Youbi Capital | Since 2017

低门槛钱包如何在下个阶段获得增量市场：从上个阶段成功产品中寻找灵感

youbi-capital@newsletter.paragraph.com (Youbi Capital | Since 2017) — Mon, 15 May 2023 12:05:38 GMT

本文由 Youbi Capital 的 Ivy Zeng 撰写

1.同质化竞争的背景下，钱包需要差异化

钱包连接用户、连接开发者、连接DApp、连接多链，是Web3世界的“集线器”，钱包作为和链的UI，是最贴近用户的一层，其关键作用毋庸置疑。

然而当前钱包产品同质化严重，多币种、多资产、多公链、多签、多DApp接入、闪兑等“大而全”功能成为了基本配置，市场对于实现无助记词的手段(MPC，Account Abstraction)的认知也趋同。对于大多数钱包项目方来说，若想开拓新局面，则需要找到新方向，差异化定位。

若根据风险控制划分，钱包正基于不同的资金体量分层演化。资金体量大的账户可能会走向多重签名和硬件钱包控制和恢复的极端。低风险的日常支出可以只使用移动端生物识别技术进行使用和恢复。

若根据场景划分，可分为硬件钱包、资管钱包、移动端钱包、浏览器钱包，还有以SDK形式嵌入dapp的钱包。

若根据用户画像划分，则可以分为开发者友好钱包，如metamask；组织或机构用的资管钱包，如Safe，安全鹭Safeheron；以交易为核心的DeFi钱包，如TokenPocket, Zerion和C98，以及本文讨论的对象——web2小白友好的低门槛钱包。

低门槛钱包是打破转化瓶颈的关键（定义：用web2的方式Auth、鉴权、用默认托管方式引入用户的钱包）。为了实现web3大规模采用，必须以用户易于理解的方式引入他们，从而提高web2-web3的转化率。

图：钱包差异化定位

2.上个阶段哪些产品捕获了市场？哪些特性使得它们胜出？

2.1 用户数据表现好的低门槛钱包有哪些？

低门槛钱包又可根据其场景再做划分：钱包本身以独立app的形式出现，或者以SDK的形式集成进入其他dapp，例如：

移动端钱包: TokenPocket, Zerion, Bitizen
登录和钱包中间件解决方案: Particle network, web3auth

2.1.1 移动端钱包TokenPocket

TokenPocket钱包是一款多链自托管钱包，主打移动端，支持所有EVM兼容链，前端交互直观，使用便捷。随着加密行业不同阶段的发展，TokenPocket钱包定位也从简单功能钱包工具、流量入口，发展到公链生态服务平台。

特点：

移动端app兑换、交易、资产跨链简单
移动端app前端交互体验经过打磨，操作多链/快捷加链，访问Dapp便捷，易切换节点，添加Token
- 集成DApp浏览器，可以访问任何DApp链接（以PWA形式进入Dapp，用户体验远超Zerion）
移动端app能承载聚合大量行情内容，提高了用户粘性
支持EOA和合约钱包多签

TokenPocket发展路径

2017年，TokenPocket产品定位为移动端钱包，目标是完善基础功能
2018-2021年适逢DeFi爆发，TokenPocket钱包的战略定位顺势调整为DeFi流量入口，DeFi市场行情、DApp浏览器、ETH兼容链自定义网络等，1）服务好头部公链（如ETH、BSC，Heco、Solana PolygonPolkadot.Tron、EOS、IOST等）和DeFi项目（如Uniswap、Sushiswap.YFI等）；2)作为首个对Uniswap等DeFi进行本地优化的钱包，上线DeFi频道，支持K线涨跌等功能
2021年至今，dApp爆发的时代，TokenPocket钱包定位：Web3生态入口、多生态服务平台；产品策略：三位一体的钱包产品（移动端、插件，硬件钱包）+链上产品( Degrees Transit Swap ，TransitNFT )

2.1.2 移动端钱包Zerion

Zerion是一款以watchlist（监控地址交易）功能见长的移动端开源钱包。

Zerion发展路径

Zerion曾经的定位是链上数据解析服务——Track your entire crypto portfolio across every wallet you own. 但在数据解析方面落后于同行之后，Zerion转变了定位，把目光瞄准了移动端钱包赛道。Zerion采购了DeBank的数据API，把原先在链上数据解析上花费的精力放到优化产品上。

