1. Research Report Highlights
Passkey is the next-generation Web2 account technology, with the characteristics of no installation, security, convenience, and privacy
Passkey Wallet introduces this technology into the blockchain world, bringing us a brand new wallet experience
Its user experience even surpasses traditional Web2 accounts, and the new user experience will also give birth to new user scenarios
The threshold for ordinary users to enter the blockchain world has been completely eliminated, and the large-scale popularization of Web3 may be just around the corner
2. Overview
2.1 Introduction to Passkey Technology
Before introducing Passkey, it is necessary to introduce WebAuthn. It is a passwordless login technology proposed by the FIDO Alliance supported by Apple, Google, Microsoft, Meta, and others. It uses device-generated asymmetric key pairs for user authentication, replacing the user password authentication scheme. Its principle is similar to the U shield or hardware wallet we traditionally use, where users use the private key stored in the device to digitally sign and authenticate their identity to the server.
The private key of WebAuthn is generated and managed in a dedicated secure chip, corresponding to Apple devices' Secure Enclave, Android devices' Secure Element, and PC devices' TPM. They are all independent chips separate from the CPU and operating system, with very high security levels. For example, the credit card information for Apple Pay is stored in this area. The private key in the secure chip cannot be read through external APIs; it can only be invoked by the system's lock screen module (usually biometrics) to perform digital signature operations.
Passkey is a key encryption synchronization scheme based on WebAuthn. Users can use iCloud or Google account to automatically encrypt and synchronize their device's private key, to achieve the experience of automatically logging into a website on multiple devices. Currently, mainstream devices including iOS, Android, and MacOS fully support Passkey, while Windows 10/11 only support WebAuthn.
Passkey/WebAuthn (considering the technical difference between the two is only in the synchronizability, they are collectively referred to as Passkey later) technology is the next-generation account authentication technology strongly promoted by major companies. It has very obvious advantages: passwordless, anti-loss, anti-counterfeiting, simplicity, and ease of use. However, it also has inherent flaws, namely, different brand devices cannot trust each other. It is impossible for iOS's Passkey to sync with Android devices, so cross-brand terminal account login has always been a major problem.
2.2 Advantages of Passkey Combined with Web3
Passkey technology itself is designed for Web2 network services and did not consider the application scenarios of Web3/Crypto. However, due to its asymmetric key architecture, once combined with Web3, it will bring great advantages.
Passkey wallet can be used to build non-custodial wallets without passwords or mnemonic phrases
Passkey wallet does not need to reveal any user privacy information, including email, phone number, or even username
Passkey wallet elevates the security of ordinary users' wallets to the hardware level, while improving user experience
Blockchain can serve as a trust intermediary, allowing Passkeys generated by different brand devices to be mutually recognized, providing a better user experience than using Passkey in Web2
Security, convenience, non-custodial—these seemingly impossible three advantages can be achieved simultaneously in the Passkey wallet. It will be an important driver for the mass adoption narrative of Web3.
2.3 Brief Analysis of ERC4337 and MPC Wallets
Also focusing on the mass adoption narrative, there are already two mainstream solutions in the market, namely the ERC4337 account abstract wallet and the MPC secure multi-party computation wallet. Let's briefly review their principles and characteristics.
ERC4337 Wallet
ERC4337 is an application layer standard for EVM contract wallets. The advantages of contract wallets include the ability to reset the private key if lost, pay fees on behalf of users, flexible permission management, and batch transactions. However, its disadvantages are also very obvious, including high initialization costs, high transaction fees for single transactions, and poor dapp compatibility. These are the theoretical pros and cons of contract wallets, and in the actual usage process, they also expose many other shortcomings.
Users still need a private key, and how it is generated and managed is a problem
Trust anchor problem for private key reset: who has the authority to reset the user's wallet private key
Multi-chain synchronization problem for private key reset: assuming the user only has assets on Polygon, should the private key on Ethereum be reset at this time? If reset, it requires high fees; if not, the user will be unable to use the account on Ethereum in the future
Issue of initial deployment fee source, which needs to be paid by the user or subsidized by a third party
Incentive problem for bundlers under the 4337 protocol
These theoretical and practical problems have led to the actual adoption rate of ERC4337 wallets falling short of people's expectations.
MPC Wallet
MPC wallet divides the private key into several parts and entrusts them to multiple parties. When a signature is needed, the private key is reassembled to form a complete private key for signing, or the individual parts are signed and then the signatures are combined to calculate the complete signature. The advantages of MPC wallets include
Low on-chain costs, users do not need to pay additional wallet contract execution fees
Flexible recovery solutions, users can use various methods such as email, phone, password, or cloud storage as authentication methods to obtain recovery parts
Platform agnostic, MPC wallets not only support EVM, but theoretically support various blockchain systems
However, MPC also has a relatively large drawback, which is that it must introduce centralized shard custody and signing services. They require a large amount of cost to maintain the information security and data backup of shard servers, and to ensure timely response to user signature requests. This also leads to the business models of MPC wallets being SaaS for enterprises, and users find it difficult to migrate. This also makes application providers often unwilling to bind users to a specific MPC service provider.
3. Passkey Wallet Product Analysis
3.1 Three Directions of Passkey Wallet
We have analyzed the existing Passkey wallets in the market and found that they mainly fall into three technological directions.
AA + Passkey signature verification scheme, represented by Clave and Banana SDK
Centralized delegated authentication scheme, represented by Turnkey
Signature Transform scheme, represented by JoyID
Next, we will introduce and analyze them one by one.
