🏦Wallet
One of the many hurdles that ordinary users face when using blockchain-based services is the use of wallet services. There are two main reasons as to why wallet services often face usability challenges.
First, many blockchain technologies only support single-factor authentication via sign-in with a private key. Authentication can be broadly classified into "authentication by knowledge," "authentication by possession," and "authentication by biometrics”.
Authentication by knowledge is a method of authenticating a person by verifying that the person knows knowledge that only he or she can know. For example, authentication by a password that only the person themselves knows corresponds to this type of authentication. On the other hand, authentication by possession is a method of authenticating a person by verifying that the person has something that only that very individual can possess. Examples include ID cards, passports, and SMS authentication via smartphones.
Authentication by knowledge has the disadvantage that confidential information can be easily copied by a third party, making it vulnerable to theft and difficult to detect unauthorized use. On the other hand, authentication by possession has the advantage that it is generally difficult to be copied illegally and easy to detect in case of theft. However, both authentication by knowledge and authentication by possession have the disadvantage of being vulnerable to the risk of loss.
Biometric authentication is a method of authenticating a person using biometric information belonging to that person, such as fingerprints, iris, or facial photographs. Biometric information is generally difficult to illegally copy and has a low risk of physical theft, making it the most usable and secure of the three authentication methods.
Of these, authentication by private key is considered to be classified as authentication by "easily replicable” knowledge known only to the individual. In general, the management cost of authentication information decreases and usability improves in the order of authentication by knowledge, authentication by possession, and authentication by biometrics. In recent years, multi-factor authentication, which combines multiple authentication methods to enhance security, has become mainstream. Under such circumstances, single-factor authentication using a private key is the most vulnerable authentication in terms of security and in addition, impose very high management burdens on users which lowers its usability.
The second reason for the poor usability of wallet services is that many users are not accustomed to managing their private keys. Many web services use public key cryptography with private keys for secure communication, but only service providers are required to manage private keys, and ordinary users are not required to manage their own private keys. On the other hand, in blockchain-based services, all users are required to manage their own private keys based on the idea that all users are responsible as service providers themselves. However, since private keys are formed by generally meaningless sets of digits and letters, it is difficult for users to determine or memorize them. This makes it one of the most difficult authentication schemes among the knowledge-based authentication schemes.
Wallet Basic Philosophy
When it comes to wallet usability and security, the two are often talked about as trade-offs. For example, hot wallets and web wallets that emphasize usability are vulnerable to security risks such as theft and unauthorized use, while hardware wallets that emphasize security have poor usability due to physical limitations.
However, this is a trade-off that occurs when trying to achieve both usability and security within the constraints of single-factor authentication based on the knowledge of a secret key. In the world of Web2, single-factor authentication based on knowledge alone is already becoming obsolete, and a shift to multi-factor authentication based on possession, biometrics, or a combination of both is recommended.
Therefore, for blockchain wallet services, it is necessary to achieve both usability and security by introducing authentication methods that combine possession and biometric authentication, rather than single-factor authentication with private keys.
SMP as a platform provides a wallet experience that combines usability and security by combining the authentication functions that users are accustomed to in the Web2 world, such as social login and password-less authentication, with wallet services.
In addition, we will actively incorporate cryptographic technologies such as secret sharing and MPC, which are being developed for the secure management of private keys as blockchain peripheral technologies, with the aim of providing a more secure wallet service.
Last updated