在产品上做到了用户友好，诸如UI、互操作、效率、成本、安全及隐私；功能上，watchlist功能延续了钱包地址追踪的优势，解决深度转化与粘性。对C端用户来说，做到了低门槛：先无门槛创建钱包，之后再backup seed phrase，并且以易读的对话框形式给出风险提示，完成用户教育，指纹和密码登录给到用户足够的安全感知。

2.1.3 移动端钱包Bitizen

Bitizen是一款以登录安全和私钥安全见长的移动端MPC钱包。

Bitizen的发展路径

Bitizen的进化速度和GTM的速度都很快，从一开始的纯MPC+生物识别移动端钱包，现已经演变出了web3生态入口的形态。产品十分直接明了，dApp浏览器功能稍简单，但仍十分友好，FaceID+指纹登录给到用户足够安全感。

2.1.4 SDK钱包 Particle Network

Particle Network满足了以下市场需求：

**首先，降低理解和操作成本。**Particle network将自己定位为登陆及钱包中间件平台。用户桌面上左手握着许多条链上的钱包，右手有着各种操作需求（NFTs, tokens, user balances, transactions）每个操作像是都在满是电线的桌面上找到正确的线和对应的插头，像操作精密仪器一样复杂。现在，particle发挥了类似于集线器的作用——用一个账户管理多链资产和多种交易操作，用户无需理解背后的链，只需连上particle SDK即可操作。

**其次，减少项目方 Go to market 的时间，让开发者专注于业务增长。**Particle SDK提供的产品功能齐全，让dapp项目方GTM的时间平均减少了82%。例如，法币出入金API为dapp项目方免去了合规、牌照、KYC等等繁琐事项。

**以及降低用户学习成本。**用户只需使用邮件OTP即可登陆，无需保管助记词。

2.2 它们满足了用户哪些需求？优化的特征是什么？

移动端钱包直面C端，C端用户需求无外乎三点：安全、好用、获得收益。

安全对所有用户来说永远排在第一位 (交易安全+账户安全)。
好用就是产品体验，又包含交易这个核心路径的好用和前端交互体验的好用。
获得收益可理解为：“节省gas”和“投资获得收益”。

SDK钱包做的是2B2C的业务，优化了以下几个方面：首先，降低理解和操作成本。用户无需理解背后的链，只需连上SDK即可操作。其次，减少项目方打开市场的时间，让开发者专注于业务增长。Particle SDK提供的产品功能齐全，让dapp项目方GTM的时间平均减少了82%。例如，法币出入金API为dapp项目方免去了合规、牌照、KYC等等繁琐事项。以及降低用户学习成本。用户只需使用邮件OTP即可登陆，无需保管助记词。

钱包虽然是直面C端的，但是下个阶段大多数小白用户接触到钱包必然是通过B端——B端默认使用什么钱包，用户就注册什么钱包，所以服好B端至关重要。

Particle Network和Web3Auth做的业务模块虽不同，但本质上都是SaaS。对于SaaS，客户最看重的前三个需求分别是：产品功能，易用性，安全保障能力以及相关服务能力。

产品功能
- 钱包的基础功能：如查询收发资产，法币出入金，钱包内swap，dapp浏览器，生态入口，行情数据等
- 项目管理功能：可视化的面板管理项目，数据追踪分析等
易用性：B端开发者易于集成
安全保障能力：
- 资产安全：若是托管钱包，对于app来说，托管资产是一份很重的责任；若是非托管钱包，钱包需要给用户足够的安全提示和教育；
- 交易安全：在签署交易时，钱包应该提供人类可读的warning信息，让用户有足够信息判断是否要签署交易。

图：安全插件KEKKAI模拟交易，提供人类可读的交易警示

服务能力：是一个越来越被B端dapp看重的方面。主要是指出现问题迅速解决的能力，功能不断更新、漏洞的暴露、都需要迅速的维护与解决。

2.3 从上阶段总结出哪些成功关键？

**切入细分市场，占据独特生态位。**例如，TokenPocket专注移动端DeFi交互，用app内丰富的DeFi内容、公链、协议生态提高用户粘性，成为移动端的web3生态入口；Zerion延续watchlist优势，迅速占据DeFi钱包生态位；Web3Auth专注提供Auth模块；Particle 定位则是平台中间件。

