# The Wallet War: Understanding the Misunderstood Concept of Crypto Wallets
*By Volodymyr Pavlyshyn*
Hello, folks! Today, we're diving deep into the world of wallets, specifically crypto wallets. I've previously discussed the differences between hot wallets, cold wallets, agents, hubs, and other components actively used in Self-Sovereign Identity (SSI). However, today, we're focusing solely on wallets.
## What is a Wallet?
A common misconception is that your wallet holds your assets, NFTs, ABCs, and all things crypto. In reality, your wallet is your key management assistant, primarily responsible for managing your private keys and, in some cases, timing. Hence, the term 'wallet' is somewhat misleading. It would be more accurate to call it a signer, keychain, or key master.
## The Problem with Wallets
The adoption of SSI and crypto comes with a significant responsibility: managing your private key. If you lose the key, you lose everything. This creates a huge usability problem as there's no way to recover or have a recovery system in place.
The most popular approach to wallets is based on the idea of using a 'seed' instead of keys. This seed is a form of entropy from which you can deterministically generate private keys. This concept was sold as a secure method, with the Bitcoin standard BIP 32 outlining how to convert the seed into multiple different keys of different types.
## The Issue with Seeds
However, the question arises: how do you keep the seed secret? How do you recover it? The common solution is to convert your binary entropy into a mnemonic phrase, giving you 12 to 24 words that you need to memorize. But this method has failed spectacularly.
The hierarchical wallet, which is essentially a wallet at its core, has a significant flaw: if you lose the seed, you lose multiple private keys. This is one problem. Another issue is that it works well for one type of cryptography. If you want to combine one key from Bitcoin with another key from more modern chains like Solana, you lose the possibility because of the different cryptography involved.
## The Limitations of Hierarchical Wallets
Hierarchical wallets were a cool concept that simplified a lot and allowed you to just memorize a phrase and manage multiple keys. However, it created a single point of failure, a lot of limitations, and the main problem of the hierarchical wallet is the process of recovery, or rather, the lack thereof.
## The Quest for the Perfect Wallet
So, what's the best wallet in the world? It's one that the user doesn't even know exists. If we can create a seamless experience for the user, where they don't even realize they have some magic wallet, that would be a success. But what about recovery? What can we do there?
## Multi-Part Computations (MPC)
The first idea was multi-part computations, where you split your private key into multiple sub-keys that need to come together to form a quorum. For example, you split it into ten parts, but to get the signature, you need six parts. This off-chain approach allows you to distribute cryptographic materials over the wire, and different people need to come together in some quorum to sign the transaction. However, the problem with MPC is that it's off-chain, and many threshold signature algorithms are not compatible with each other. Currently, we lack a standard that allows us to do this.
## Multisig
Another approach, quite similar to the previous one, is multi-signatures or multisig. This is not a new concept. If you're a Bitcoin user, you knowthat you can build an unlocking script that requires the same scheme. For example, in the Lightning Network, you need two of two signatures to unlock the transaction. The idea is simple: you have multiple independent private keys, but you need several of them to unlock the wallet or sign the transaction.
## Smart Contracts as Wallets
The majority of multisigs are smart contracts, so the cost of these operations can be high. It usually requires multiple operations. Some networks require you to have some kind of smart contracts, and we will talk about smart contracts as wallets in a moment. But the idea is simple: you have multiple keys, you can distribute them over the wire, and have social recovery.
## Account Abstraction
The Ethereum folks came up with the concept of account abstraction. This means that your account and the signing of your transactions can be managed by a smart contract. This changes a lot, including how we validate signatures and operate with accounts. With account abstraction, you have a programmable way of managing your account, signing your transactions, and it could still be social recovery, multisig, or you could create your own programmable concept that will allow you to manage transactions, sign transactions, and manage keys.
## Programmable Key Pairs (PKP)
If you don't have such things in your blockchain or maybe you're completely off-chain, you could look at the LIT protocol. The guys there have a quite cool idea of programmable key pairs (PKP) as some kind of NFT. This means that you could mint the key, manage the keys like NFTs, and it's more blockchain-independent, so you could port the programmable key pairs to different networks.
## Seedless Wallets
All these things like multisig, MPC, PKP, and others revolve around the concept of seedless wallets. In seedless wallets, you don't have a seed, but you have a different programmable mechanism that allows you to recover your wallet easily.
## Conclusion
The world of wallets is complex and ever-evolving. As we continue to innovate and explore new ways to improve security, usability, and recovery, it's crucial to stay informed and understand the mechanisms at play.
If you're doing something in the space of wallets, recovery, security, or usability of Web3 solutions, I'd love to hear from you. I'm always ready to share my knowledge, provide consultation, and collaborate on building something new.
Remember, the best wallet is one that provides a seamless user experience, robust security, and easy recovery. As we continue to innovate in this space, I'm confident that we'll get closer to this ideal.
---
Thank you for reading. Don't forget to subscribe to our channel and Medium blog for more insights into the world of crypto wallets and beyond. Share this article with your friends and let's continue the conversation. See you next time!
https://www.youtube.com/watch?v=b-RX45GC7-g
What is the best Wallet and #wallet #UX ?
One that do not exist and one that you could recover.
Let's discover together
#mpc , #seedlesss , #multisig , #smartcontractwallet, #pkp
https://mirror.xyz/sylve.eth/A8VnNvBVbc0aXmW2FlG58ysI8oZUnH0HGwwjIsQGHUk
Best #wallet is invisible wallet
# Web3 login web3 ID vs Web5 DIDAuth ( DID authentication)
*By Volodymyr Pavlyshyn, [YouTube Video](https://www.youtube.com/watch?v=NwN_4ksbuE4)*
## Introduction
Web3 ID or Web3 login is being touted as a solution to many of our problems - it's decentralized, OTP-less, and passwordless. However, before we all move to this new, happier world, there are a few questions that need to be addressed:
- How do we rotate a key and deal with a stolen private key?
