TL;DR

Why Seedless Wallets are necessary:

“Seedless wallets” are not a specific wallet technology but a functional experience: users no longer need to manage complex mnemonics and can log in using an email password. As a result, the barrier to using wallets is significantly reduced, making the user experience closer to Web2 products.

The essence of such wallets is to allow for password loss, meaning that assets can still be securely preserved and access to the wallet can be eventually restored even in the event of password loss. Thus, users no longer need to meticulously store mnemonics offline but can store passwords in a lower security manner, including cloud storage, mobile local storage, third-party custody, and so on. This allows products to improve the user experience by designing beginner-friendly login experiences.

There are multiple technical routes to implement seedless functionality, including MPC and smart contracts. However, regardless of the technology used, there is always some trust assumption involved — whether it’s trusting custodial intermediaries or trusting smart contracts, wallet security is not solely in the hands of users. For those with extremely high-security requirements, this may not be the best choice; however, for the general public, seedless wallets can indeed lower the barrier to entry for Web3.

Implementation Solutions for Seedless Wallets:

This article introduces three mainstream implementation solutions available on the market.

2.1 MPC wallet

The first mainstream approach is MPC (Multi-party Computation). This is an off-chain solution, another layer of technology outside of wallets. In other words, any wallet that uses MPC technology to safeguard private keys can be called an MPC wallet.

MPC wallets use SSS or TSS technology to generate multiple shards of private keys, distributed among multiple participants. When using the wallet, each party generates a complete set of data for signing using their shard without exposing the shards of each party.

MPC wallets can flexibly set threshold strategies, such as requiring at least 2 out of 3 shards to participate in the signing or requiring all 2 shards to participate in signing. However, it should be noted that while password loss is allowed, the storage scheme of the shards still affects wallet security. For example, storage hosted by the project relies more on the project’s integrity. Currently, the threshold strategy and storage schemes of MPC wallets are not standardized, and there is no industry standard. The different schemes used by each wallet also reflect different security design strategies.

The private shard scheme of MPC wallets can effectively avoid single-point failures: even if a single shard is lost, the assets within the wallet can be preserved, and the shards can be updated without changing the private key, achieving password recovery. In addition, all implementations of MPC wallets are off-chain, ultimately generating only one private key signature, making them more resource-efficient compared to smart contract multi-signatures.

Typical MPC wallets include Web3Auth, Particle Network, Openblock, etc.

Web3Auth uses the SSS (Shamir Secret Sharing) scheme for key splitting. The difference between SSS and TSS (Threshold Signature Scheme) is that SSS first requires a single party to generate a private key, then splits and distributes the private key cryptographically to various parties, and during signing, the complete private key must be reconstructed, hence there is still a risk of exposure in the frontend. On the other hand, TSS performs both key generation and signing stages through distributed computing without requiring reconstruction, thus avoiding exposure risks. The SSS scheme introduces certain security vulnerabilities in Web3Auth, so newer MPC wallets typically use TSS.

The figure below shows the 2-3 model, which is the basic model used by Web3Auth, requiring the participation of 2 out of 3 shards for signing. Among them, device shards are stored on the user’s local device; OAuth login shards are further divided and stored by the node network; backup shards are stored by the user themselves, either on a separate device or accessed through a password.

Source: https://web3auth.io/docs/overview/key-management/

When users log in, they first obtain OAuth login shards through third-party login providers like Gmail. They then use the device shards stored on their local device to reconstruct the complete private key. When a user logs in from a new device, they must simultaneously use the third shard, which is the backup shard, to complete the login process. Additionally, users can also set different threshold models themselves, such as 3-4, 4-5, and so on.

Source: https://web3auth.io/docs/overview/web3auth-for-wallets

Particle Network adopts TSS, which is relatively more secure compared to SSS. Its threshold model uses 2-2, where both the client and the provider each hold a portion of the shards. The client-side shards are stored in the cloud by Particle or a third-party cloud service provider and are accessed after verification via email OTP or social login. However, the client-side key is essentially unprotected, and the service provider can access this key. This solution relies on the client’s trust in Particle or the third-party provider.

Customer acquisition is a challenge faced by all wallets because the vast majority of the ToC market has already been occupied. Both Web3Auth and Particle Network employ a ToB strategy, obtaining users through service project providers. It is worth noting that the Web3 game “Power of Women,” which used Particle Network wallet services, once topped the overall game rankings in the United States Google Play Store, becoming a benchmark case for breaking into the Web3 gaming market. MPC wallets provide a smooth login experience, which is crucial for Free to Play games as it significantly lowers the entry barrier. It can be anticipated that in the future, low-barrier Web3 projects are likely to adopt similar login experiences on a large scale.

