Enhancing The Wallet Experience With Account Abstraction
You can find the Q&A here. The recap was edited for length and clarity. #Braavosianstalks
- Why is the concept of account abstraction so special?
- Can we expect wallets like Metamask to transition to smart contract wallets?
- Why aren’t there other wallets that use smartphone security chips to secure crypto transactions?
- Why did you choose the security subsystem inside smartphones for Braavos’ Hardware Signer?
- Are smart-contract wallets like Braavos only available on StarkNet?
- Can a mobile app wallet like Braavos become a cold wallet with the Hardware Signer?
- Many Multi Party Computation (MPC) wallets are emerging, how can Braavos compete with this kind of solution?
- Can security keys such as TPM on PC or YubiKey be used as signers?
Q: There is increasing interest in account abstraction on Google. Why is this concept of account abstraction so special?
That’s a simple question with a big answer. But the short answer is that account abstraction actually allows us to bring a brain into the wallet. If we are not too technically accurate, we can say that account abstraction is a synonym for smart contract-based wallets. It is called smart contract based wallet because the wallet goes from something that just monitors tokens and assets and signs transactions to something smart that has its own logic. And that’s basically what account abstraction introduced: to have a custom, arbitrary logic both for verification of transactions. On StarkNet we have account abstraction built into the protocol, which means that each and every transaction has to go through an account contract before it interacts with other protocols, other dApps.
If you think about it, it’s really powerful because you can now run additional logic for each and every transaction, whether it’s on the verification side or the execution side. In previous articles, we gave some of the features that account abstraction enabled but the best example being the Hardware Signer, our invention to use the security chips that we have inside our mobile phones in order to generate keys and to sign transactions in the most secure possible way, which we covered in a collaborative article with StarkWare.
Q: Can we expect wallets like Metamask turning into smart contract wallets?
It’s software, so everything is possible. But traditional wallets have a built-in architecture which is completely different from what is needed for smart contract based wallets. So of course it’s possible that they make the transition because it’s only software. But it requires a lot of work to be done, as it completely changes the architecture of the wallet.
Q: Can we take a step back and reflect about why no other wallet has used smartphones’ security chips in order to secure the signing of transactions?
Each blockchain has its own unique cryptographic security measures, with a dedicated elliptic curve specific to the blockchain. However, security chips on our mobile phones employ a different type of elliptic curve (secp256r1), optimized for mobile devices. This elliptic curve was developed and released after the one used in the most popular blockchains, making the two incompatible.
But here comes Account abstraction that allows us to write custom verification logic. If you remember, every transaction goes through the account smart contract before getting executed. So when a transaction gets to the account contract, it can run the custom verification logic that corresponds to the elliptic curve that resides on the mobile’s security chip and in that way, we can verify that the transaction has indeed been signed correctly.
And you cannot do this without having account abstraction. So here we close the loop and we see again the power of account abstraction in action.
Q: Once I activate this Hardware Signer, I understand that it uses the security subsystem inside my smartphone. Why did you choose this element?
We wanted to offer the most secure features to our users, and we think that security and user experience go hand in hand. One can develop a technology that is super duper secure, but if it’s extremely complicated to use, then most people won’t use it. On the other hand, the Hardware Signer’s offers prime security and a seamless user experience, you use it like you use Apple Pay or Google Pay, – it’s simple and frictionless to use and everything happens seamlessly under the hood for you.
In terms of security, you can enjoy top-level protection, superior to that offered by hardware wallets, which can cost a couple hundreds of dollars and require a steep learning curve, including figuring out where to store them. This complexity can deter typical Web2 users who are accustomed to apps that eliminate all obstacles and handle everything on their behalf. With the Hardware Signer, we have managed to simplify this process, providing a frictionless and user-friendly experience while maintaining top-notch security.
Q: Can a mobile app wallet like Braavos become a cold wallet with the Hardware Signer?
It is worth taking a minute or two to define the terms better. Usually when people say cold wallet, they mean a wallet that is not connected to the Internet, but instead that is stored on a piece of paper in some safe box somewhere. It has no online tracking, so even if someone breaks into your computer or your phone, they have no access to your funds because the keys are not there.
Now with the Hardware Signer when we use the security chip inside the mobile phone, it was very important for us to offer this characteristic. We could do that, because the uniqueness of these security chips is that they are completely isolated, meaning that they are separated from the application processor. Moreover, private keys stored in the security chip are not accessible and cannot be read by the user, application or even the operating system itself.
Think of it as two different buildings. You have the building that has all your apps and all your interactions and browser, etcetera. There is a different building across the highway that no one has access to, that holds your keys. And in that sense, this building is not connected to the Internet. You can look at it as a cold wallet, similarly to how you look at hardware wallets.
Q: There are many Multi Party Computation (MPC) wallets coming up, how can Braavos compete with this kind of solution?
MPC is a security scheme that uses some nice cryptography in order to generate keys that mandates n out of m parties to sign and approve a transaction. It’s mostly used to secure large sums of funds, at least two parties have to sign the transaction for it to get executed. And account abstraction enables everything that the multiparty computation algorithm offers and much more than that. You can easily replace one of the parties in the computation, or in our case, the parties that sign the transaction.
For example, if today you sign transactions from your iPhone 12 and tomorrow you’re going to buy an iPhone 14, it will be easy for you to migrate from iPhone 12 to iPhone 14. And you won’t need to create a whole new key like in MPC. And besides, as we mentioned, account abstraction offers much more than just multi-signature (and multi-factor-authentication). So although it’s a nice feature, it’s far from bringing the industry what it needs in terms of security and UX and it cannot compete with smart contract based wallets. I don’t see them as the new generations of wallet; they’re more like the traditional wallets with a slightly more sophisticated signature protocol.
Q: Can security keys such as TPM on PC or YubiKey be used as a signer?
TPM – Trusted Platform Module – is a hardware security chip, as you have in an advanced Android smartphone (such as the Pixel 3). They’re already used today within the Braavos mobile application – it is what the Hardware Signer is based on. They can also be used in the browser extension and we will use them in the future. The only reason that we did not enable that yet is because we cannot ensure the maximum security possible if you use an extension. If you use an app on your computer, we can do that, but if you use an extension, we cannot guarantee that the TPM will use biometric authentication. It can always default to passcode and that’s less secure, but no doubt that it is much more secure than the seed phrase and that’s the reason why we will enable this in the near future.
And regarding YubiKey, we don’t believe in hardware wallets. Theoretically we could use the YubiKey or Trezor or whatever but we don’t think that this is the experience that users want, as it’s very complicated with a lot of friction around it. We do not encourage hardware wallets, we think it is much better to use the device that you already have that offers a security which is on par with hardware wallets with significantly better UX.
To join the Braavos Nation and share your feedback, we encourage you to connect to our Discord, and Twitter to get in touch and catch the latest news.You can also benefit from the Hardware Signer by downloading the Braavos smart contract wallet on mobile for Android and iOS, and on multiple browsers: Chrome, Firefox, and more