**贴近市场，洞察用户需求，顺应趋势。**例如，TokenPocket捕捉到了crypto三个阶段的需求，分别是2017年的完善基础功能，2018-2021年服务好头部公链和DeFi协议，2021年以后满足dapp爆发后，满足了用户对Web3生态入口、多生态服务平台的需求。又例如，对SDK钱包而言，B端项目注重快速GTM，希望SDK容易集成，钱包的UI自定义程度高。

**重视销售/售后服务。**销售/售后服务也是产品竞争力的一部分，能够提高用户黏性。例如，TP的创始人在论坛社区和用户的互动十分活跃，因为对移动端钱包而言，C端用户的反馈频率更高，内容更琐碎，需要更细粒及时的响应。

**找到关键人Go to market。**钱包作为中间件，需要开发者关系类的人才。例如，积极和开发者社区负责人建立合作关系，带来流量，洞察开发者需求，和更多dapp建立合作关系，紧贴市场。

**强大产品力支持，建立品牌优势。**以产品力提高用户粘性，从而吸引开发者来此建设丰富的生态，带来网络效应，打造属于自己的品牌，加强对市场的占领优势。

3.下个阶段钱包钱包如何获得增量市场

钱包的长期策略是快速抓住市场需求, 获得B端用户, 形成产品闭环, 通过收入, 融资和需求进行可持续的产品, 服务迭代, 提升品牌, 滚雪球式的拉开和竞争者的差距。

具体来说，低门槛钱包可以从易用性、销售服务、品牌几个维度切入，以求获得增量市场。

3.1 易用性

3.1.1 开发者友好

SDK钱包项目要做到开发者友好，减少开发者go to market的时间，免去繁琐的上手流程，让dapp开发者专注于业务增长本身。开发者友好包括了兼容性，灵活性和易用性。

兼容性是指对多链的兼容。
灵活性是指钱包的自定义程度高，在自定义UI方面，例如：许多手机游戏都是横屏，大多数移动端的钱包都是竖屏，若在横屏游戏中弹出竖屏登陆界面，会让用户感到非常不适应，因此自定义UI十分重要。但开发者也要求钱包SDK有基础的视觉素材，最好能提供基础积木，让开发者根据应用的需求改装设计。
易用性是指SDK接入的过程简单，界面友好。理想情况是web3新进开发者也能自由接入。

图：2B SaaS Dashboard https://dashboard.particle.network/#/project/all（包括分项目管理，自定义UI，用户数追踪等模块）

3.1.2 C端友好

针对web2小白用户或散户，要从PM的视角，降低钱包使用门槛，毕竟应用的技术实现不是为了让开发者挑战自我，而是真正的从用户角度出发，替用户思考他们的痛点。

小白用户的痛点不外乎单点失效和交易风险。单点失效是指助记词保管不善，钱包被盗风险高。交易转账风险高是指，公钥地址是一串人类不可读的字符，签署交易时的签名的消息也不可读，用户往往不知道自己签了什么内容，授权了什么。

针对这些问题，有以下解决方法：

首先降低用户学习成本。具体包括无助记词钱包，或者直接在早期使用托管方案，等到用户有了足够的钱包和风险管理知识后，主动升级为自托管方案。智能合约钱包Unipass的设计既帮用户免除了助记词烦恼，又给了用户托管到自托管的广泛选择。

**其次，降低用户的风险控制成本。**解决这个问题需要钱包内置安全模块，给到的风险提示，例如，解析交易信息，拦截可疑交易，模拟并且展示签名后的结果，给用户足够的信息判断是否继续签名，避免遭遇欺诈、钓鱼。

**以及，降低用户恢复成本。**EOA钱包不具备更换私钥的能力，然而智能合约钱包可以更换控制地址。智能合约钱包用户的地址不对应私钥，用户可以把合约的控制权转移给某个 MetaMask 地址，这就类似 gnosis safe 只用 1-1 单签的使用方法。UniPass还通过邮件社交恢复来找回账户[1]。

