Vitalik on Wallets
What does the founder of Ethereum think about the future of wallets? What do we need to build to help the next billion people use Ethereum? I have been studying what he has been saying about this.
tl;dr - Wallets still need a lot of work. Want to test the new Balance Wallet?
Join us: https://discord.gg/balance-wallet
Over the last 3 months I have been furiously studying the wallet ecosystem to understand a few things:
What have wallet teams been doing during my 2-year hiatus?
What have they actually shipped to the people?
What are they going to ship in the future?
How are Ethereum wallets going to change?
This has really helped me get back in sync with the competitive landscape and understand where we might be heading. I believe the best way to predict the future is to study the past, build in the present, and listen to people who are researching the new.
Vitalik is not impressed with any wallet
When I read Vitalik’s writing and listen to his podcast interviews, I get the sense that he is not at all impressed with any of the wallets in the Ethereum ecosystem. He wants us all to do better. On his blog, Vitalik has written a piece on Social Recovery which has a strong tone:
The whole point of digital technology, blockchains included, is to make it easier for humans to engage in very complicated tasks without having to exert extreme mental effort or live in constant fear of making mistakes.
This is the crux of it: Wallets today are developed by developers for developers. We need wallets that are designed by designers with developers who care about regular people. Vitalik then talks about the trade-off’s of the different technology stacks:
📟 Hardware wallets with a single seed require you to trust the hardware manufacturer and the supply chain integrity. This is a huge risk.
🧠 Seed phrases are not good enough. People often screenshot them, lose them, write them down, and then forget about them. They are single points of failure that often get compromised.
🔐 Multi-signature software wallets are really useful for communities but slow normal people down too much. If you always have to wait for someone else to sign you made the experience of using Ethereum so much more complex.
👨👨👧👦 Social recovery is better, in Vitalik’s view because it allows people to use their wallet normally but rely on friends if they lose access to their key. You can ask your friends with Ethereum wallets to hold keys to a contract that can change your key.
Argent’s Social Recovery System
Argent is the most popular Ethereum wallet with a social recovery system that has been up and running for years. It is a thoroughly impressive blend of smart contracts, SMS systems and email-based account management. The team are working hard to make seed phrases a thing of the past by using smart contract wallets on Ethereum. Here is how their system works:
At its core, the system feels incredibly tightly integrated into Argent as a company. They are making efforts to decentralise it, but there is no doubt that if the company disappeared, people would be confused. That is part of the challenge of social recovery systems, which Vitalik highlights:
In any sanely designed social recovery wallet, the guardian does NOT need to download and use the same wallet; they can simply use their existing Ethereum wallet, whichever type of wallet it is.
Social recovery is interesting but I also feel it is somewhat anti-social and scary. Friends fall out all the time. People you trust can break you. Broken trust means you have to fix your multi-sig.
It felt weird for me when I was setting up my Argent wallet and it was incredibly frustrating every time I switched iPhone.
Personally, I do not like the experience of social recovery wallets very much.
Smart Contract Wallets Are Expensive, Complicated & Rely on Relayers
Ethereum was not designed with multi-signature wallets in mind
Today, if you use a Gnosis multi-signature wallet, it costs hundreds of dollars to set up. Argent relies on a relaying mechanism to sign your transactions. When Ethereum was built, they did not architect the system with more complicated wallets in mind.
It is possible to do all of these things with smart contract wallets today, but the fact that the Ethereum protocol itself requires everything to be packaged in a transaction originating from an ECDSA-secured externally-owned account (EOA) makes this very difficult. Every user operation needs to be wrapped by a transaction from an EOA, adding 21000 gas of overhead.
EIP 4337 Might Help Wallets Get Better on Layer 1
There have been proposals to fix Ethereum at the protocol layer to add “account abstraction”. This would allow smart contracts, not just wallets, to create transactions and pay fees directly.
To simplify the wallet’s logic, much of the complicated smart contract trickery needed to ensure safety is done not in the wallet itself, but in a global contract called the entry point.
