See all Parallel Polis transcripts on Youtube

I'm Ivo and I'm going to tell you about the future of Ethereum wallets and more specifically 2 pieces of technology which are going to define the future of Ethereum wallets, namely smart contract wallets, otherwise known as account obstruction and multi-party computation wallets or MPC wallets. So let's see. I think the clicker is not working. Oh, yeah. So the thing is, why do we need any change in the way that wallets are at the moment?

Well, there is a myth here. And the myth is that people are not ready for self-custody. And people are not ready to take this responsibility. And that Most people are just not suited for self-custody, right? But the reality maybe is the opposite.

In reality, perhaps wallets themselves are not suited for people. Like, wallets are not suited for normal humans. So perhaps we are the ones who are not ready. I mean, the builders are the ones who are not ready for self-custody and not the users. So I'm not sure if this is working.

Yeah, it's working. So what are the issues with self custody at the moment? Well, the thing is, the first 1 is onboarding. And onboarding right now hinges around seed phrases. And seed phrases are a completely Intuitive concept for normal people and what I mean by that is that it's really hard to explain To a normal person or even or even a technical person who is not into crypto, right?

It's really hard to explain that the seed phrase is not an authentication factor. It's not equivalent to a password. But instead, the seed phrase is equal to your money. So it is literally your money. If you lose it, you lose everything.

And equivalently, if someone takes a picture of it, or if someone gets any kind of hold of it, you, again, lose everything. And people are not used to thinking in that concept. They're used to a different concept, which is that there is an account, and there is multiple authentication factors to that account, and multiple recovery methods, like, for example, a password, or a two-factor authentication, or someone else, like Google, who would be able to recover your account. Then the second issue is that Wallets rely on private keys. This is something that we cannot get away from, but we can mitigate, and I'm going to tell you how.

But the issue with singular private keys behind accounts is that it's so easy to compromise this. Like, if you get any sort of malware onto the machine which is dealing with the private key, like not even holding the private key, but dealing with the private key in any way, shape, or form, then the wallet is completely wrecked. And then the final issue is social exploits, so like social engineering and the way that uh many NFT holders uh lost their NFTs uh so again this is something that we can uh improve on. Anyway so um what's what's the solution to all of this? Let's see if I skipped a slide.

Uh I might have. Anyway, so um the solution to all of this is kind of rooted uh in multisig wallets and um the reason that multisigs are sort of a silver bullet is, first of all, because we can improve on onboarding. Because rather than relying on a singular key, which the user has to backup, we can use multiple private keys. And in that way, if we make the logic of the multisig good enough, and if we build recovery logic into it, then we can not have this reliance on a single private key. And instead, like, have, for example, 2 private keys where 1 of the private keys would be on your mobile device, the other 1 would be on your laptop, or 1 of them would be a paper backup, or even in your password manager, or whatever.

And in that way, you won't need to learn this concept of safeguarding a single seed phrase.

So yeah, there is an onboarding improvement. Then also, we have an account recovery improvement, because we can do any arbitrary logic in

a multisig, where we can say, for example, only 1 of the keys, or if you have a total of 3 keys, we can say 3 of the keys can sign immediately. But 2 of the keys can sign behind the time lock. So those 2 keys can recover the account. So even if you lose 1 of your devices, you can still build account recovery thanks to multisig. Then the other reason that they are great is a multifactor authentication.

So you can sign transactions on your laptop, but you can have a secondary signer on your mobile phone. And also, you can build logic into the multi-sig such as if the funds If you're moving over a specific amount of funds, then you will need the secondary factor And then also, of course, they're more resistant to compromises And This

is something that the safe team has been talking about a lot. Obviously, when you have not a single private key securing the account, but multiple private keys, even if 1

of them gets compromised, you're much safer. So let's look at the 2 ways to build multisigs at the moment into wallets. So 1 of them is account obstruction, also known as smart contract wallets, smart accounts, smart wallets, whatever you like to call it. There are multiple names for it. And then the other way is multi-party computation wallets or MPC wallets.

And basically, MPC has become known as a way to do easy DSA signing over multiple devices. And you still have, overall, you still have 1 private key, but you managed to shard this private key into multiple, like, let's call them mini private keys. It's not exactly what they are, but let's call them that. And then using a specific algorithm, you can distribute the signing over multiple devices, 2 or more. And then the other solution, account obstruction, is basically having a smart contract as your wallet, as your wallet account.

So the account can actually contain executable logic. And this allows you to build any arbitrary logic, not only

a multi-sig wallet, not only account recovery, but also other cool things that we're going to get into.

