Explain in detail the advantages, disadvantages and challenges of MPC and smart contract wallets

Original title: " Seedless Self-Custody: On MPC and Smart Contract Wallets  p> 

Self-custody has long been hailed as the best practice for managing crypto assets. The FTX and Celsius debacles are the latest in a long string of events that have reminded the industry that “if it’s not your key, it’s not your coin,” sending people flocking to non-custodial wallets. After the FTX incident was exposed, Safe received a net inflow of more than 800 million US dollars, Ledger experienced multiple record high sales in a short period of time, Trezor sales soared 300%, and ZenGo achieved triple digits overnight growth, deposits at an all-time high, all in the same week.

However, a large number of users are still willing to take the risk of hosting in exchange for lower cost and ease of use sex. We still have a long way to go before non-custodial wallet infrastructure becomes the path of least resistance for securing and managing assets.

Fortunately, there is now a thriving ecosystem of wallets for individuals, DAOs, and Institutions offer more options. Encryption is no longer just about secure storage, it includes using assets in the new economy. However, the ever-increasing attack surface and vulnerabilities, coupled with increasingly rich features, require wallets that can resist attacks while supporting daily business and personal use.

As with all design decisions, this is a result of multiple considerations for a given use case Optimization problems, and capabilities of wallet solutions and key management practices, need to pragmatically balance the collective needs of target users:

Individuals need a seamless user experience, low fees, and flexibility in interacting with dApps. DAOs require transparent treasury management, ecosystem governance participation. Institutions want to outsource responsibility through chain agnosticity, auditability, and institutional-grade security.

 

Two classes of alternative key management solutions have made significant progress: smart contract wallets (including multi-signature wallets) and multi-party computation (MPC) protocols.

 

This article covers:

Properties to consider in wallets;

Overview of traditional, MPC and smart contract wallets;< /p>

Ongoing challenges in the wallet ecosystem;

A summary of the trade-offs of current wallet solutions, and an outlook for wallet infrastructure.

 

Attributes to be considered in the wallet

Safety. Level of protection from simple to complex attacks. "Good key management" requires choosing a range of solutions whose onboarding and operating costs match the nature of on-chain activity and the amount of risk involved. cost. How expensive it is to create accounts, manage access and execute transactions. User experience and flexibility. Granularity of access control management, overhead policies, restrictions and permissions. recoverability. Have the ability to restore assets and access in the event of a threat or loss. scalability. Can bring new features to core products and build a comprehensive ecosystem of products and services. privacy. Addresses can be easily linked to individuals.

 

Traditional (HD) wallet

< p>Traditional wallets use mnemonics and hierarchical deterministic (HD) structures to derive private keys, corresponding public keys, and on-chain addresses. These wallets allow users to generate private keys used to sign transactions and recover all keys using a seed phrase.

 

So far, traditional wallets have been A tool for custody of assets and their main entry point for interacting with blockchain applications. Browser extensions like MetaMask and mobile apps like Rainbow have attracted millions of users to this ecosystem. Users who want to reduce risk can opt for hardware wallets such as Ledger and Trezor, which provide better security by protecting private keys offline.

Although the industry has made a huge collective effort to inform users to keep mnemonic and password Despite the importance of key security, this single point of failure remains a significant barrier to widespread adoption. If the private key is lost, in addition to losing all assets, users must manually track multiple addresses, token approvals, and compromise privacy by having to fund new addresses.

Today, irrevocable strings not only allow one’s entire life savings to be “accessed ’, and there is a growing trend to connect the on-chain history of users’ online identities. The incentive to gain access to private keys is so great that hackers, each devoting unlimited resources, carry out increasingly creative attacks. Now, it's no longer enough to rely solely on the user - we need to completely eliminate this single point of failure.

Multi-Party Computation (MPC) Wallets and Smart Contract Wallets help us achieve this and have already There is an ecosystem of these two types of products and services being adopted by institutions, individuals, DAOs, etc. While both types of wallets eliminate single points of failure, they have some fundamental technical differences that lead to different trade-offs.

MPC Wallet

Broadly speaking, multi-party computation (MPC) enables a group of mutually distrusting parties to jointly compute a function based on their inputs while keeping those inputs private. In cryptography, this is especially useful for holding private keys used to decrypt data or generate digital signatures.

MPC Wallet eliminates single points of failure by using Threshold Signature Scheme (TSS). In this paradigm, we create and distribute parts of the private key so that no one person or machine has full control over the private key—a process known as distributed key generation (DKG). We can then combine the parts and co-generate the public key without exposing the parts between the parties.

 

In order to sign messages and transactions, every Both parties input the secret shared part and the public input (the message to be signed) to generate a digital signature. From there, anyone who knows the public key (i.e. a validator node) should be able to verify and verify the signature. Since key parts are combined and signatures are generated off-chain, transactions generated from MPC wallets are indistinguishable from those of traditional private key wallets.

This provides a level of privacy for MPC wallet users. This feature is useful out of the box for organizations that wish to keep their signature schemes and signer activities out of the public eye, as these processes happen off-chain. This way, organizations can keep internal logs of participating signatures without making them public.