You can read more about these ideas here:
https://eips.ethereum.org/EIPS/eip-4337
This my summary of the benefits:
💠 Open wallet ecosystem that allows all wallets to participate through a peer-to-peer approach that every wallet can comply with.
📜 No wallet contract publishing delay that is common when you create a multisig wallet using other apps.
💰 Fee setting using EIP-1559 which gives people more control over what they pay to Ethereum network for its services.
🔏 New kinds of signature schemes and logic can be added to the transaction verification process. This might unlock new kinds of dapps.
🌌 Prepares us for a quantum future where all kinds of encrypted computing logic will need to be upgraded to protect the data inside.
♻️ Wallets can be upgraded and public keys can be changed. This would allow you to keep your assets in one place but switch out the address you use to identify your wallet. Presumably, it would allow wallet creators to upgrade and improve your wallet with contract changes that you can opt into.
The negatives are the risks around the pool of transactions, the additional gas costs for certain transactions, and the inability to publish multiple transactions simultaneously.
The most exciting thing? There is already a prototype on GitHub:
https://github.com/eth-infinitism/account-abstraction/tree/main/contracts
Layer 2 Wallets Are Totally Different
Vitalik is excited about the community’s move to Layer 2 because we fix lots of mistakes they made in the early days:
Moving the ecosystem onto layer 2 protocols such as optimistic rollups and ZK rollups. Optimistic and ZK rollups can both be designed with account abstraction built in, circumventing any need for relayers. Existing wallet developers are already looking into rollups, but ultimately migrating to rollups en masse is an ecosystem-wide challenge.
An ecosystem-wide mass migration to rollups is as good an opportunity as any to reverse the Ethereum ecosystem's earlier mistakes and give multisig and smart contract wallets a much more central role in helping to secure users' funds.
https://vitalik.ca/general/2021/01/11/recovery.html
Vitalik’s Wallet Takes on UpOnly
At 36:10, Cobie asks Vitalik about how wallets could improve:
I think, realistically, wallets are gonna need to have like different addresses where some of those addresses are social recovery addresses.
So you can still like sign and send things with one key and then some of those addresses will be like full-on multi-sig vaults where you need like these multiple people to sign off to do anything. And obviously the high value stuff goes in the vault and then the low value stuff goes into social recovery.
He then zooms out and talks about the value of wallet design in general:
I mean figuring out how to present lots of things well to the user is a challenge. Like, the user experience of getting better privacy is another significant challenge going forward as well.
Ledger talks about EIP 1775 which is all about this concept of app keys:
This proposal describes a standard and api for a new type of wallet accounts that are derived specifically for a each given application. We propose to call them
app keys. They allow to isolate the accounts used for each application, thus potentially increasing privacy. They also allow to give more control to the applications developers over account management and signing delegation. For these app keys, wallets can have a more permissive level of security (e.g. not requesting user’s confirmation) while keeping main accounts secure. Finally wallets can also implement a different behavior such as allowing to sign transactions without broadcasting them.
https://eips.ethereum.org/EIPS/eip-1775
This whole podcast is jammed with so many insights. I am still digesting it. My key takeaway was this:
No one has designed a great EVM wallet that works with multiple protocols smoothly. We are just getting started in that endeavour.
Why do wallets matter to humanity?
If we zoom out from nitty-gritty and technical details, why does any of this matter at all?
To me, the goal of crypto was never to remove the need for all trust. Rather, the goal of crypto is to give people access to cryptographic and economic building blocks that give people more choice in whom to trust, and furthermore allow people to build more constrained forms of trust: giving someone the power to do some things on your behalf without giving them the power to do everything. Viewed in this way, multisig and social recovery are a perfect expression of this principle.
Ethereum is all about new forms of trust and coordination. Wallets are the gateway to that activity. The world deserves a better Ethereum wallet.
We are working on one.
Join us: https://discord.gg/balance-wallet