Source:https://foresightnews.pro/article/detail/14777

Smart contract wallet

The “MPC wallet” mentioned above is a wallet that uses MPC technology to store private keys, and the “smart contract wallet” is a type of wallet.

There are two types of wallets in EVM, one is the EOA wallet (Externally Owned Accounts**), which is controlled by anyone through a private key; the other is the CA wallet (Contract Accounts), which is deployed on the blockchain and controlled by contract code. It is also a smart contract wallet.

Most of the wallets we use currently are EOA wallets, such as Little Fox. Because smart contract wallets can customize contract codes, they can implement far more functions than EOA wallets, such as account retrieval, preset execution logic, etc. However, they’re not very popular currently, mainly due to the high cost of use. Transactions will incur an additional gas fee than the EOA wallet. Therefore, the current usage scenarios are mainly at the institutional management level such as “multi-signature”, and are rarely used by individual users. In addition, smart contract wallets do not have private keys and cannot verify signatures, so transactions still need to be initiated by an EOA wallet. If individual users want to use smart contract wallets, they also need to keep the EOA wallet keys separately, which still are highly complex.

In the smart contract wallet track for individual users, Argent is a pioneer and has been operating since 2019. Argent consists of two products:

1) The mobile App wallet “Argent” implements the function of seedless feature on ETH and zkSync; there is also the “Argent Vault” product on ETH, which provides a social recovery function;

2) The browser plug-in wallet “Argent X” is only available on StarkNet. It is a wallet based on Account Abstraction, which will be explained later.

Let’s first look at the first product, the mobile wallet Argent, in which “Vault” is the traditional smart contract wallet.

Let’s start by looking at the first product, the mobile wallet Argent, where the “Vault” is essentially a traditional smart contract wallet.

As mentioned earlier, smart contract wallets on the EVM (Ethereum Virtual Machine) do not have private keys and cannot sign transactions. Therefore, when using the Argent mobile app, a user essentially first generates an EOA (Externally Owned Account) wallet and then generates a smart contract wallet “Vault.” This step requires an additional gas fee.

The “seedless functionality” is implemented during the generation of the EOA wallet. The private key is stored locally on the user’s phone and cannot be exported. Users only need an email or phone number to register and generate the EOA wallet. Meanwhile, a backup private key is stored in the cloud, which is used when the user switches devices. The specific steps are as follows: the encrypted backup private key is stored in the user’s iCloud, and Argent holds the decryption key. When the user switches devices, they retrieve the encrypted private key from iCloud, then verify via email or phone with Argent to obtain the decryption key, thus obtaining the backup private key. Additionally, before sending the decryption key, Argent notifies the user and waits for two days, providing ample buffer time to prevent theft.

Argent Mobile Interface

The “Social Recovery Functionality” is implemented after generating the “Vault” through the smart contract wallet, currently only available on Ethereum. It is worth noting that the “Vault” feature is only available to users with deposits of $50,000 or more, setting a relatively high threshold. After setting up the Vault, users can add Guardians, who can be any wallet, including EOA (Externally Owned Account) or CA (Contract Account). These designated wallets can sign and generate a new account as the wallet owner in case the user loses their keys, thus enabling social recovery. Additionally, the wallet owner can determine whether Guardians need to approve transactions, whether any transaction can occur within a specified time frame, and so on.

Argent Mobile Interface

According to Dune, there are currently more than 70,000 Argent contract wallets, with a total of 76,000 ETH stored.

Let’s look at the second product, the browser plug-in “Argent X”. Argent’s recent high valuation is more due to Argent X because it is the first wallet on StarkNet and a wallet based on account abstraction, which represents a new direction in the wallet track.

“Account abstraction” is a consensus concept in the Ethereum community regarding the development direction of wallets. It can be simply summarized as decoupling the entity (account) in the EVM from the entity (key pair or signer) that owns the mobile asset. In other words, that is to turn all accounts into CA[2]. As mentioned earlier, EOA and CA are two account types in EVM. CA cannot verify signatures, so it must rely on EOA to actively initiate transactions; after realizing account abstraction, CA will no longer rely on EOA to initiate transactions, achieving more customization features.

