This guide will explore the factors to consider when selecting a WaaS service to help you make informed decisions.
Authors: Carlos Maximiliano Cano, Ethan Francis
Compiled by: Deep Tide TechFlow
As the Web3 ecosystem doubles down on developing products for the masses, the demand for user-friendly, appealing applications and user experiences is becoming increasingly urgent. In this context, Wallet-as-a-Service (WaaS) tools have emerged to address key issues for both developers. For developers, it simplifies dApp development through customizable tools, enabling them to embed highly optimized in-app Web3 wallets to meet specific product needs. These wallets can be integrated with other tools (such as social and Web2 login functionality) to make Web3 interactions smoother for users, reducing friction in setting up wallets, transactions, signatures, interoperability, and complex interfaces.
If you are a developer, WaaS tools can make your life easier. However, choosing a provider can still be challenging due to the many factors involved. This guide will explore the factors to consider when selecting a WaaS service to help you make informed decisions.
Private Key Management Mechanism
WaaS tools make the process of using dApps and creating associated wallets very practical, especially for mobile products, through social logins and embedded wallets. However, this needs to be consistent with core principles of Web3 such as user autonomy and decentralization. Whether maintaining these values will lead to hosted or non-hosted wallets, as well as different user signature processes, will either drive users away from or closer to Web3.
Whether a specific WaaS service can be considered hosted or non-hosted ultimately depends on how it handles user private keys. Private key management has different mechanisms, each with different trade-offs in terms of security, reliability/efficiency, and hosting risks. As a developer, your goal should be to understand these mechanisms in order to best protect user data and assets while adapting to specific needs.
Let's take a look at the main methods available on the market—KMS, MPC-SSS, MPC-TSS, and the combination of KMS and MPC-TSS, including their characteristics. Please note that while we aim to provide a comprehensive overview of each method, different providers have different implementations. Therefore, you should consider this information as a starting point for forming your own opinion on individual providers.
Key Management System (KMS)
KMS is a solution for storing and managing encryption keys. It is an environment where encrypted private keys are stored (usually in full). The KMS mechanism uses strong encryption standards and controlled access mechanisms to maintain security. Their implementation brings direct operational methods but requires trade-offs.
When looking at systems that only use KMS, please note:
Hosting Risks: If KMS is configured to be hosted, users may not have full control over the keys, which poses significant risks in a decentralized environment. For example, solutions like Magic use KMS, claiming to be non-hosted, but it's important to remember that storing keys through services like AWS means they still ultimately control the keys. Technically, this gives the provider the ability to decrypt keys by changing key policies.
Centralization Risks: Relying on KMS providers may lead to single points of failure, causing issues if the provider ceases operations. Solutions relying on KMS also require a high level of trust, as the business relationship between the provider and the KMS provider means the former still retains access to the keys. It's also important to note that providers may terminate support for a service for various reasons, causing issues for end users.
Multi-Party Computation - Secret Sharing Scheme (MPC-SSS)
MPC-SSS combines the advantages of distributed computing and key sharding. It allows multiple parties to jointly compute functions and distribute keys among them. This enhances security, as executing operations requires reaching a key share threshold without exposing the original key to any single party.
Importantly, MPC-SSS allows for client-side key recovery, constructing private keys in generation and usage, which is a narrow single point of failure. This could lead to a user's private keys being obtained by others without their knowledge, posing hosting risks for purportedly decentralized solutions.
One popular service using MPC-SSS is Privy, which embeds a wallet managed by hardware protection, self-hosted, and isolated through iframes. Privy only stores private keys in memory, minimizing exposure. This means private keys are never exposed to Privy or integrated applications, making the solution completely non-hosted (although these keys are still reconstructed in usage and creation).
Web3Auth V1 also uses MPC-SSS, although it also uses MPC-TSS for certain products (such as core SDK). Their MPC-SSS implementation is typically referred to as "shallow MPC" and is used in plug-and-play SDKs.
MPC-SSS systems can be combined with KMS systems.