- Is it truly passwordless? How do we unlock a wallet, and how do we recover a password?
- How do we make it cross-device?
I propose a better answer to these challenges - Web5 Auth, or as we call it in our Affinidi SDK, DIDAuth.
## What is DIDAuth?
DIDAuth is an edge auth protocol that proves ownership of private keys based on DID (Decentralized Identifiers). With DID, we decouple but cryptographically bind the Controller (user), private/public key pair, and identifier. So with a DID method that supports key rotation, we could solve the first challenge. With seed migration, we could solve a cross-device experience. Recovery is a more complex story; Affinidi SDK solves it for custodial users and provides building blocks for edge developers to implement their solutions for this challenge.
## The Problem with Web3 Login
Web3 login or Web3 identity is a simple concept - login with your wallet, such as Metamask. However, this approach has several issues:
- **Key Rotation**: If someone steals your wallet, they steal your identity. Key rotation should be a key feature, but it's not working well with login with Metamask or other similar solutions.
- **Passwordless?**: Despite claims, you still need to maintain a password to access your private key. So, it's not truly better than what we already have.
- **Portability**: It's not easy to port your wallets to different locations.
- **Recovery**: If you forget the password, what should you do?
The main concern is the possibility to rotate keys, which is why there are a lot of concerns about the Web3 login.
## The Solution: Web5 Login
What I can offer, which has been available in our Affinidi SDK for a few years, is Web5 login. This protocol solves several issues:
- **Decoupling**: The Decentralized Identifier (DID) allows you to decouple several elements. This is represented as a triangle, not as popular as the self-sovereign identity triangle, but it's the identity triangle. This triangle is the cryptographic binding between three things: the user or controller, the key pair (public and private key), and the identifier. The DID is your identifier that is cryptographically bound with the private and public key and cryptographically or otherwise bound with the controller.
- **Key Rotation**: We need to find DID methods that allow us to keep the identifiers stable but still connected to the private and public key and to the controller, and allow us to rotate the keys. There are several DID methods that allow this, including DID peers, DID Key, and off-chain methods. On-chain methods can be quite expensive and not all of them give you the possibility to easily rotate the signing key.
- **Portability and Recovery**: There are still open questions about how we do the portability between devices and how to do the recovery. For the Affinidi SDK, we have the answer for the recovery because we have the backup of the seeds and then you could use your email or phone```markdown
to recover with your password. However, if you compromise your key, we need to build some extra protocol that allows us to do the operations in this case. The answer to this could be DID Key or DID Peer, and you could notify all your peers that this key is not valid anymore.
While I see a lot of potential in Web5 Auth, I also see a lot of gaps and problems in the idea of logging in with your wallet. I encourage everyone to stay connected, share what you think, and let me know if you need more technical examples.
---
*This article is based on the video "Web3 login web3 ID vs Web5 DIDAuth ( DID authentication)" by Volodymyr Pavlyshyn. The video was uploaded on January 29, 2023, and has been viewed 89 times as of the time of writing.*
---
*Tags: ssi, didauth, auth, architecture, web3id, web3, web5*
https://www.youtube.com/watch?v=HljfDYD4baU
#Anonymous #authorization it is a critical part of future meta identity system
#identity #architecture
Concept of sovereign personality and identity go together with responsibility and risks . You should care about your data and digital assets or you should trust custodial solutions and give up on some part of privacy. It is big adoption stoper
#ssi #digitalidentity #holisticidentity
#accountabstraction give a promise of better UX and better but not ideal recovery of wallets .
What about #bitcoin wallets ?
https://coingeek.com/account-abstraction-on-bitcoin-since-day-1/
For #SSI wallets is even bigger problem as far as it is require some kind of trust network to make social recovery possible.
Keen to discover more on recovery topic
Is human readable nice json api make sense for micro services or low end mobile ? Why end user should pay cost of traffic battery lifetime for this defacto and obvious decision that not so much people challenge?
#rgb https://youtu.be/LSTe_VESauE
#postblockchain #smartcontracts #privacypreserving future of contracts
#grb #rgbsmartontracts is a #postblockchain future but complexity of infrastructure that should be runned to support #rgb #wallet scare me . Just trying to setup #lightingnetwork and it is #L2 journey
https://volodymyrpavlyshyn.medium.com/rgb-post-blockchain-smart-contracts-b345770e1b0a
#postblockchain #smartcontracts #privacypreserving
Idea of postblockchain smart contracts model real social transactions much closer to a reality . Keen to see wider adoption
Whenever we start talking or explaining #ssi we focus on #dataownership and #usercentrisity. It is critical criteria, but it is not a game changer. You could find a lot of #administrative systems that offer it to some extent. For me, the essence of the self-sovereign system - is the untakable right to make a statement on behalf of yourself. Every member has equal possibilities and rights. You could simultaneously be an asset owner, issuer authority, or verification party. This possibility, multiplied by the network effect, is a game changer.
#rust will be linguafranca of #blockchain and #ssi quite soon. i see a movement from #typescript and fast prototypes in #js to more modular #rust cross-platform libs.
https://youtu.be/PF7yzOE4Oz8 #nostr #peertube #odysee #mastodon and more #decentralized #media
Well, now #ChatCPT can google ... now it is the end story for many folks ...