So there is a bunch of FUD that's circulating about smart contract wallets or about account abstraction that recently got

quite well debunked, but I think initially Coinbase was kind of spreading it because of their MPC wallet launch. And they've come around since then, obviously, since the rise of account obstruction in ERC4-337. But some of

those myths are, first of

all, that smart contract wallets cannot sign messages. So this is false. There is EIP-1271, And it allows smart contract wallets to sign messages just fine The thing is that dubs need to implement it and dubs need to be aware of this of this This is by no means to say that most apps do not support account obstruction most apps do support account obstruction It's only the ones that heavily rely on verifying signed messages that have to do this extra step in order to support account obstruction. But the good news is that many dApps have been improving in that regard, and even OpenSea, which was 1 of the notoriously big, broken dApps with account obstruction, fixed this. So yeah, then the second thing is that smart contract wallets cannot have the same address over multiple chains and that they require an extra deployment step.

You've probably seen this in Argent, like when you sign up, you need to deploy your wallet, which to a normal person doesn't mean anything. So you cannot explain to a normal person that they need to pay a fee for something that doesn't have a direct benefit to them. So this is, again, something that could be avoided. You can do create to counterfactual deployment, and you can have the same address on every EVM chain. And you can skip the deploy step.

So you're not exactly skipping it, but you're deferring it until your first transaction. So the first transaction is going to be a bit more expensive. But as a user, you're not going to feel this additional step of deploying the smart contract wallet. And then the final myth is related to gas overhead. And fortunately, through some clever optimizations, we can get the gas overhead of account obstruction down to about 10, 000 gas.

This involves a delegate call, and this involves an easy recover operation. But the cool thing is that, thanks to ERC-4337, we can get rid of the 21k gas overhead of every single normal EOA transaction, because 4337 allows batching on a block level. And if you get batched together with someone else, you can get this gas overhead pretty much eliminated. And then we have 21, 000 overhead for EOAs, and then 10, 000 overhead for smart contract wallets. So you can kind of make smart contract wallets even cheaper.

So there is much more to this. And 1 of the things that's cool about account abstraction again versus MPC wallets is that you can do much more than just multisigs. You can do time locks which enable very cool account recovery use cases like social recovery And you can do spending limits. So for example, you can have a wallet which is controlled by your mobile device, where you can spend under a certain threshold of a stable coin each day. And if you go over this threshold, or If you like to go into a dApp, then you must use, let's say, a hardware wallet to call sign.

The other cool thing, and that's really, I cannot stress how important this is, is that smart contract wallets are mutable. And what this means is that you can change the authentication rules of a smart contract wallet over time. Why is this important? For example, in AMP Buyer, we have this really cool feature where you can make an account with an email and a password, and it's still self-custodial. I won't go into the details of how this is done.

It involves a multi-sig under the hood and kind of a lot of magic. But the point is that it does involve a software key. The software key is part of a multisig, so it's more secure than a usual software EOA. But still, it's a form of compromise, right? So the cool thing with this is that you can start with email and password authentication And then as you become more experienced more seasoned and as you get more funds in your wallet You can switch authentication to a ledger or to

a treasure and you can

do this without having to move funds Without having to migrate staking positions and you're gonna keep the same wallet address So that's absolutely unique your ways cannot do this in a new way The key is the key and the key is always associated with this address. So you cannot magically change it to a multisig without having to move funds. Then the other cool thing is gas abstraction, which is basically paying for gas in stable coins or even prepaying for gas, which is, again, pretty nice because it can also move the account abstraction overhead lower, reduce the account abstraction overhead. And then the final thing is batching. Batching is also called multi-calls.

You can do multiple calls in the same transaction. And this is really amazing because it can hide away the ERC-20 approvals. And we've been talking a lot about this in the community about how ERC20 is flawed, and approvals are not great UX. But the reality is that this is something that should be solved in the wallet and should be solved by batching. When you have batching, you can batch the approval together with the operation, and the user wouldn't even know about the approval.

So it's great UX and uh it keeps the simplicity of ERC20 without having to, without having to create a new token standard especially for this.

Uh so there's a few extra,

a few extra things that uh that account obstruction can do that MPC wallets cannot do and EOAs cannot do. 1 of them is automation. So having transactions be executed automatically based on specific rules and having specific things done automatically based on specific rules. So like a very simple example of this, simple but at the same time impressive, would be you can set like a liquidation rule for your wallet. So like if the crypto market dips, well that's an example for weak hands right, but let's use it.

