What is Account Labs

Introduction

The challenges of security, usability, and decentralization frequently collide in the rapidly evolving world of Web3, resulting in what is known as the Web3 Trifecta Dilemma. With its innovative solutions, Account Labs is a beacon, guiding developers and users through this complex maze. This article delves into the company’s offerings, specifically UniPass and Keystone, to shed light on their functionalities and significance in the Web3 domain.

What is the Web3 Trifecta Dilemma?

With the rise of Web3, a decentralized version of the web, the digital realm is undergoing a seismic shift. However, the journey is fraught with difficulties, most notably the Web3 Trifecta Dilemma. This dilemma represents the tug-of-war between three pivotal elements: security, usability, and decentralization. While high security can be achieved in decentralized systems, it frequently comes at the expense of usability. Similarly, improving user experience may jeopardize security or decentralization. Recognizing this delicate balance, Account Labs has embarked on a mission to harmonize these elements, ensuring a smoother transition to Web3 for all.

Account Labs relies on two products to carry out their mission: UniPass & Keystone

UniPass: The Future of Web3 Interaction

In the ever-evolving landscape of decentralized finance and Web3, the need for secure, user-friendly, and efficient tools has never been more pressing. Let’s delve into UniPass, a revolutionary platform that promises to redefine our interaction with the decentralized world.

The Evolution of Key Management

The key management system is at the heart of any digital wallet. Traditional systems have frequently been inefficient, requiring users to diligently manage and safeguard their private keys. Recognising the difficulties of such an approach, UniPass pioneered a novel key management system. UniPass uses a 2-2 Threshold Signature Scheme to ensure that one key is encrypted and stored locally on the user’s device, while the other resides on UniPass servers and is only used for two-factor authentication. This dual-key approach not only improves security but also streamlines the user experience, making it easier for even non-technologists to navigate the world of crypto.

Redefining Transactions with Gasless Support

The concept of gas - the fee required to process transactions - is a common stumbling block for many newcomers to the crypto space. UniPass has cleverly addressed this issue by introducing gasless transactions. Users are no longer required to hold native tokens or be concerned about fluctuating gas fees. This seemingly simple feature has far-reaching implications, lowering the entry barrier for many potential crypto enthusiasts.

Trust in Email: On-chain Verification

In an age when email phishing scams abound, UniPass has flipped the script by utilising email for on-chain verification. UniPass has introduced a layer of security that is both innovative and familiar by allowing users to set multiple internet emails as guardians. This method not only makes account recovery easier, but it also bridges the gap between traditional internet users and the burgeoning world of Web3.

Embracing Standards: The Significance of ERC-4337

Ethereum Improvement Proposals (EIPs) are a vital part of the Ethereum ecosystem, suggesting improvements and establishing standards. ERC-4337 is one such proposal, and UniPass’ compatibility with it demonstrates the platform’s commitment to staying current with emerging technologies. But what exactly is ERC-4337? In essence, it is a protocol that allows for more seamless user experiences by processing gas payments in the background, further simplifying user interactions.

UniPass Wallet: More Than Just a Wallet

While the term “wallet” may conjure up images of a simple storage device, the UniPass Wallet is much more. It is a bridge that connects users to multiple chains using a single account address. It acts as a guardian, using a Threshold Signature Scheme to ensure that users’ assets are protected without the risks associated with private key management. It is an innovator, using on-chain email verification to bring a sense of familiarity to the world of the unknown. Above all, it serves as a facilitator, ensuring that all users, whether crypto veterans or newcomers, have a smooth, efficient, and secure experience. Let’s dive deep into UniPass.

UniPass: A Technical Exploration

Key Management in UniPass

Source: https://docs.wallet.unipass.id/contract/key-management

UniPass has revolutionized the concept of key management in the crypto world. Traditional wallets have always been about safeguarding private keys, but UniPass offers a fresh perspective:

• Smart Contract Wallets and Keys: When creating a smart wallet based on UniPass Contract, UniPass creates a proxy contract wallet tailored for the user. The address of this proxy contract becomes the user’s smart wallet address, containing the key information that manages the account.
• Key Roles and Weights: UniPass Contract introduces a versatile system in which multiple keys, each with a unique role and weight, manage an account. Users can execute the permissions associated with a role via the UniPass Contract by collecting signatures from keys that meet or exceed the required weights for that role.
• Keys and Algorithms: UniPass Contract supports a wide range of key types. It supports the commonly used EOA (Externally Owned Account) address as well as contract addresses that are EIP-1271 compliant. UniPass also introduces the use of an email address as a key by using DKIM signature verification to validate the user’s ownership of an internet email.