It sounds promising, but there are still many issues here. Firstly, there are still many technical challenges to overcome. For example, the current functionality of Argent X is very limited, and the social recovery feature with Guardians has not yet been implemented on Ethereum. Secondly, the gas fee issue that smart contract wallets have always faced still exists. While there have been improvements on Layer2 solutions, they are still not as efficient as EOA wallets on the same chain. The ultimate solution to the gas fee problem is to dilute the additional expenses through batch transactions. From this perspective, smart contract wallets do have the potential to be cheaper than EOA wallets in the future. Of course, this depends on the development speed of various projects in the field.

MPC+ Smart Contract Hybrid Solution

The “MPC wallet” and “smart contract wallet” described earlier are actually two dimensions of description. The former is an additional layer of off-chain verification technology stacked on top of the wallet, while the latter is a type of wallet itself (compared to EOA wallets). These two types of wallets are not mutually exclusive. There are hybrid solutions that combine the two: Unipass is a smart contract wallet that incorporates MPC technology.

A typical feature of smart contract wallets is the ability to set up multiple keys to manage the same account. For example, in Argent Vault, users can add Guardians to generate a new account and set it as the wallet owner if the user loses their keys. In Gnosis Safe, users can add multiple wallets to achieve threshold signatures. Similarly, Unipass manages accounts through a series of keys with role weights. It is more diverse than Argent Vault and Gnosis Safe, primarily consisting of three roles:

1) Owner: The key set to this type of role can control the account and has the highest authority;

2) Operator: This type of key can be used for transfers, interactive contracts, authorization, etc., and is the most commonly used role by users;

3) Guardians: This type of key can be used to restore the account when other keys are lost.

The effect is equivalent to the social recovery of Argent Vault. What is more advanced about Unipass is that Argent Vault only allows binding EOA wallets as Guardians, while Unipass can bind email addresses instead of wallets for social recovery, which greatly lowers the user threshold.

Source: https://docs.wallet.unipass.id/architecture/key-management

The above functions reflect the characteristics of the smart contract wallet, and MPC is reflected in the Master Key in the picture above. Master Key is the master key generated for users by default, including Owner and Operator roles. It can be said to be the most important key in the Unipass account, and the generation and management of this key uses MPC technology.

The MPC solution has such a dilemma in shard storage: if the client shards are kept by the user, there is a risk of loss; if the client shards are actually still kept by a third party (such as Particle Network), there is a risk of centralization, the password can be accessed by the service provider. Unipass chose the former: Passwords in client shards are kept by the users themselves and are allowed to be lost. In case of loss, they can be socially restored through Guardians. Compared with pure MPC wallets, Unipass ensures account security through social recovery of smart contracts while maintaining decentralization.

Source: https://docs.wallet.unipass.id/architecture/master-key

Additionally, Unipass also supports the ERC-4337 protocol, which can provide functionality implemented through account abstraction in the future.

1. Summary

Starting from the scenario of “seedless,” this article explores several typical implementation methods. The first is the pure MPC wallets represented by Web3Auth and Particle Network, which are still EOA wallets but with sharded private keys. The MPC solution is simple and efficient but faces centralization or key loss risks. The second is the smart contract wallets represented by Argent, which implements seedless functionality by storing keys locally on the phone and ensures account security through smart contract social recovery to address key loss. The third is the hybrid MPC+ smart wallet solution of Unipass, which achieves seedless functionality through MPC technology for the main keys and implements social recovery through smart contract role weighting management, achieving the same goal as Argent.

It can be seen that “seedless” is essentially a trade-off: using a lower security level to store keys to improve user login convenience. Correspondingly, either partial custody is used to address key loss risks or smart contract social recovery is used to ensure security. Smart contract wallets cannot directly implement seedless functionality, but their social recovery mechanism can provide a fallback guarantee for low-security key storage, and decentralized implementation methods are more in line with Web3 values.

However, another question worth considering is: what kind of users need seedless wallets? Web3 users often have multiple small accounts, and whether they register a new wallet depends entirely on what wallets the projects integrate. In this context, seedless wallets seem more suitable for Web2 users. But these users are typically harder to convert into high-value Web3 users and require higher education and customer acquisition costs. Seedless wallets face a problem similar to the social track: how to attract a large number of users with low asset attributes?

Disclaimer：

1. This article is reprinted from [Mirror]. All copyrights belong to the original author [BlockChainTeahouse]. If there are objections to this reprint, please contact the Gate Learn team, and they will handle it promptly.
2. Liability Disclaimer: The views and opinions expressed in this article are solely those of the author and do not constitute any investment advice.
3. Translations of the article into other languages are done by the Gate Learn team. Unless mentioned, copying, distributing, or plagiarizing the translated articles is prohibited.