3.2 销售/售后服务

销售/售后服务也是产品力的体现，积累足够的常见问题后，积累一定的用户数之后，可以将销售/售后服务产品化。通过提供优质服务，及时响应，积累用户口碑。

3.3 品牌

品牌力可以以现有用户数、交易数量、合作dapp数量、已有投资机构进行粗略评估。提升品牌力能够提高老用户粘性，吸引新用户，降低销售成本，构建生态，形成竞争壁垒。以下是一些有望提升品牌力的举措：

**其一，积极和知名合作方形成利益绑定关系。具体而言，可以使用代币作为工具和B端形成利益绑定。**例如，钱包项目方可以将自己的治理代币以奖励的形式发放给dapp项目方，激励dapp带来更多新注册用户地址/活跃交易用户地址。**还可以建立用户数据共享利益机制，提供数据分析分级服务，提升用户忠诚度和专业品质，开启新的价值捕获。**基于钱包直接连接用户、DApp的优势，与用户建立数据共建共享机制，面向数据用户提供通用、专业、分级的数据分析服务，面向开发者提供数据分析API服务，有助于转用户为社区共创伙伴，聚合专业数据用户，并开启新的价值捕获路径。例如TP将用户转化为社区共创伙伴”TP侠”，与用户群形成类似粉丝社群的关系，加深与社区的连结。

图：Tokenpocket社区 https://fans.tokenpocket.pro/

**其二，强化社交属性，积累用户数据，增强用户粘性，带动网络效应，应对同质化竞争。**如若Edge, Chrome继承EOA钱包, Metamask缺乏护城河, 因为EOA钱包迁移成本极低。与EOA钱包相比，合约钱包能够持续积累用户（金融和非金融）数据，当账户上沉淀的数据越多，该地址对用户来说就越有价值，用户粘性越高，迁移成本也升高。此外，合约钱包还将在用户增长阶段扮演重要角色，例如通过KOL独链，跟踪投放效果。可以预见的是，智能合约钱包能够积累用户数据，提高用户粘性，形成网络规模效应，在同质化竞争中获得优势。

**其三，未来围绕钱包，发展自生态服务平台。**当系统通过模块化、API高度抽象复杂性后变得无感知，可为各种应用构建基础服务框架，走类似安卓系统的发展路径。例如，Safe提供了开源的AA SDK，未来AA模块有成为公共产品的趋势。Safe逐渐转向模块化的、可扩展的账户协议，支持共享插件接口以接入其他钱包和解决方案，做一整套协议层。

4.结论

回顾上一个阶段数据表现好的产品，移动端钱包靠产品力和内容增强用户粘性。SDK钱包的特质（例如MPC TEE技术可以通过采购获得，AA开源SDK成为公共产品）市场认知趋同。因此，SDK钱包比拼的是B端合作能力和售前售后服务。 **

在下一个阶段，我们认为基础功能更加丰富的合约钱包有着独特优势，它可以通过强化社交属性，积累用户数据，增强用户粘性，带动网络效应，以此应对同质化竞争。所以有品牌, 简单易集成, 技术支持好, 可升级，能积累用户数据的合约钱包会胜出。

参考:

[1]https://lay2.notion.site/CEBG-Q-A-3a350e55e0cb4c7cbebb565ff78ef35b

[2]https://safe.mirror.xyz/P83_rVQuUQJAM-SnMpWvsHlN8oLnCeSncD1txyMDqpE** **

Interoperability of Data: The Core Experience in Web3

youbi-capital@newsletter.paragraph.com (Youbi Capital | Since 2017) — Mon, 10 Apr 2023 10:39:57 GMT

Written by Chen Li, Jims Young, Li Gong, and Ivo Entchev from Youbi Capital

1）The Dilemma of Web2

We use various apps in our daily lives: we chat with friends on Whatsapp, search restaurants in review apps, explore different lifestyles on TikTok, and spend and transact money on Paypal. Our lives are captured by these apps and stored in their respective databases.