Gasless Transactions

Gas has always been a point of contention in the Ethereum ecosystem. UniPass’s gasless transaction feature ensures users don’t need to hold native tokens like ETH to pay for transaction fees.

On-chain Email Verification

Source: https://docs.wallet.unipass.id/contract/email-on-chain-verification

UniPass’s on-chain email verification is a game-changer. By allowing users to set multiple internet emails as guardians, it introduces a layer of security that’s both innovative and familiar. This approach not only facilitates account recovery but also bridges the gap between traditional internet users and the burgeoning world of Web3.

Embracing the ERC-4337 Standard

Ethereum Improvement Proposals (EIPs) are essential to the Ethereum ecosystem because they suggest improvements and establish standards. ERC-4337, also known as Account Abstraction, is a significant proposal that aims to enhance the Ethereum user experience by abstracting certain complexities. While it does allow for more seamless user experiences by processing gas payments in the background, its primary focus is to provide a more flexible account model. This model enables smart contracts to pay transaction fees, thereby eliminating the need for users to hold ETH for gas. Furthermore, it introduces a new transaction type that allows users to specify the maximum fee they are willing to pay, giving them more control over transaction costs. UniPass’ compatibility with ERC-4337 demonstrates its commitment to staying abreast of the latest Ethereum developments and ensuring a user-friendly experience.

Source: Transactions after enabling the 4337 Module, Official Website

UniPass Wallet: Bridging Web2 and Web3

UniPass Wallet has been meticulously designed to cater to Web2 users. Recognizing the challenges and barriers that traditional internet users might face when transitioning to Web3, UniPass Wallet offers a user-friendly, seedless, non-custodial smart contract account solution. This approach ensures that users can skip setting a guardian when creating an account for the first time, simplifying the onboarding process.

Master Key in UniPass Wallet: A Technical Deep Dive

Source: Unipass website

The Structure of the Master Key

The Master Key in UniPass Wallet is a testament to the platform’s commitment to security and user-centricity. It employs a 2-2 Threshold Signature Scheme, ensuring that the key is both secure and functional.

Components of the Master Key: The Master Key comprises two secret shares:

1. User Key: This key is encrypted and stored locally on the user’s device. It’s designed so that it cannot be exported, ensuring that the user’s key remains secure and inaccessible to potential threats.
2. Server Key: Stored on UniPass’ server, this key is used for two-factor authentication (2FA). It supports a variety of authentication methods, including email, text message, Google Authenticator, OAuth, WebAuthn, and more.

Understanding the Threshold Signature Scheme (TSS)

TSS is a cryptographic technique that falls under the umbrella of Secure Multi-Party Computation (MPC or SMPC). It’s designed to facilitate distributed key generation and signature.

• Threshold Policy: TSS supports the creation of a customizable threshold policy. It enables multiple parties to collaboratively manage private keys. Three participants, for example, can use distributed key generation (DKG) to generate secret shares of a private key. They then collectively compute the public key. Importantly, the secret shares owned by each party are never revealed to the other participants, ensuring the security of the private key.
• TSS security: Even if a single point is compromised, the asset remains secure. The resharing approach further bolsters key management security by allowing periodic share rotation and re-updating each party’s share without compromising the private key’s integrity.

TSS vs. Traditional Multisig

While multisig (multiple signatures) has been a popular method for ensuring transaction security, TSS offers distinct advantages:

• Efficiency: TSS requires only one signature, as opposed to the multiple signatures needed in multisig. This not only streamlines the process but also ensures faster transaction times.
• Security: With multisig, multiple signatures are present on the chain. This can consume more resources and expose the participants (public keys) as potential attack vectors.