Private Key Rotation is another MPC protocol that takes the secret shared part as input, and Output a new set of secret shared parts. The old secret share can be removed and replaced with a new share, which can be used in the same way without changing the corresponding public key and address.

Advantages of MPC wallet

< p>

No single point of failure. A complete private key is never centralized on one device at any time. There is no mnemonic either.

Adjustable signature scheme. Approved fixed headcounts can be modified as individual and organizational needs change while maintaining the same address. Organizations can dynamically adjust signature schemes without having to notify counterparties of a new address each time.

Granular access control. Organizational users can assign an unlimited number of transaction approvers to a policy and assign permissions that accurately reflect organizational roles and security measures (timelocks, MFA, fraud monitoring). Individuals can choose the semi-custodial route through MPC wallet-as-a-service, where a third party holds a key shared portion.

Lower transaction and recovery costs. MPC wallets are represented on the blockchain as a single address with the same gas costs as regular private key addresses. This is very important for users who conduct hundreds of transactions per day (such as in B2C use cases). Lost key shares can also be recycled off-chain.

Blockchain agnostic. Key generation and signing rely on pure cryptography off-chain. Extending compatibility to new blockchains is simple, as wallets only need to be able to generate signatures using an algorithm recognized by that chain.

 

Disadvantages of MPC wallet

Off-chain accountability. Signing authorization policies and approving fixed numbers are managed off-chain, so these custom rules are still prone to centralization issues. The key share is still a cryptographic secret and should be treated like the entire private key. Off-chain rules and signatures hinder transparency and require stricter operational audits.

Incompatible with most traditional wallets adopted by many users (no seed phrase, no full private key stored on a single device). The MPC algorithm is also not standardized, nor is it natively supported by agency-grade security devices such as iPhone SEP and HSM.

Mostly isolated custom products. Many MPC libraries and solutions are not open source, so it is difficult for the ecosystem to independently audit and integrate them if something goes wrong.

 

The MPC-based solution is primarily aimed at institutional clients such as funds, exchanges and custodians. MPC technology providers like Fireblocks and Qredo allow their clients to define their own workflows for different types of transactions, allowing them to remain compliant and secure. However, the retail investor base still relies on independent research and private key wallets. Web3Auth recently released an MPC SDK that users can use their iCloud or email as a backup. Decentralized custody protocols like Entropy are building open source tools for consumers and DAOs so they can store assets online.

Notable Development in MPC: Programmable Key Pairs

Lit is a decentralized protocol that stores key shares on Lit network nodes. A public/private key pair is represented by a PKP (Programmable Key Pair) NFT whose owner is the sole controller of the key pair. The PKP owner can then trigger network aggregated key sharing to decrypt files or sign on their behalf when arbitrary defined conditions are met.

This has great implications for decentralized access control, asset management and on-chain automated interactions significance. By granting signing privileges to Lit Actions (immutable code deployed to IPFS), PKP can be used as an MPC or a decentralized cloud wallet, using any authentication method expressible in javascript.

Minting PKP NFT is an MPC-based distributed key generation process that enables NFT owners to Become the root owner of the PKP. Therefore, transferring this NFT is equivalent to the transaction private key, which actually breaks the concept of "soul-bound" tokens (SBT), because SBT is bound to a specific owner, and now the wallet itself can be safely traded, so , "wallet-bound token" might be a more appropriate name.

Smart Contract Wallet

Ethereum currently has two account types:

Externally Owned Account (EOA) - Controlled by Private Key

Smart Contract Account - Controlled by Code

 

Smart Contract A wallet ("smart wallet") is a smart contract that behaves like a wallet, i.e. an interface that allows users to manage funds, do web3 logins, and interact with dApps. Unlike private key wallets, smart wallets require an initial cost to create because smart contracts need to be deployed on-chain.

Multi-signature wallets are smart contract wallets that require M-of-N key signatures to execute the transaction. MPC only creates a single signature regardless of the number of participating key shares, and multisig signs transactions using different signatures generated by different private keys. This makes it compatible with existing private key wallets and sits a layer above traditional wallet addresses like Ledger or MetaMask.

 

The smart contract account standard like Safe is An ecosystem of asset management products and services provides a foundational layer. Functionality is added through modules, which allow users to define management key logic, spending limits, recurring transactions, account automation, tiered access, and more. Currently the most prolific set of Safe modules is built by the Zodiac team.

Advantages of smart contract wallet

No single point of failure. Multiple signatures are required to execute a transaction.

Programmable access control. Users can define different policies, set time locks, spending limits, automation.

Transaction batch processing can be implemented to save costs.

Extensible. Thanks to the composability of smart contracts, wallet developers can create an ecosystem of modules that users can choose to add to their wallets, creating an ecosystem for new features like NFT lending frameworks, DAO voting modules, and non-custodial asset management services. app store.

Programmable recovery. Wallets can offer several options for recycling funds to the smart contract itself.