Moreover, as the complexity of our work and leisure lives grows, we tend to divide our attention across ever more specialized apps. For example, we might transition from a general video app to video apps that stream long, short, or medium-length content; or we might prefer tweets, long-form articles, and image-text platforms to general blogs. These increasingly refined user demands create more precise app categories, but also cause user data to become fragmented across a wide array of apps.

This proliferation of specialized apps and their lack of data interoperability has led to “data silos,” where we have to repeatedly register accounts and create content across different apps, and must publish it multiple times in order to achieve “cross-platform synchronization.”

Now imagine if a video we post on TikTok could be seamlessly and synchronously published on Instagram, and similarly, if a comment we leave for a video on Youtube could be synced to other platforms. When apps can share a user’s data, data is no longer trapped in silos, and users can leverage more open platforms to contribute and distribute their creative content. This is also the ultimate Web3 experience — an application matrix that can interoperate.

This trend has led to a dilemma for Web2: companies must face trade-offs between strict adherence to their business model, which relies on their monetization of trapped data, and delivering the interoperable experience demanded by their users, which requires data to be free.

Assuming that the trend towards specialized applications continues, it must be asked how Web2 platforms designed as data islands might adapt and what role Web3 will play in crafting a solution. That is the question we want to discuss here.

2) Why Web3?

Web3 world includes concepts like blockchain, cryptography, and decentralized economic models. Representative products include the cross-sovereign currency Bitcoin, decentralized finance based on smart contracts, and distributed computing and storage networks.

Taking decentralized finance as an example, the main feature of Web3 applications is the trustless management and transaction in digital assets, with user data stored in a public database, i.e., the public blockchain. There is no data isolation between applications and completely permissionless interoperability between applications on most chains. This degree of data freedom far exceeds that of Web2 platforms, leading to a massive explosion in decentralized finance applications. The number of applications within the EVM system grew a staggering 1,000 times between 2020 and 2022.

However, Web3 has encountered obstacles in consumer applications. The data storage capacity of public chains is very limited and its price is extremely high (the storage cost of Ethereum is one million times than that of AWS), The public chain can manage the size of data generated by decentralized financial applications but is unable to accommodate large-scale data required by typical consumer-end applications such as content and user behavior tracking data. The solution of this Web3 obstacle is to meet such storage needs off-chain and provide these resources to developers using cryptography. We will discuss the specific implementation later on.

Those off-chain storage solutions, such as Filecoin and Arweave, store data in a distributed manner on various servers in their networks by segmenting and encrypting the data, and the cost is lower than centralized storage. Unlike completely open public chains, the data stored in off-chain solutions require user authorization to be called and retrieved.

Here, we need to mention a major early concept of Web3 applications. That is, the forefront breakthrough platforms must permit users, not the platforms, own their data, and users should also be able to own an interest in the application platform itself. Only in this way can the platform maximize the value of data and share those benefits with its users.

When users own data, the data isolation between applications can be bridged through user authorization. The data center of Web3 must be user-centric. We will describe how to combine the Web3 technology layer, account management, storage, execution, etc. into a technology stack that is user-centric and most convenient for developers to use.

3）Web3’s Technology Stack — Starting from Defi

Compared to traditional C-end applications, Defi applications are relatively slow, and a transaction usually takes several seconds or even longer to complete. Applications based on IPFS may take at least a minute or even several hours to synchronize an update. The speed of these applications is determined by the speed of their backend databases.

The speed of Defi is based on the consensus of the layer1 chain, which is limited by the degree of the network’s decentralization. For non-financial applications, content generally exists on only one or a few nodes. IPFS synchronizes address information, and the higher the decentralization degree of the nodes, the longer the synchronization time.

To solve the speed problem, different blockchains have developed their own Layer2 to store and update data that can be processed more quickly and then frequently transfer it to the public blockchain. Similar things have also happened on IPFS, which is what Ceramic does. Ceramic nodes can be used like a centralized cloud, to record events that occur on one application and then update the results to IPFS after a period of time. It can be seen as the layer2 of IPFS.

With this layer2, the dapp experience can be very similar to a normal app. In addition to validating dynamic data storage, Ceramics also proposes the concept of data models that establish data storage standards between applications to enable cross-application data interoperability.