TSS vs. Shamir’s Secret Sharing (SSS)

Shamir’s Secret Sharing is another method used for key management. However, TSS offers advantages over SSS:

• No Private Key Reconstruction: To sign with SSS, all parties must reconstruct the entire private key. This is a security risk because it creates a single point of failure during key generation and whenever a signature is required. TSS, on the other hand, employs distributed computation for key slice generation as well as signing, obviating the need for private key reconstruction.

Email Recovery in UniPass Wallet

The traditional challenge with non-custodial smart contract wallets is the risk of losing access to the key. Once lost, users can’t control the account anymore. UniPass Wallet offers a unique solution to this problem:

• UniPass’s unique on-chain email verification technology allows users to designate multiple internet emails as account guardians. Users can recover their accounts by simply submitting emails to the smart contract on chain. This approach significantly lowers the requirement on guardians, enabling even non-crypto users to assist in account recovery.
• If a user has more than two guardian emails, they can immediately recover the account by submitting account recovery emails with both of them. However, if there is only one guardian email, users must typically wait for a 48-hour lock period before recovering.
• UniPass Wallet uses zero-knowledge technology to desensitise users’ private information on-chain, ensuring decentralised verification while effectively protecting user privacy.

Multi-chain Support in UniPass Wallet

In the fragmented blockchain landscape, multi-chain support is indispensable. UniPass Wallet ensures users have the same address across all EVM-compatible chains:

• Unified Account Address: UniPass Wallet supports all EVM-compatible chains and provides users with the same address across all these chains using EIP-2470. This includes Ethereum, BNB Chain, Polygon, Rangers Protocol, Arbitrum, Avalanche, and more.
• Future Chain Support: UniPass Wallet is also looking forward to supporting chains like Optimism, opBNB, Godwoken, and Fantom in the future.

Comparison: UniPass Wallet vs. Other Wallets

UniPass Wallet stands out in the crowded wallet market due to its unique features:

Source: Official Documentation

• Account Types: Most wallets use Externally Owned Accounts (EOA). In contrast, UniPass Wallet uses Contract Accounts (CA), controlled by smart contract code. This allows for a more sophisticated logic of control, enhancing user experience with features like key replacement, social recovery, gas fee payment in any token, and expenditure limits.
• Threshold Signature Scheme (TSS): Unlike other smart contract wallets that rely on EOA wallets for private key management, UniPass Wallet uses Multi-Party Computation (MPC) based TSS. This avoids the single point of failure - the private key - ensuring a seedless and secure user experience.
• On-chain Email-based Verification: UniPass Wallet’s unique on-chain email verification technique, leveraging the DKIM standard, allows users to manage their non-custodial contract accounts and carry out social recovery using only emails.
• Account Guardians: Traditional smart contract wallets require guardians to be crypto users. UniPass Wallet, however, allows regular internet users to become account guardians, making the recovery process more accessible.
• Gas Fee Payment: UniPass Wallet supports gas fee payment in any supported token, offering flexibility to users.
• Receiving Assets with Zero Upfront Cost: Users can start receiving assets using their UniPass Wallet address before the actual account creation, ensuring they only pay when they need to use the account.
• Customizable Security Model: UniPass Wallet offers a flexible security model, allowing developers to set up the right amount of security needed for accounts with varying asset levels.

Keystone: The Future of Secure Crypto Hardware Wallets

Source: Official Website

Keystone is a name that resonates with security, innovation, and user-friendliness in the world of crypto hardware wallets. With the rapid expansion of the crypto universe, the need for secure and reliable hardware wallets has never been more pressing. Keystone has risen to this challenge, offering a suite of features that make it stand out in a crowded market. Let’s delve deeper into what makes Keystone a top choice for crypto enthusiasts.

Cutting-Edge Security

Keystone places paramount importance on security. Their wallets are designed with a Triple Layer Security Mechanism, ensuring that users’ digital assets are safeguarded at all times. One of the standout features is the Triple Secure Element Chips, which provide an added layer of protection against potential threats. Additionally, Keystone uses verifiable QR codes for transaction signing, ensuring that malicious code cannot intrude into the device.