KMS + MPC-SSS
Combining KMS with MPC-SSS aims to balance user control and management convenience. While this system may not necessarily affect the degree of hosting of the service, it can provide higher security, possibly at the cost of efficiency.
For hybrid solutions, developers need to assess the potential complexity of interactions between independent systems and evaluate latency by measuring key retrieval and computation times. Popular solutions like Venly use MPC-SSS to shard passwords to access KMS services storing user private keys.
KMS + MPC-SSS solutions retain the risks of pure KMS solutions, as this solution essentially does not address the centralization issues of KMS mentioned above. The issues with MPC-SSS also apply, and developers should take note.
Multi-Party Computation - Threshold Signature Scheme (MPC-TSS)
MPC-TSS enables multiple parties to collaborate in signing transactions or computing functions, distributing responsibilities among them. This enhances security, ensuring no single party has complete control over the key. In the WaaS use case, this also ensures that no third party can spend a user's assets, providing the highest security when correctly implemented, while avoiding the complexity or hosting of mixed methods. This also allows most MPC-TSS implementations to achieve non-hosted status while maintaining efficiency.
For MPC-TSS, developers should test overall latency. Understanding the threshold settings and security model of a specific implementation is crucial to ensure compliance with project requirements.
Particle Network offers advanced TSS methods, ensuring the security of private keys is not centralized in a single entity. This method splits the key into two parts, storing them separately to ensure that neither part reveals any information about the complete key. Users store one part locally, while Particle's trusted execution environment stores the other part. All encryption operations are performed without combining these parts to maintain key integrity.
Particle also provides the possibility for users to create a master password to encrypt local key shards, which can then be securely stored. This allows users to securely recover wallets on different devices. The robustness of this system is further enhanced by a continuous key share refresh mechanism, making attacks nearly impossible.
Please note that the interoperability and latency of the above content vary. Therefore, it is important to look for expected solutions that at least cover the blockchain networks you are most interested in and reliable information about potential latency. We have also created the following diagram to demonstrate the strengths and weaknesses of each method:
Assessing Documentation Completeness
Developers using WaaS services typically take two different approaches:
Quick Start: These developers aim to dive into the codebase as quickly as possible, prioritizing quick understanding, swift action, and available tools, and moving forward in learning.
Comprehensive Understanding: On the other hand, some developers prefer to thoroughly review documentation before writing code, seeking a comprehensive understanding of system architecture, features, and limitations.
If you belong to the first category, finding a balance between these two approaches during the development process can simplify the development process. The gold standard can be measured as starting to use a software development kit (SDK) in just 10 minutes and having enough information to understand the road ahead. In addition to reading this guide, some other key points paired with relevant WaaS scenarios can be:
Debugging Information: Do you have all the information needed for debugging when necessary? For example, does the WaaS SDK provide detailed error logs in scenarios of failed transactions to identify issues?
Useful and Comprehensive Guides: Does the documentation include simple, practical guides? Does it provide step-by-step guides for integrating WaaS SDKs, covering various blockchain networks?
Accessibility to Answers: Are there queryable answers (with examples) to the issues you may encounter in your work? Is there a FAQ section or community forum where other users' questions have been publicly and promptly answered by team members? Is the FAQ section current and well-maintained?
Interactive and Navigable Documentation: Is the documentation interactive/easy to navigate? Is it engaging and informative? Does the documentation include interactive code snippets that allow you to understand the actual operation of the code, or a sandbox environment for real-time testing?
Engaging Content and Information Richness: Can these documents guide you through the entire process? Do they include quick start guides? Are the guides engaging, with visual aids (such as charts explaining the transaction process) and video tutorials for complex integrations?
Comprehensive Guides: Does the documentation include a getting started guide for setting up wallets and guide for advanced features, such as managing multiple wallets or interacting with various blockchain networks?
Quick Start Guides: Are there quick start guides to help you set up wallets, send and receive transactions in a short amount of time?