Dataverse-OS has built further resource abstraction and isolation on top of Ceramic, creating a kernel that manages storage resources and identities, similar to an operating system kernel. Applications and users can use their public keys for identity authentication to access resources without infringing on other’s data. In this way, all applications can run on the same kernel, rather than being separate systems. Applications or firms can apply for permission to access any data table through the kernel, with authorization from the user’s private key, without the need to contact other firms.

From the perspective of data interoperability, Dataverse-OS plays the role of a cloud-based operating system, enabling large-scale data interoperability between applications. It serves as a prototype or MVP for future Web3 data middleware. There are several other projects with similar visions in this field, but we will not list them all here.

4) Outlook and Challenges

Since the birth of Web3, allowing data to flow freely between applications has been one of the visions. With the development of these technology stacks, we are finally almost there.

For users, this is the first time that data interoperability can be achieved across all categories of Web3 applications. We can share comments between various video platforms and discuss topics with netizens from around the world all at once without platform restrictions. Personal assets can be used for payment on various platforms, and social credits and reputations will be recognized by all apps. We can even manage our own data freely, allowing it to flow between applications and users, and achieve more breakthroughs in composability.

For developers, the threshold of promotion and exposure traffic gets much lower since user information can be easily obtained and used. Data is no longer a barrier for competition between applications, indeed good products are. Moreover, the development threshold has been further decreased due to the increasing popularity of no-code tools. The front-end threshold is constantly decreasing and can be easily integrated into Web3’s backend, and an application can be easily created within one figure print.

In Web2.0, cloud-based operating systems have become the stickiest user entry point, with more and more functions being integrated into cloud operating systems and more and more user experiences being migrated to the cloud. This is an unstoppable trend. User-centric cloud services must compete with centralized platforms for developers and users, and we believe that user-centric cloud service platforms have undeniable advantages in content and social applications.

Dataverse-OS is designed to be simple yet powerful, providing developers with all the core functionalities they need to achieve data interoperability. We highly recommend their SDK for all d-app developers. However, we encountered a challenge that users are the primary factor that attracts developers to the platform, and the biggest challenge is how to attract early developers through a win-win cooperation. Our answer is a project called Glitter, which focuses on building a public data center. We will provide a detailed introduction to this project in the next article, “Glitter: The Engine of Web3 Traffic.”

数据互操作：Web3的核心体验

youbi-capital@newsletter.paragraph.com (Youbi Capital | Since 2017) — Sun, 09 Apr 2023 13:06:53 GMT

本文由 Youbi Capital 的 Chen Li, Jims Young, Li Gong 和 Ivo Entchev 共同撰写

1）Web2的困局

我们每天生活在各种APP中：在微信上和朋友闲聊，用点评软件选要去的餐厅，在小红书上探索生活的多样，用支付宝付日常的开销……我们生活的痕迹被形形色色的APP捕获，沉淀在各自的数据库内。

同时，随着对工作与生活要求的增多，我们有了越来越细分的APP们：从单纯视频到长视频，短视频，中视频的划分，从博客到微博，长文章，图文信息流等不同呈现方式，越来越精细化的用户需求创造了更加细分的APP分类，同时也导致了数据的更加分散。

这种APP间的分散与数据不互通形成了一个个“数据孤岛”。我们在不同的APP之间重复着注册账号，撰写内容，并需要在各个平台中一次又一次地发布达到“全平台同步”。

而试想一下，如果我们在抖音上的一个视频，可以无感地被同步到小红书。同样的，一个我们发在B站某视频的弹幕，也可以被同步到其他平台。APP之间能够共享该用户的数据，数据便从此不再存在于孤岛，用户也能借助更自由的平台互操作实现更多有创造力的内容输出。这也是不断被提及的Web3终局体验——能够互操作的应用矩阵。