Enhanced Usability

Keystone understands that a good product should be about more than just security; it should also be about the user experience. Their hardware wallets have a 4-inch touchscreen that simulates a mobile experience. This large screen allows users to triple-check transactions before approval. Furthermore, fingerprint authentication ensures that only the device’s rightful owner can approve transactions. Keystone’s design principles reflect its emphasis on reducing human error, a major source of lost funds in the crypto world.

Tailor-Made for Web3

In the evolving landscape of Web3, Keystone is ahead of the curve. Their wallets support over 25 mainstream software wallets, with plans to expand this list. Notably, Keystone is the official MetaMask hardware wallet partner, making it the only hardware wallet compatible with both the MetaMask extension and mobile app. Their alliance with OKX Wallet further cements their position as a leader in multi-chain environments.

Efficient Asset Management

Keystone’s innovative approach to asset management is evident in its support for multiple secret recovery phrases. Each Keystone 3 device can hold up to three seed phrases, allowing users to manage multiple crypto accounts from a single device. Switching between wallets is seamless, requiring only the respective password inputs.

Keystone’s Unique Offerings

QR Code Signing: Keystone’s use of QR codes for data transmission eliminates the need for wired connections, reducing potential security risks. Users can decode the data in QR codes, ensuring no private information leakage.

• Firmware Update via USB: For those who prefer a wired connection, Keystone 3 offers firmware updates via USB.
• Web Authentication: This feature protects devices against malicious distributors and couriers.
• PCI Anti-tamper Feature: Any physical tampering attempts with the device lead to the automatic erasure of the recovery phrase.

Keystone’s Product Range

Keystone offers a range of products tailored to different user needs:

• Keystone 3 Pro: Designed for traders, hodlers, and beginners alike. It supports multiple seed phrases, offers USB and QR code signing, and comes with a PCI anti-tamper feature.
• Keystone Pro: Aimed at high-frequency users, this device is fully air-gapped, supports QR code signing only, and has a removable battery.
• Keystone Tablet: Made of 304-grade stainless steel, this tablet is fireproof, waterproof, and corrosion-resistant, ensuring long-term protection of your recovery phrase.

Community Feedback

Source: https://keyst.one/why-keystone

Keystone’s success is based not only on its features but also on the trust and confidence it has instilled in the crypto community. The Keystone Pro’s ease of use, touchscreen, built-in camera, and fingerprint sensor are all praised by users. Many people prefer the wallet because of its air-gapped nature, anti-tamper mechanism, and support for Shamir backup. The community feedback reflects the product’s dependability, security, and ease of use.

Keystone’s Vision and Journey

Source: https://keyst.one/why-keystone

Keystone’s journey has been one of constant innovation and dedication to open-source principles. Their commitment to transparency can be seen in their efforts to make their product as open-source as possible. They have embraced the challenges of the Web3 world, focusing on self-custody and providing users with the best tools available.

Conclusion

The digital frontier is vast, and the terrain becomes increasingly complex as we delve deeper into the world of Web3. The Web3 Trifecta Dilemma presents real challenges, but as we have seen, they are not insurmountable. Account Labs leads the charge, developing solutions that balance security, usability, and decentralization.

UniPass is redefining how we interact with the decentralized web with its groundbreaking approach to key management, gasless transactions, and on-chain email verification. It is more than a tool; it is a link that connects the familiar world of Web2 with the unknown world of Web3. Its technical prowess, combined with its user-centric design, distinguishes it as a beacon for those navigating the crypto seas.

Keystone, on the other hand, is a testament to the importance of security in the crypto world. In a world where digital assets are becoming increasingly valuable, the need for robust, dependable, and user-friendly hardware wallets is critical. With its cutting-edge security features, intuitive design, and dedication to the Web3 vision, Keystone is more than just a wallet; it is a fortress, protecting users’ treasures from the digital age’s myriad threats.

Finally, as the Web3 revolution gains momentum, tools like UniPass and Keystone will be critical in shaping its course. They are more than just products; they are visionaries, illuminating the path for countless digital adventurers.