Three Transformations are Required for Ethereum Success, but New Problems Arise

Secondly, the security of wallets is also an important issue. EOAs, such as various plug-in wallets, which generate public-private key pairs purely through seed phrases, have been stolen in a countless number of ways, from large-scale leaks of ARB airdrop addresses to KOLs on Twitter crying out that their wallets have been emptied. Personal users’ demands for asset security are increasing, while they are unwilling to sacrifice user experience (enterprise-level users would choose a fully self-managed MPC scheme for asset security, and are willing to sacrifice the convenience of on-chain interactions). This requires Ethereum to transform wallet security, promote industry security standards for smart contract wallets (such as EIP-4337), and provide individual users with stronger security and convenience.

Finally, privacy protection is another key challenge. All transactions on Ethereum L1 are public, because EOAs are bound to assets. Whether they are ordinary individual users, whales, or corporate institutions, they may all suffer from the torment of having their asset addresses marked and traced. Therefore, Ethereum needs to further improve and implement non-malicious privacy computing to ensure that not only on-chain assets, but also on-chain identity, credit systems, and other DID information can be protected in the future. At the same time, it is necessary to ensure that when malicious events occur, there are response mechanisms to ensure that wrongdoers cannot escape tracking and cash out smoothly.

3 most important questions (Cregis Research summary and opinion added)

  • How do users manage multiple wallet addresses?

In comparison to Web 2.0, one advantage that Web 3.0 still maintains is that users can create different application accounts with one social feature (e-mail, phone number, etc.). Although, in the Web 3.0 world, public chain addresses with the same consensus mechanism can be universal (e.g., BSC, ERC-20, TRC-20), with the advent of L2 scaling solutions, users will have multiple completely different L2 addresses. Different Layer 1 and Layer 2 networks may use different programming languages and middleware, leading to address retention issues. Moreover, in a multi-chain bridging environment represented by Polkadot or a multi-chain universal L2 environment mentioned in Cregis’ future vision, users may also need to manage addresses of several heterogeneous chains, increasing the complexity of address management.

Finally, the proposal for privacy protection with stealth addresses, if widely used, will give users more addresses to enhance their privacy protection. Therefore, keeping track of just one address becomes more difficult.

  • How can users achieve stealth payments? (especially in a multi-address environment)

Assuming that L2s in the Ethereum ecosystem will develop as expected in the future, even if most native assets are ERC-20 tokens, users may have multiple L2 addresses, making it more complex to choose the right address to send assets or payments. Traditionally, users only need to know the recipient’s address to send payments, but now they need to know the L2 network accepted by the recipient and the corresponding address, and they need additional steps to ensure that the funds are sent to the correct target.

Stealth payments with multiple accounts in L2 environments

Although contract accounts (CAs) built using smart contracts can easily solve addressing issues, they cannot directly provide privacy protection features.

Vitalik Buterin’s privacy protection solution proposed in the early days of Ethereum: stealth addresses. Stealth addresses can help you maintain privacy when conducting digital currency transactions without being tracked by others. Cregis will now share some steps to solve privacy issues:

A stealth address is an address that can be generated by the payer or the payee, but can only be controlled by the payee. This address can improve the privacy of Ethereum in various scenarios. In this mode, Bob (the payee) generates a spending key and uses this key to generate a stealth master address: B, h = hash(x). He passes this master address to Alice (the payer). Alice can perform a calculation on this master address to generate a stealth address that belongs to Alice to Bob: b-1. Then, she can send any assets she wants to this address, and Bob will have complete control over them.

The process of generating a stealth address requires elliptic curve function operation: Bob generates a key m and calculates M = G*m, where G is a publicly available generator point of the elliptic curve. Alice generates a temporary key r and publishes a temporary public key R = G*r. Alice can calculate a shared secret S = M*r, and Bob can also calculate the same shared secret S = m*R.

Bob’s invisible address: b-1. After it is generated, when it needs to be traded with Alice, Alice generates a value: c, and publishes an encrypted data that only Bob can decrypt with c. During the execution of the transaction, a zero-knowledge proof is used to verify that the number x provided by Bob and the number c provided by Alice can make k=hash(hash(x), c), and the transaction is completed after the verification is correct. Since Bob’s original address is not exposed during this process, only the encrypted value x is provided, and the zero-knowledge proof only verifies the content of k, and does not show the association between B and b-1.

  • How can wallet products protect both user assets and privacy?

In a traditional chain environment, wallets mainly focus on protecting private keys. However, in the world of ZKP (Zero-Knowledge Proof), wallets need to protect both identity authentication credentials and user data. An example is the identity system ZKBlockingss based on ZK-SNARK and MPC, which allows users to generate basic proofs of identity authentication, and at the same time, enables the authentication process to be verified without disclosing any real information through MPC.

However, because the encrypted data tag (key shard) itself replaces the EOA’s private key, the issue of storing the encrypted data tag becomes more complicated, as users need to balance between saving data locally or relying on third parties to hold encrypted copies. At the same time, wallets that support social recovery need to manage asset recovery and encrypted key recovery to ensure a balance between security and availability. Therefore, in the visible future, the security policies of enterprise-level wallets and personal wallets will take completely different directions. Taking enterprise-level wallets as an example, because the most stringent security environment is required to protect funds, users of enterprise-level wallets are likely to abandon: 1. contract wallets that may have human vulnerabilities; 2. hybrid custodial MPC wallets with third-party risks, and choose MPC wallets with the same level of security deployment as hardware wallets. Personal users, on the other hand, may choose products with some centralized operation in scenarios outside of asset custody because they always want to get the best user experience.

In addition, blockchain addresses cannot meet the identity verification needs in the ecosystem, so solutions such as ENS (Ethereum Name Service) and SBT (Soul Binding Token) are gradually being accepted by the public, but there are still problems to be solved: the former is difficult to solve the problem of homonyms brought by the traditional world, while the latter, although there is no homonym problem, still lacks sufficient ecological applications to fully utilize the DID function it carries, and even the current application scenarios can be said to be very thin.

4. Summary

I believe that everyone has understood that in the topic of “Ethereum transformation” that has caused a stir in the global currency circle for nearly three months, the wallet is only one important component. Vitalik’s ambition is not only to realize the ambition of “Ethereum to complement Bitcoin’s shortcomings”, but also hopes to truly create a world that everyone can enter, is highly integrated with the real world, and at the same time retains the concept of decentralization.

Like what you're reading? Subscribe to our top stories.

We will continue to update Gambling Chain; if you have any questions or suggestions, please contact us!

Follow us on Twitter, Facebook, YouTube, and TikTok.


Was this article helpful?

93 out of 132 found this helpful

Gambling Chain Logo
Digital Asset Investment
Real world, Metaverse and Network.
Build Daos that bring Decentralized finance to more and more persons Who love Web3.
Website and other Media Daos

Products used

GC Wallet

Send targeted currencies to the right people at the right time.