而面对基于融合数据中台的应用矩阵的大趋势, 在不同平台上的数据孤岛间这个趋势会如何进一步落地? 而Web3技术如何服务于这个大趋势? 这是我们要讨论的问题。

2）为什么是Web3

Web3的含义包括区块链, 密码学, 去中心化经济模型等概念。代表性的产品有跨主权货币比特币, 基于智能合约的去中心化金融, 以及去中心化的计算, 存储网络等。

以去中心化金融为例, Web3应用的主要特征是去信任资产管理和交易(签名), 用户数据存在一个公共的数据库里, 也就是公链上。应用和应用之间不存在数据隔离, 甚至在大部分链上, 应用之间的数据有完全无许可的互操作性, 这种远超Web2平台的自由度, 导致了去中心化金融应用的大爆发, EVM体系内的应用数量在2020-2022年之间增长了1000倍。

然而在消费者应用方面, Web3遇到了明显的瓶颈。公链的数据存储能力非常有限, 而且价格极高(以太坊的存储成本是AWS的1百万倍), 仅能够支持去中心化金融类型的应用产生的数据量, 无法承载内容和用户行为跟踪等这类其他C端应用需要的大规模数据。Web3的解决方案是把这类存储需求在链下满足, 并通过密码学的方式把资源组织和抽象出来提供给开发者。具体实现我们在后面讨论。

这种链下的存储方案, 例如Filecoin, Arweave, 是把数据以分割, 加密的方式分布地存储在他们网络里各个服务器上, 成本低于中心化的存储。和公链上的完全开放的数据不一样, 这些数据需要用户的授权, 才能进行调用。

这里要提到Web3应用概念提出早期的一个主要理念, 突破应用平台发展天花板的模式必须是用户拥有数据而不是平台, 同时用户也应该拥有应用平台的一部分, 这样平台才能在最大限度地挖掘数据的价值的同时, 将利益与用户共享。

当用户拥有数据, 应用和应用之间的数据隔离就可以通过用户授权打通, 所以Web3的数据中台必然是以用户为核心的。接下来我们要讨论的是如何把Web3技术层, 账户管理, 存储, 执行等组合成一个以用户为核心, 而且最方便开发者使用的技术栈。

3）Web3的技术栈 - 从Defi谈起

Defi应用相对于传统C端应用来说反应很慢, 一个交易完成通常要等几秒到几十秒甚至更长。而基于IPFS的应用会需要至少一分钟, 有时长达几小时才能同步一个内容的更新。这些应用的速度都是由他们后端的数据库更新的速度决定的。

Defi 的速度基于公链的共识, 受网络去中心化程度的限制；而对于非金融应用，内容一般只会存在一个或几个节点上, IPFS同步的是寻址信息, 因为节点的去中心化程度更高, 同步时间也更长。

为了解决这个问题, 不同的区块链都开发了自己的Layer2, 用来存储和更新需要快速处理的数据, 然后每隔一段时间再转移到链上。而 IPFS上也发生了了类似的事情, 这就是 Ceramic 做的事情。Ceramic 的节点可以用来像中心化的云一样, 记录某个应用上发生的事件, 然后过一段时间再把结果更新到IPFS上, 所以可以把它看成是IPFS的二层。

有了这个二层, dapp的体验就可以和app非常接近了。除了动态存储, Ceramics还提出了数据模型的概念, 在应用和应用之间建立数据标准, 使跨应用的数据互操作变成可能。

Dataverse-OS在Ceramic 的基础上做了进一步的资源抽象和隔离, 打造了一个能够管理存储资源和身份的Kernel, 类似一个操作系统的内核, 让应用和用户通过他们的公钥来进行身份验证, 获取资源, 而又互不侵犯。这样做的好处是所有应用都可以跑在同一个Kernel里面, 而不是独立的系统。应用和应用之间不需要两两之间打通, 就可以通过Kernel申请, 和用户私钥的授权, 获取任何一个数据表的权限。

从数据互操作的角度, Dataverse-OS起到了一个云端操作系统的作用, 能够让应用之间实现大规模的数据互操作, 是未来Web3数据中台的一个雏形或者MVP。这个领域还有几个项目有类似的愿景, 这里就不一一列举了。

4）展望和挑战

在Web3诞生以来，让数据在应用之间自由的流动一直是我们的一大愿景。随着众多技术栈的不断成熟，这一次我们终于almost there。

对于用户来说，这是第一次在Web3应用之间可以全品类地实现数据互操作。我们可以在各个视频平台之间共享弹幕，和全世界各地的网友讨论同一个话题而不受平台限制；个人的资产可以在各个平台之间完成支付，个人的社交积分与声誉也会被所有APP广为认可；我们甚至可以自由地管理自己的数据，让它在应用间，用户间自由地流动，完成更多的可组合性上的突破。

