Original author: Cipher, JoyID Founder

1. Research Report Highlights

。

·Passkey is the next-generation Web2 account technology, featuring characteristics of no installation, security, convenience, and privacy.

·Passkey Wallet brings this technology into the blockchain world, bringing us a brand new wallet experience.

·Its user experience even surpasses traditional Web2 accounts, and the new user experience will also create new user scenarios.

·The threshold for ordinary users to enter the world of blockchain has been completely eliminated, and the large-scale popularization of Web3 may be just around the corner.

2. Overview

2.1 Passkey Technology Introduction

Before introducing Passkey, it is necessary to introduce WebAuthn. It is a passwordless login technology proposed by the FIDO Alliance supported by Apple, Google, Microsoft, Meta, and others. It uses the asymmetric key pair generated by the device to authenticate the user, replacing the user password authentication scheme. Its principle is similar to the traditional U shield or hardware wallet we use. Users use the private key saved in the device to do digital signature to authenticate their identity to the server.

The private keys of WebAuthn are generated and managed in dedicated secure chips, corresponding to the Secure Enclave of Apple devices, the Secure Element of Android devices, and the TPM of PC devices. They are independent chips with very high security levels, separate from the CPU and operating system. For example, credit card information for Apple Pay is stored in this area. The private keys in the secure chip cannot be read through external APIs and can only be activated by the system's lock screen module (usually biometric) for digital signature operations.

Passkey is a key encryption synchronization scheme based on WebAuthn. Users can use iCloud or Google account to automatically encrypt and synchronize their device private keys, in order to achieve the experience of automatically logging in to a website on multiple devices at the same time. Currently, Passkey is fully supported on mainstream devices including iOS, Android, and MacOS, while Windows 10/11 only supports WebAuthn.

Passkey/WebAuthn (referred to as Passkey for simplicity, considering the only difference between the two technologies is their synchronizability) is the next-generation account authentication technology strongly promoted by major companies. It has significant advantages such as no password, anti-loss, anti-counterfeiting, and ease of use. However, it also has a natural flaw, that is, different brand devices cannot trust each other. For example, Passkey on iOS cannot be synchronized with Android devices, so cross-brand terminal login accounts are always a major problem.

2.2 Passkey combines the advantages of Web3

Passkey technology itself was designed for Web2 network services and did not consider the application scenarios of Web3/Crypto. However, due to its asymmetric key architecture, once combined with Web3, it will have great advantages.

·Passkey wallet can be used to build passwordless and mnemonic-free non-custodial wallets.

。

·Passkey wallet does not require any disclosure of user privacy information, including email, phone number, or even username.

。

The Passkey wallet elevates the security of ordinary users' wallets to a hardware level, while providing a better user experience.

Blockchain can serve as a trusted intermediary, allowing Passkeys generated by different branded devices to be mutually recognized, providing a better user experience than using Passkeys in Web2.

Safe, convenient, and non-custodial - these three advantages that seem impossible to achieve at the same time can be realized on the Passkey wallet. It will be an important driver for Web3 mass-adoption narrative.

2.3 ERC4337 Analysis of MPC Wallet

Also focusing on mass-adoption narrative, there are currently two mainstream solutions in the market, namely ERC4337 account abstract wallet and MPC secure multi-party computation wallet. Let's briefly review their principles and characteristics.

ERC4337 Wallet

ERC4337 is an application layer standard for EVM contract wallets. The advantages of contract wallets themselves include the ability to reset lost private keys, the ability to pay fees on behalf of users, flexible permission management, and batch transactions. However, their disadvantages are also apparent, including high initialization costs, high transaction fees per transaction, and poor dapp compatibility. These are the theoretical pros and cons of contract wallets, and there are also many other drawbacks exposed in their actual use.

·Users still need a private key, and how it is generated and managed is a question.

· The trust anchor problem of resetting lost private keys: that is, who has the authority to reset a user's wallet private key.

的资产了。

The multi-chain synchronization issue of private key reset: Assuming that the user only has assets on Polygon, should the contract private key on Ethereum be reset when resetting the private key? If reset, it will require high transaction fees. If not reset, the user will not be able to use the account's assets on Ethereum in the future.

·The source of the initial deployment fee needs to be paid by the user or subsidized by a third party.

·Incentive issues of bundler under the 4337 protocol.

These theoretical and practical issues have led to the actual adoption rate of ERC4337 wallets falling short of people's expectations.

MPC Wallet

3.2 Clave & Banana SDK

3.3 Turnkey

3.4 JoyID

Welcome to join the official BlockBeats community:

Telegram Subscription Group: https://t.me/theblockbeats

Telegram Discussion Group: https://t.me/BlockBeats_App

Official Twitter Account: https://twitter.com/BlockBeatsAsia