On-chain accountability. On-chain signature authorization policies and aggregations make it clear which keys are used to sign transactions, making operations more transparent and straightforward, allowing auditing of who participated in transactions in case of errors.

Supports migration to other signature schemes. Smart contract wallets can change their signature schemes to something simpler, less gas-efficient, or quantum-resistant. They can also be used on iOS and Android devices (turning the phone into a hardware wallet), or enable Ed25519, allowing iOS biometric and web authentication.

Open source. Anyone can audit the implementation and function expansion of the smart wallet, thereby addressing bugs and adding new functions through the ecosystem.

 

Disadvantages of smart contract wallet

< p> higher fees. Smart wallets have higher fees than normal single-address transactions because of the need to verify multiple signatures. Operations such as adding/removing owners and changing thresholds also require on-chain transactions.

Not universally supported. While smart wallets can be deployed on any EVM chain of the same address, they require custom implementations on non-EVM chains.

Recovery costs are higher. While the recovery logic is programmable, on-chain fees need to be paid to execute it.

Incompatible with non-upgradeable contracts. Although EIP-1271 allows applications to sign on behalf of contract wallets, it is still not universally supported and cannot be added to non-upgradeable contracts.

 

Notable Developments in Smart Contract Wallets: Account Abstraction

Smart wallets play a vital role in the ecosystem-wide effort to completely move away from EOA and private keys (also known as account abstraction). In this paradigm, all accounts are smart contracts with their own logic to dictate what constitutes a valid transaction, allowing users to tailor accounts to their specific needs.

Account abstraction has been discussed since 2016, but the ecosystem is struggling with solutions Coordination has been slow. L2 has greatly accelerated its awareness and adoption, for example StarkWare has localized all Starknet accounts into smart wallets, and zkSync 2.0 will also be launched with AA.

On Ethereum, there are multiple EIPs to complete milestones on the roadmap, enabling accounts Abstraction becomes reality.

EIP-4337: Move signature verification, gas payments, and replay protection out of the core protocol In the EVM, users are able to use smart wallets with arbitrary verification logic instead of EOA as their primary account, without requiring any consensus layer changes. This EIP introduces a UserOperations mempool that exists in parallel to the existing mempool. A bundler (validator, MEV searcher, or the application itself) takes transactions from the UserOperations pool, forwards them to the blockchain and pays fees. Here, the startup wallet itself does not pay for gas, but the application can aggregate it for the user through a fee-based subscription model. EIP-3074: Allow EOAs to delegate control to contracts, allowing existing EOAs to send operations that are paid for by third parties. EIP-5003: Upgrade existing EOAs to contracts and allow them to migrate from ECDSA to more efficient or quantum-resistant signature schemes.

 

Challenges facing the wallet development ecosystem

Technical Vulnerabilities

The Parity Multisig hack and the recent Rabby Swap attack show that if The implementation is flawed, and even the best conceptual way of storing funds doesn't make much sense. We can foresee that standards for smart contract accounts will emerge.

Social attack level

The merits of any technical solution still cannot eliminate the risks at the social level. The $600 million Ronin Bridge breach was not due to any technical flaw, but a social engineering attack on a Sky Mavis employee that gave attackers access to validator keys. In addition to deciding which wallet to use to manage assets, organizations also need to ensure that each "component" of this critical system is truly independent at the social and technical layers.

Security and migration costs

< p>

Moving from one account to another is neither fun nor cheap. While there are currently strong wallet alternatives on the market, there are real costs for users to migrate their existing EOAs: transaction fees, closing/opening DeFi positions, revenue impact, user error, time and effort.

Operational Security

Self-custody is a scary prospect for most users today, as improving requires conscious effort and can be a daunting task. Most transaction data is unreadable (although this is changing), and errors are irreversible. Like crypto education, this problem cannot be solved by a team alone, it requires tools and user experience patterns.

Conclusion

< /p>

 

Although MPC and smart wallets share a common "this vs that" framework, they are not competing in the long run, but is a complementary relationship. MPC provides shared security at the key generation and management level, while smart contracts bring scalability and an ecosystem approach to function and application development. For example:

MPC can be enhanced by splitting one or more private keys into multiple parts Existing multi-signature schemes. If three people are used to secure a 2/3 multisig, each of those three users can subdivide their individual private keys using MPC and store their MPC key parts on separate machines.

A community or DAO can be a multi-signature signer with a PKP NFT that manages a decentralized cloud wallet that can be used for automated investing or DEX interactions.

 

The reckless actions of centralized entities have weakened cryptocurrencies in many ways this year, they have eroded trust in the industry and most importantly lost users' funds . The technologies and projects highlighted in this article are paving the way for a future where everyone can participate in a decentralized economy, without having to place our destiny in the hands of a few.

Original link

欢迎加入律动 BlockBeats 官方社群：

Telegram 订阅群：https://t.me/theblockbeats

Telegram 交流群：https://t.me/BlockBeats_App

Twitter 官方账号：https://twitter.com/BlockBeatsAsia