Two massive innovations, MPC (Multi-Party Computation) and AA (Account Abstraction), have been on everyone’s minds lately. As a leading MPC wallet, not a day passes without people asking how these two technologies can impact crypto wallets. In this semi-technical post, we will clarify.
At Zengo wallet, we are constantly monitoring emerging trends and have been closely following AA for a while. Having recognized its potential, we got actively involved in some discussions with the standard’s developers (mainly around the simulation functionality).
To celebrate AA’s launch, we join AA standard leaders in debunking the false narrative of “MPC vs AA” as conflicting concepts and show how these two different technologies are actually complementary for the Ethereum ecosystem, and ultimately – for users.
Ethereum Foundation and AA standards leader Yoav Weiss on MPC + AA
Understanding MPC and AA
AA in a nutshell
AA introduces more flexibility to wallet accounts by making them programmable on-chain, using smart contracts. With AA, users will be able to dictate how they want their accounts to function, governed by a smart contract.
The new AA standard, ERC-4337, enables this flexibility by liberating the Ethereum account from the grasp of the rigid transaction structure and using ERC-4337’s newly introduced UserOperations structure. UserOperations are later transformed into transactions by ERC-4337’s newly introduced entities (Bundlers and Paymasters) and then consumed and executed by a target smart contract.
ERC 4337 Illustrated (Source: https://medium.com/nethermind-eth/ethereum-wallets-today-and-tomorrow-eip-3074-vs-erc-4337-a7732b81efc8)
By liberating the account from the limitations of traditional Ethereum transactions, the following main features are enabled:
- While userOperartions are still signed with a private key, account control is no longer tightly-coupled to a single ECDSA private key of a user
- The smart contract controls the user signature verification and thus provides a way to change the control of the account in case of loss
- Signing algorithm does not have to be the current Ethereum ECDSA (but still can be): The smart contract can choose other algorithms that might be more simple, efficient or secure.
- Sender does not necessarily need to be the fee (gas) payer.
MPC in a nutshell
MPC (Multi-Party Computation) wallets like Zengo replace the traditional private key with multiple independently-created mathematical “secret shares.” In Zengo, one share (the Personal Share) is stored on the user’s mobile device and the second share (the Remote Share) is created and stored on the Zengo server.
By removing the vulnerability of a centralized private key, which represents a single point of failure in the system, MPC wallets can better protect their customers against single-factor private key and seed phrase theft and loss.
While Zengo was the first crypto wallet to support MPC (or using the more scientifically correct term, TSS) for consumers, companies like Fireblocks have been managing billions of dollars of assets for some of the world’s leading crypto institutions for years. The recent trend of embedded wallets is about to bring MPC wallets to many more.
On top of providing elevated key protection, having one secret share stored with Zengo’s server allows Zengo to offer advanced features in account management controlled by server logic implemented by Zengo’s code, as the server can enforce different spending policies, such as daily limits, elevated authentication mechanisms, and shared accounts (for a detailed discussion, see below).
AA and MPC in non-Ethereum environments
Since AA operates in Ethereum’s application layer, it is limited by definition to the Ethereum blockchain and the EVM ecosystem. Most specifically, AA is not applicable to the most dominant blockchain, Bitcoin.
In contrast, MPC is blockchain-agnostic: It operates in the mathematical layer and therefore can be seamlessly applied to multiple different blockchains and serve as the underlying technology for a true multi-chain wallet.
AA and MPC in Ethereum environments
From a theoretical perspective, AA is mostly concerned with account management while MPC is mostly concerned with key management. While AA and MPC technologies are different tools for different purposes, some overlap does exist which helps fuel the false narrative of “MPC vs AA”.
Non-intersecting domains: Key management and fees
Even under AA, key management is still an important topic: Since users sign userOperations with their private key, it should be well-protected. While AA’s smart contracts may introduce some solutions to limit users exposure to key theft, it is still advised to keep the private key in a safe manner as in before, by using a secure key management system, like MPC, or a dedicated hardware system (though a single-factor hardware device still retains the single point of failure vulnerability).
On the other hand, ERC-4337 creates a mechanism that allows other parties (Paymasters) to pay for the user’s fees. This mechanism is not directly available with MPC.
Some advanced account management policies can be implemented and enforced either at the smart contract layer on-chain, or as a regular code within the non-user MPC party (e.g. Zengo’s server)
Some examples of such advanced features are vault accounts with daily limits set by the user, or multi-user shared accounts. The decision of whether to enforce this logic with AA’s smart contracts or with a somewhat trusted MPC entity is not a no-brainer, and each solution has its own pros and cons.
Implementation at the smart-contract level is decentralized and public: For better and for worse. While smart contracts can provide a decentralized and publicly auditable solution, data sent to it is not private and as the logic grows more complex, it stretches the capabilities of smart contracts and costs more gas. On the other hand, enforcing a policy with an MPC party is private and thus the code is not publicly auditable; however, it preserves the user’s information privacy and can accommodate a more complex logic without impacting the cost.
To further illustrate this point, let’s take for example a vault that is limited by geo-fencing: A user wants to allow max spending of $10K a day when she is in the US, but only $1K when she is in the rest of the world.
While this logic is easy to implement and enforce with regular code that can be deployed to an MPC server, it is much harder to code this logic in a smart contract, and it would leak users location information to the blockchain (unless sophisticated and expensive cryptography is involved). Additionally, if users want this policy to be cross-chain, i.e., the limits apply to all assets, including Bitcoin, so MPC is a must.
Summing it all up: True frens with benefits
For the Ethereum ecosystem, MPC and AA are complementary technologies. We believe that once the AA ecosystem is mature enough, it can provide together with the already battle-tested at scale MPC technology the best experience for users that are only interested in the Ethereum ecosystem:
AA UserOperations will be signed with a private key protected by MPC, the gas can be paid with AA GasPayers and some advanced spending policy can be enforced with either MPC or smart contracts, depending on the complexity and privacy requirements of the specific policy.
At ZenGo, we take pride in being “user maximalists” and not “technology maximalists”. In other words, we are committed to providing our users with the best possible crypto experience, by implementing the best tech to achieve the ideal result for the user. This is true for everything we do, including our core MPC technology.
As we, ZenGo, are a multi-chain wallet, AA cannot be our main solution (or for any other company building universal wallets) as it is limited to the Ethereum ecosystem. Having said that, we are carefully monitoring AA development (and even contributing to it) and will consider supporting it in future, for the benefit of users that are solely interested in the Ethereum ecosystem.