Web3 is with lots of opportunities, but it also has its challenges. One of the main challenges is making sure that user accounts are secure in a decentralized environment. Solving this problem is very important for the continued growth and popularity of Web3 technology.
This article aims to introduce two key technologies that will shape the future of account security in the Web3 space: Multi-Party Computation (MPC) and Account Abstraction (AA). These technologies together provide an effective solution to a range of inherent security issues in the traditional Web3 account infrastructure, all while simplifying user experience.
Understanding the Web3 Account Infrastructure
The Web3 account infrastructure primarily comprises two types of accounts: Externally Owned Account (EOA) and smart contract account(SCW). EOA, currently the most basic account type in mainstream blockchains, is controlled via on-chain verification of signatures directly generated by private keys. In contrast, a smart contract account is defined and configured by contract code, which requires private key-based user verification to operate, representing more complex entities capable of owning a variety of customizable on-chain services and logic.
However, both EOA and smart contract accounts come with their own challenges. Traditional private key management of EOA presents security risks, while the freedom and complexity of smart contract accounts can lead to compatibility issues when applied on a large scale. Moreover, due to the high gas prices on the Ethereum mainnet, operations executed via smart contract generally cost two to three times more than those via EOA. To tackle these issues, industry experts have turned their focus toward MPC and account abstraction.
The Role of Signatures: Private Keys and Multi-Party Computation (MPC)
Signatures play a vital role in the Web3 account system. They provide proof of account ownership and play a significant security role during transaction execution. Traditionally, this signature mechanism relies on private keys. However, managing private keys is often cumbersome and fraught with various security risks for ordinary users. Private keys are prone to theft by phishing websites or leakage during transfers across environments. Over time, the chances of forgetting or losing them also increase. Furthermore, once a private key is potentially leaked, account privacy cannot be restored through resetting; owners usually have to transfer all assets to another account to reset security.
MPC, however, is different. Instead of securely storing a single key as in the case of private keys, MPC allows the key to be divided into multiple parts and distributed among various participants. No single participant can access the complete key, ensuring asset security even if one participant suffers a hack or leak. Furthermore, MPC allows resetting of key parts without changing the account derived from signature calculation, enabling users to refresh their key materials and thereby improving security. Key attributes of MPC include:
- Seamless Onboarding: MPC wallets can facilitate user-friendly onboarding processes by integrating social logins, such as Email, Google, or Apple ID, simplifying the process for new users.
- Robust Security: Distributing private keys into several parts enhances the security of MPC wallets by eliminating single points of failure.
- Chain-Agnostic: MPC wallets can operate across different blockchain networks, offering increased compatibility and versatility.
Real-world examples of MPC implementation can be found in services like Particle Network's Authenticate, which offers an MPC-secured account verification middleware, and Lit Protocol, which uses MPC for distributed account key management.
Diving Deeper into Account Abstraction
Account Abstraction is a method of encapsulating user identities within smart contracts, enabling users to interact more freely and securely with smart contracts. In the traditional Web3 framework, users interact with smart contracts through their External Owned Account (EOA) and the associated private keys. However, this approach often requires users to have some expertise and can be prone to errors. Account abstraction solves this problem by embedding the user's identity into the smart contract, enabling the user to interact with the blockchain without having to directly cast a transaction. Hence, account abstraction provides a simpler, more intuitive user experience, making Web3 technologies more user-friendly.
The benefits of account abstraction go beyond convenience. By simplifying the user experience, account abstraction can promote more widespread adoption of Web3 technologies.
One of the most popular use cases is Gasless Transactions, a mechanism that allows users to execute transactions without having to pay network fees (gas) directly, lowering the barrier to entry for users. Another example is Batch Transactions, which allow users to execute multiple operations in a single transaction, enhancing efficiency. There are also many practical features such as:
- Session Keys: By creating disposable signature keys stored in the browser, users only need to sign once within a period. This eliminates the need for users to sign repeated transactions.
- Social Recovery: Allows users to recover their accounts via selected trusted delegates, enhancing the convenience and security of account recovery.
- Permissioned Access: Abstract accounts can set complex permission controls, adapting to various use cases.
How MPC and AA Together Enhance Security
The combination of MPC and account abstraction is poised to significantly improve Web3 account security. The former ensures the security of the signing process, while the latter simplifies the process of user interaction with smart contracts.
The combination of MPC and account abstraction is a great scenario, where MPC ensures that no single party can access the entire key (private key), while account abstraction simplifies the transaction process requiring multiple signature confirmations. This dual-layer approach significantly enhances security while providing a user-friendly experience.
Particle Network is at the forefront of the industry, pioneering the implementation of an MPC+AA solution. The company aims to use proactive security MPC protocols to protect the signing of abstract account wallets to enhance security, and it leverages the series of interaction process optimizations and flexible account programmability brought about by abstract accounts to build a more powerful Web3 account.
Broader Web3 Account Security Initiatives
While MPC and account abstraction play crucial roles in enhancing Web3 account infrastructure and security, they are just a part of a larger scope of Web3 security initiatives. These initiatives include risk analysis services (such as the Meter SDK provided by AvengerDAO), vulnerability bounty programs, and the development of security-focused smart contract languages.
It's important to understand that safeguarding the security of the Web3 space is a multifaceted challenge that requires a comprehensive approach. A robust security posture involves not just protecting account integrity, but also ensuring the secure execution of smart contracts, maintaining the privacy of on-chain data, and mitigating the risk of centralized points of failure.
Conclusion
To conclude, the combination of Multi-Party Computation (MPC) and Account Abstraction (AA) holds great promise to substantially improve the security and usability of Web3 account infrastructure. MPC offers a potent alternative to the traditional private key management approach, while account abstraction simplifies user interaction with smart contracts.
Looking ahead, we can anticipate the continued evolution of the Web3 account infrastructure as these technologies mature and as new solutions emerge. As Web3 becomes more ingrained in our digital lives, the importance of robust account security will only grow.
The future of Web3 security depends on our collective understanding and engagement with these technologies. As users, developers, and stakeholders in the Web3 space, we bear the responsibility to stay informed about these developments and participate in ongoing discussions. Together, we can shape a safer, more user-friendly Web3 experience.
Authored by Particle Network.