Building a solid foundation of understanding and evaluating the tools available for the future is crucial to avoiding future trouble. By quickly checking the above points, you can ensure that you gain relevant knowledge while progressing at the pace you desire.
Richness of Feature Integration
When evaluating the strengths of a Wallet-as-a-Service (WaaS) platform, the richness of feature integration upstream and downstream is an important factor. This indicates the platform's ability to provide powerful, universal, and user-centric services. Understanding whether these integrations are native or require additional third-party services is also crucial. These can significantly enhance the user experience and make it easier for users to transition between fiat and crypto ecosystems.
Here are some key areas where richness of feature integration shines:
Support for Account Abstraction
Whether achieved through dedicated modules or native compatibility with Account Abstraction (AA) is crucial for integrating directly with SDKs and partnerships. Integrating AA signifies the platform's ability to adapt to various use cases and ensure a smooth user experience. The diversity and depth of integrations are crucial, as this can ensure that developers have the tools and support needed to create intuitive and user-friendly dApps.
For developers, WaaS with native AA implementation can better utilize different components of the AA stack without having to manually configure third-party components, simplifying the experience and improving implementation efficiency.
Particle Network offers vertically integrated solutions, developing WaaS and the AA stack in-house and directly integrating AA into its WaaS products. Particle also supports the use of the AA stack with Biconomy, while maintaining cross-compatibility with other providers. By supporting AA, WaaS providers can transform rigid wallet interaction experiences into more flexible experiences through programmability, making the end-user experience smoother.
In the WaaS context, some ideal AA tools and components can make your dApp more user-friendly, such as:
Smart Contract Wallet: AA enables programmable smart contracts as non-custodial wallets, enabling advanced automation capabilities. This can bring about a more flexible and user-centric way of managing digital assets.
Session Keys: This simplifies the transaction process that does not require signatures, enhancing the user experience. This feature also allows for pre-approval of transactions, making the system more user-friendly.
Gas Sponsorship: One of the prominent use cases of AA is dApps being able to sponsor users' gas fees, enabled by gas sponsorship. This is particularly meaningful for solutions hosted in L2, often with low costs for users. Gas sponsorship can enable your dApp to accept gas fee payments in any native (non-bridged) tokens.
Batch Processor: Batch processors can aggregate user operations for efficient blockchain interactions, potentially leading to lower transaction fees and faster transaction confirmations. This can provide better cost-effectiveness for end users and better performance for developers.
Social Recovery: AA can enable social recovery functionality, allowing users to recover wallets with the help of whitelisted accounts instead of mnemonic phrases, potentially enhancing security and user experience.
Particle has also developed its own batch processor and gas sponsorship, which projects can integrate to simplify interactions with the blockchain. Particle is also committed to achieving cross-chain account abstraction, aiming to create a unified framework between AA solutions deployed on different chains.
Fiat Channels
Various integrations for fiat on-ramp and off-ramp are also attractive in WaaS platforms. Using fiat channels is particularly attractive as it means users can directly top up USDC/USDT without having to purchase native crypto tokens or rely on centralized exchanges, facilitating a smooth transition from Web2 to Web3.
It is important to investigate whether these integrations are native or require additional third-party services. These can significantly enhance the user experience and make it easier for users to switch between fiat and crypto ecosystems.
Cross-Chain Bridges
Facilitating cross-chain bridges demonstrates the versatility of a WaaS platform. Evaluating the underlying services (Particle uses li.fi) and integrations used to achieve cross-chain interactions is crucial. Strong cross-chain bridging capabilities can open the doors to more functionalities and reduce friction as the blockchain ecosystem evolves towards a multi-chain, scalable roadmap, simplifying the experience for current and future users and developers.
Swap
Some wallets may integrate support for transaction capabilities in their wallet UI. Whether through native functionality or through partnerships and integrations, exchanges are one of the most basic Web3 functionalities. Investigating the supported transaction types, underlying services (Particle uses 1inch), ease of execution, and user experience is crucial.
