-to-Business) Software Development Kit (SDK) rather than a typical consumer-facing wallet. This strategy allows decentralized application developers to seamlessly integrate an easy-to-use wallet feature, enhancing the user onboarding experience. Despite this innovative approach, Banana SDK shares the same significant hurdle with Clave: the prohibitive gas fees on Ethereum, which represent a major barrier to their practical adoption.
To tackle the high expense associated with verifying Passkey signatures on Ethereum, the developer community has proposed initiatives like Ethereum Improvement Proposal 7212 (EIP-7212), which can be viewed at EIP-7212: Precompiled for secp256r1 Curve Support. This proposal suggests incorporating a pre-compiled secp256r1 signature verification algorithm directly into the Ethereum Virtual Machine (EVM), aiming to dramatically reduce verification costs.
However, implementing this EIP is a complex process, requiring intricate changes in both the cryptographic foundation and consensus layers of Ethereum. The timeframe for its approval and eventual integration into the mainnet is likely to be measured in years. In response to these challenges, Clave has partnered with zkSync, focusing on adopting EIP-7212 within the zkSync Era environment.
Beyond these, several other projects are experimenting with blockchain-based verification using the AA + Passkey structure, some of which incorporate zero-knowledge proof technology to reduce computational demands on the blockchain. These include knownothinglabs, which utilizes the halo2 framework, and Bonfire Wallet, which employs the RISC Zero Bonsai technology. Most of these initiatives, however, are currently in the prototype stage and lack sufficient development for an in-depth analysis at this point.
Turnkey represents a notable shift in addressing the expense of verifying Passkey signatures via smart contracts. Instead of on-chain validation, Turnkey relies on a centralized service to verify Passkey signatures. Once authenticated, a controlled cryptographic engine generates the needed signature.
This method essentially parallels how Passkey functions in Web2 environments, substituting the classic username and password combination with a public-private key pair. The critical similarity, however, is that the final authentication authority is a centralized server.
Turnkey markets itself as a Wallet-as-a-Service (WaaS) provider focusing on the business-to-business (B2B) sector. Its comprehensive development toolkit and robust ecosystem support offer an enhanced developer experience. This solid foundation has already encouraged multiple partnerships. For example, dynamic.xyz has utilized Turnkey’s framework to provide a consumer-oriented wallet service, which has been well-received for its user-friendly interface.
Despite these advantages, Turnkey isn’t without its drawbacks. A primary concern is the management and security of user wallet private keys. Turnkey’s framework, though frequently described as non-custodial—arguing that private keys are safely stored within the server’s Trusted Execution Environment (TEE), beyond the reach of administrators—still hinges on a central entity for key management. This centralization poses inherent risks, including potential privacy and security vulnerabilities. Furthermore, Turnkey’s reliance on a B2B SaaS model means that any interruption or discontinuation of service could leave users unable to perform essential wallet operations like signing transactions or messages, highlighting a critical dependence and potential point of failure.
The JoyID wallet marks its distinction in the wallet landscape with an innovative approach termed “Signature Transform.” Catering to a range of blockchains, including Ethereum, Bitcoin, and Solana, JoyID distinguishes itself by functioning as a standard Externally Owned Account (EOA) across these networks. What sets it apart is the decentralized management of its keys and authorization mechanisms, achieved via an Account Abstraction (AA) account on Nervos CKB.
This structure ingeniously merges the adaptability of AA accounts with the affordability and broad compatibility inherent to EOA accounts.
Central to JoyID’s system is its AA account, which plays a pivotal role in enabling Passkey authorizations across multiple devices. It also safeguards an encrypted shard that forms part of a 2-of-2 key pair. The counterpart shard is dynamically generated by the device using the Passkey during signing. This design accomplishes a decentralized signature conversion from secp256r1 to secp256k1, independent of any server assistance. The entire process is executed on the user’s device, anchored by secure chip technology. This methodology not only fortifies security but also upholds the principles of decentralization and non-custodial management.
From the user experience standpoint, JoyID excels with its intuitiveness and fluidity. Wallet creation is a breeze, requiring no manual input from the user, and completed with just a couple of system authentications. This quick, hassle-free setup, devoid of any charges, places JoyID at the forefront of the Passkey wallet domain. Presently, it emerges as the most polished and robust choice among all Passkey wallets, skillfully balancing simplicity, security, and speed.
JoyID went live at mainnet on November 6th. It's worth noting that JoyID has formed partnerships with over 30 Web3 projects, including:
These projects have successfully completed integration with JoyID, offering a new user-friendly wallet solution for millions of existing users.
Envisioning the Future of Web3 Wallets: Unleashing User Experience and Security
The rise of Passkey wallets heralds a transformative phase in the Web3 ecosystem, underscoring not only convenience but also enhanced security. These wallets transcend traditional barriers by offering a seamless, no-install experience coupled with robust hardware-level security features.
Notable for their user-friendly nature, Passkey wallets eschew the complexities of seed phrases and passwords. Privacy is a paramount concern; hence, personal information isn’t a prerequisite. A significant departure from depending on Web2 giants, these wallets also ensure compatibility with Externally Owned Accounts (EOAs), a vital attribute for widespread acceptance.
The shift in wallet technology with Passkey wallets signifies more than just an upgrade over legacy systems like Metamask or seed phrase-based wallets. They mark a leap forward, achieving an unparalleled user experience that easily rivals, and in many aspects surpasses, traditional Web2 account setups typically fraught with verification hurdles like email and phone confirmations.
The ripple effect of this enhanced user experience is set to extend beyond mere convenience, potentially reshaping user demographics and spawning new, diverse application realms within Web3. Imagine a world where Music NFTs, the burgeoning Creator Economy, Open Loyalty frameworks, and DAOs are no longer shackled by the speculative tendencies of the status quo crypto wallet user base. The entry of a broader, more diverse audience, less interested in speculation, paves the way for these domains to thrive, focusing on core values and long-term user engagement.
Looking ahead, we might draw parallels between the evolving dynamics of Web3 wallets and the digital payment landscape dominated by Alipay and WeChat Pay. In such a scenario, users may gravitate towards hardware or mnemonic phrase wallets for heavyweight tasks like DeFi engagements and secure asset storage, akin to Alipay’s role in managing substantial financial services. Concurrently, for everyday Dapp interactions and smaller-scale transactions, Passkey wallets could emerge as the favored medium, echoing the convenience and ubiquity of WeChat Pay in handling microtransactions.
The potential of Passkey wallets in shaping a new frontier in the Web3 sphere is immense. With their user-centric design and commitment to security and privacy, they’re poised to redefine digital interactions, promising not just a surge in adoption but a revolution in how users engage with Web3 technologies. As we anticipate the widespread embrace of Passkey wallets, the future looks bright for a truly inclusive, user-friendly Web3 experience.
This post is commissioned by Nervos and does not serve as a testimonial or endorsement by The Block. This post is for informational purposes only and should not be relied upon as a basis for investment, tax, legal or other advice. You should conduct your own research and consult independent counsel and advisors on the matters discussed within this post. Past performance of any asset is not indicative of future results.
© 2023 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.