3.2 Clave & Banana SDK
The first type of wallet adopts the AA + Passkey signature architecture to construct an abstract account on the EVM-compatible chain and directly use smart contracts to verify Passkey signatures. Here, we will introduce two representative projects.
Clave (https://www.getclave.io/) was originally a project that won an award at the EthGlobal Hackathon 2023, and was named opClave at the time of the competition. It uses EVM contracts to calculate the secp256r1 signature required for Passkey (not the usual secp256k1). Due to the complexity of the algorithm and the limitations of EVM capabilities, verifying a Passkey signature consumes 600,000 to 900,000 gas. This is unacceptable for real-world scenarios, especially for mass adoption. Therefore, Clave plans to create a separate Layer3 chain and add a precompiled secp256r1 signature verification contract to reduce gas consumption. However, this approach severely undermines the multi-chain feature of the wallet, making it difficult to popularize.
On the other hand, Banana SDK (https://www.bananawallet.xyz/) positions itself as a toB SDK rather than a toC wallet. Through Banana SDK, dapp developers can embed a low-threshold wallet anywhere for easy user import. However, it faces the same underlying issues as Clave, with high gas fees being the biggest obstacle for such products to become practical.
To address the cost issue of verifying Passkey signatures on Ethereum, developers have proposed Ethereum Improvement Proposal (EIP) 7212 (https://eips.ethereum.org/EIPS/eip-7212) and other Ethereum proposals, hoping to integrate a precompiled secp256r1 signature verification algorithm into the EVM to significantly reduce verification costs. However, this EIP involves changes to underlying cryptography and consensus layers, and even if it is approved and integrated into the mainnet, it will take years. Currently, Clave is collaborating with zksync to integrate EIP-7212 into zksync and primarily deploy it there.
In addition, there are other projects with similar on-chain signature verification using AA + Passkey, including those using zero-knowledge proofs to reduce on-chain computation, such as knownothinglabs using halo2 and bonfire wallet using risc0 bonsai. However, most of these products are still in the prototype stage and there are no further products to analyze at the moment.
3.3 Turnkey
Considering the cost of smart contract verification of Passkey signatures, Turnkey (https://turnkey.com) and other developers have moved Passkey verification off-chain, using centralized services to verify users' Passkey signatures and control the encryption device to generate signatures after successful verification. This approach essentially mirrors the way Passkey is used in Web2, replacing usernames and passwords with public-private key pairs, but the final authentication decision is still made by centralized servers.
Turnkey positions itself as a toB WaaS service, with the advantage of having very comprehensive development tools, a good developer experience, and strong ecosystem support. Several partner companies are already developing products, such as dynamic.xyz, which provides toC wallet services based on Turnkey, offering a good user experience.
However, Turnkey's main issue is that it essentially manages users' wallet private keys (although its documentation repeatedly emphasizes that it is non-custodial, seemingly based on the private keys being in the server's TEE environment, and administrators cannot directly access the TEE), and its business model is a toB SaaS service. Once the service is discontinued, users face the problem of being unable to sign transactions.
3.4 JoyID
From a technical perspective, JoyID Wallet (joy.id) takes a unique approach called Signature Transform. The JoyID Wallet itself supports multiple chains including Ethereum, Bitcoin, and Solana, and appears as a standard EOA wallet on these chains. It also uses AA accounts on Nervos CKB for decentralized management of its keys and authorized devices. This is a very special architecture that combines the flexibility of AA accounts and the low cost and high compatibility of EOA accounts.
The AA account managed by JoyID is mainly responsible for mutual authorization of Passkeys between multiple devices, and it stores encrypted shards calculated with a 2-of-2 key, while the other shard is calculated in real-time by the device using Passkey during signing, enabling decentralized signature transformation from secp256r1 to secp256k1. This approach does not require server intervention during transaction signing and is entirely based on secure chip signatures on user devices, ensuring security, decentralization, and non-custody.
In terms of actual product experience, the entire process with JoyID is very smooth, with users not needing to input any information and only requiring two system authentications to complete wallet creation. The entire process takes only a few seconds and does not require any fees. Currently, it appears to be the most comprehensive and mature solution among all Passkey wallets.
4. The Future of Web3 Wallets
In summary, the advantages of Passkey wallets include no installation, hardware-level security, biometric authentication, no need for mnemonic phrases, easy recovery, no need for passwords, no need to provide privacy information, independence from Web2 major companies, and high EOA compatibility (supported by some wallets). Compared to traditional Metamask plugin wallets and mnemonic wallets, the improvement in user experience and security is significant. Its user experience even surpasses the registration experience of a Web2 account, which requires users to provide email and phone number, and go through verification.
The new user experience will bring new users, and in turn, will give rise to new application scenarios. Web3 applications such as music NFTs, creator economies, Open Loyalty, and DAOs have been limited in the past by the speculative nature of mainstream wallet users, often unable to focus on their valuable businesses. With the influx of non-speculative users, these application scenarios can leverage their true advantages and provide long-term value to customers.
The future of Web3 wallets is likely to resemble the relationship between WeChat Pay and Alipay. Users will use hardware wallets or mnemonic wallets for DeFi transactions and asset storage, and use Passkey wallets for daily dapp interactions and small payments. We look forward to the widespread adoption of Passkey wallets and the real mass user adoption they will bring.
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。