Other API Endpoints
Ensure to investigate other API endpoints used for interacting with Web3 or impacting the user experience on WaaS platforms. You can also find out the level of customization these endpoints provide. For example, they may provide access to contract locking, log retrieval, token management, analytics, managing certain DeFi interactions, and interactions with various markets.
Support for Multi-Chain
Supporting multiple blockchain networks is a hallmark of a robust WaaS platform. It signifies the platform's adaptability and readiness for expanding ecosystems. Developers should check the number of supported chains, the convenience of switching between these chains, and the level of support provided for each chain.
Modular Evaluation
A modular stack is like a toolbox, with each tool designed for a specific task. A modular system empowers developers to choose and implement the modules they need, customizing solutions to fit their unique requirements. Its counterpart is a monolithic system, bundling tools into an inseparable unit, which may make integration easier but offers little to no flexibility.
A well-designed modular approach can bring flexibility and scalability, allowing developers to easily replace or update individual modules as needed without affecting other parts of the system. The gold standard for modularity should be a balanced system—easy to integrate and allowing for maximum flexibility. Developers should look for independent modules to meet their expected use cases, and these modules should be designed in a way that supports this flexibility. Some examples of use cases for modular support could be:
Authentication: A modular system may provide various authentication modules, such as multi-factor authentication, biometric authentication, or social login. This is closely related to the project's ability to link user information to their wallets.
Cross-Compatibility: The easier it is to access different networks or switch between networks, the more flexible and developer-friendly the service is. Web3 wallet services can also support cross-chain and interoperability modules.
Account Abstraction: As mentioned earlier, implementing AA is crucial. A modular WaaS platform may provide an account abstraction module that can be easily integrated, separating AA from the main product and making it an optional implementation. The AA module itself can also be modular, supporting different functionalities within a stack. Particle Network's WaaS supports a modular AA stack, allowing developers to choose Particle Network's own developed AA stack, including batch processors, smart accounts, and more. Developers can also choose to develop their own AA stack or integrate SDKs from other providers such as Biconomy, ZeroDev, StackUp, and others. The design diagram for Particle Network's modular AA WaaS is as follows:
Product Customization: Through a custom UI module, developers can ensure brand consistency by integrating brand color schemes, logos, and other graphic elements. However, this is not necessarily limited to design components and can also impact functional aspects of the product, such as transaction limits, custom transaction fees, or special approval workflows.
Interoperability with Other Services: A modular WaaS platform can have modules that facilitate easy integration with other third-party services or platforms. For example, it can enable interactions with exchanges and cross-chain platforms, or even allow you to customize your own integrations.
Web3 Wallet Performance Metrics
When integrating services, it is important to understand that different providers may perform differently in various areas. Two key areas are the time it takes to generate a wallet (from the user clicking "connect" to the wallet being available) and the time for repeat user logins. These performance metrics may be influenced by the underlying management systems of each solution.
To illustrate this point, we measured the time required for different WaaS tools to create a Web3 wallet via Google authentication in the following diagram. We encourage you to test products from different providers to understand the user experience.
Web3 Wallet Performance Metrics
When integrating services, it's important to be aware that different providers may perform differently in various areas. Two key points are the time it takes to generate a wallet (from the user clicking "connect" to the wallet being available) and the time for repeat user logins. These performance metrics may be influenced by the underlying management systems of each solution.
To illustrate this point, we measured the time required for different WaaS tools to create a Web3 wallet via Google authentication in the diagram above. We encourage you to test products from different providers to understand the user experience.
The diagram below shows a horizontal comparison of the time and steps required for connecting wallets through Particle, MetaMask, and other WaaS tools.
Social Proof and Market Presence
Other social proof metrics can provide tangible evidence of the feasibility of a solution and its market acceptance. Metrics such as SDK downloads and active users can demonstrate trust and adoption of the service. A direct way to access these metrics is to search for individual SDK packages on Npm-stat. Note that download numbers may be influenced by PR, incentives, and other marketing activities, so these numbers should not be used solely for decision-making, but rather as part of a thorough analysis.
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。