If the crypto market dips

20%

move everything like sell all the tokens for a stablecoin. And you can do this completely trustlessly without delegating control to anyone else, just by delegating control to a contract which enforces this rule. And also you can do flash loans through smart contract wallets, which is pretty incredible. Furo Combo is an example of this. And finally, you can do advanced cryptography.

And what I mean by that is there is a new standard which is now live in browsers called Web Authentication, or Web Auth N. And this standard is basically like having a wallet built into the browser. And it's live right now. People can use it. And Apple has their own version called Passkeys.

And the thing is that this is something supported by big companies. And it's, by definition, somewhat more secure and easier to use. As I said, it's supported by big companies like Google, Apple. And by having this built into smart contract wallets, you can have account recovery through the key that is embedded in your browser, which is pretty cool. So something else worth noting is that with account obstruction, you can do Schnorr signatures.

And Schnorr signatures compare pretty interestingly to MPC and to MPC signatures. So first of all, Schnorr is way more established and has been around for a long time. The reason we are not using it is that it had a patent for a long time. This patent has now since expired. And Schnorr signatures are incredibly simple, incredibly proven over time.

And there are multiple Schnorr schemes, which you can use for threshold signatures, for multi-signatures. And they're very cheap to verify. Vitalik came up with a very cool easy-recover hack, which allows you to verify multiple types of signatures, including Schnorr signatures, for only 3, 000 gas. So this is pretty unheard of. Anyone who's ever done elliptic curve verification on Solidity knows that the minimum for doing an elliptic curve signature verification operation is like 500, 000 gas.

With this hack, you can verify a completely different signature scheme for only 3, 000 using exploiting isRecover, so to speak. And this

is basically a way to

do a multisig with account obstruction in fixed gas. So you can have like tens of signers, or even hundreds of signers, and verify a single signature for only 3, 000 gas. And it has a huge privacy benefit because you do not know who

the signers are. So you can have

a multisig with hidden signer keys. So drawbacks of smart contract wallets and adoption challenges. So I would say the biggest drawback for now is that dApps do not support EAP-1271. This has been changing. As I said, OpenSea implemented it, so that's pretty incredible.

But also we have this problem of some dApps and some NFT collections blocking smart contract wallets, not on purpose, but they block smart contract calls altogether without realizing that accounts or wallets could be smart contracts. They don't even think about it. So we should definitely educate developers that contracts can be wallets as well. And so since this talk was meant to position like account obstruction versus MPC, Let's look at some of the benefits of MPC. So first of all, something that Schnorr also has, and I think that this benefit is kind of negated by the existence of Schnorr signatures, but 1 of the benefits is that it's very cheap to verify MPC signatures.

You can verify them with a simple easy recover or you can even sign normal transactions on layer 1 using MPC. So that's fantastic and the other thing is that you can do truly multi-chain wallet so you don't need smart contract support to do MPC. So you can have an MPC wallet which is for both Bitcoin and Ethereum. So yeah, if you're doing account obstruction then you're limited to EVM chains or at least to chains that support Turing complete smart contracts. So yeah, and You don't need any changes in dApps.

Signatures just work. I mentioned that there is no gas overhead. And you can do MPC pretty universally across all chains. But you do have some problems with MPC wallets. And other than the lack of all the features that I mentioned that account obstruction has, that MPC doesn't have.

1 of the other problems is that all of the cryptographic libraries are kind of new and kind of DIY. Of course, everything in programming is DIY, but obviously, we would feel better if the cryptographic libraries is established and insolvated multiple times, rather than something that popped up a few years ago. Then the other thing is that you cannot change the authentication rules. So once you set up an MPC wallet, and by the way, a lot of them have trusted setup, but that's another topic. But Once you set up an MPC wallet, and by the way, a lot of them have trusted setup, but that's another topic.

But once you set up an MPC wallet, the authentication rules are kind of set in stone. So if you would like to change some of the signers, you either do another round of trusted setup to exchange

the keys, or you set up a new MPC wallet with a new address,

and you have to move the funds over to it. Then also, currently, you cannot do multi-party computation with Ledger and Trezor. This requires changing the firmware of the hardware wallets themselves. And basically you cannot do MPC together with hardware wallets, which is something that account obstruction can do. You can have multi-sigs and you can have hardware wallets be the signers of those multi-sigs.

So in conclusion, I would say that account abstraction and smart contract wallets are definitely more future-proof, more rich in features, and MPC can be a fantastic transitory tool for cross-chain wallets at the moment, but I would definitely say that the future is account obstruction

100%.

So yeah I think that that's everything and thank you I would love to hear questions.