而对于开发者来说，流量的门槛第一次如此之低，以至于可以轻易地获取用户开放出来的信息并加以使用。数据从此不再是应用之间竞争的门槛，好的产品才是。同时，开发的门槛也得到进一步降低，随着无代码工具的不断普及，前端的门槛得到不断降低，只需要与Web3的后端接入，一个应用便能就此诞生，而这一切都近在咫尺。

在Web2.0中, 云化的操作系统正在成为现在粘性最强的用户入口, 越来越多的功能被整合进云操作系统中, 越来越多的用户体验也随之被迁移到云端, 这是一个不可阻挡的趋势. 而以用户为中心的云服务，必然要和中心化平台竞争开发者和用户, 我们认为在内容和社交应用方面, 以用户为中心的云服务平台有不可忽视的优越性。

Dataverse-OS的设计简洁而强大, 赋予了开发者实现数据互操作的所有核心功能。他们的SDK被我们迫不及待的推荐给所有的dapp开发者。但我们碰到一个问题是用户是平台吸引开发者的主要因素, 如何通过共赢的方式吸引早期开发者是数据中台最大的挑战。这里我们的答案是一个做公共数据中台的项目Glitter, 关于这个项目我们会在下一篇里详细介绍, “Web3流量的火车头Glitter”。

The Future Is Seedless: Wallets for Transitioning Web2 Consumers to Web3

youbi-capital@newsletter.paragraph.com (Youbi Capital | Since 2017) — Fri, 18 Nov 2022 11:26:10 GMT

The article is co-authored by Chen Li, Ivy Zeng and Ivo Entchev in Youbi Capital.

To a Web2 user approaching Web3 for the first time, the onboarding experience is (putting it mildly) unappealing. With conventional EOA wallets, this takes the exotic form of explicitly generating a wallet, managing private keys, and securing seed phrases for account recovery.

Next-generation seedless wallets attempt to address this point of friction by abstracting away from the private keys and seed phrases, thereby permitting a more familiar onboarding process using only a few clicks, and by leveraging social login common to Web2. As such, seedless wallets are a strong step toward mass adoption.

One way wallet providers achieve seedless wallets is through fully centralized account hosting solutions. However, that approach is misguided because it defeats the basic purpose of using a Web3 app. The correct solution should not achieve abstracted convenience at the cost of meaningful ownership and self-custody of user accounts by users themselves. Instead, it should strike the right balance between the two based on the user’s needs.

We are at an inflection point for introducing Web2 consumers into Web3. The onboarding process will play a big role in this next phase of growth. It is, therefore, critical that we create an onboarding and account management experience that combines the decentralization ethos of Web3 with the convenience and intercompatibility of Web2.

Due to its central importance to the growth and success of Web3, we are continually paying close attention to innovation in Web3 account infrastructure. Many app developers have asked us to share our thoughts on recent advances in user onboarding and on wallet selection. Here they are.

The Trade-Off: Seedless Key Management Versus Self-Custody

All recent iterations of wallets can best be analyzed in relation to their pursuit of two main but countervailing features: seedless key management and self-custody.

Seedless key management is the foundation for the seamless onboarding of new users into Web3. The user does not need seed words or private keys to import their accounts into a new environment. As a result, their onboarding and account management are abstracted and can be made to resemble that of Web2.

On a technical level, this abstraction is achieved by wallet providers delegating authority over the client’s account to the server or to third parties. For example, Magic Link requires users to be authorized by them to access their encrypted key as well as to decrypt the with a master key secured by centralized hosting on AWS HSM. Other approaches create greater decentralization by splitting the private key into multiple pieces and storing them at different places to reduce the risk of exposing the entire key.

As should be readily apparent, seedless key management results in a trade-off with complete ownership and self-custody of the user account by the user, which is important (if not outright sacrosanct) to many crypto adopters, and for a good reason. When the wallet service relies on third parties, those third parties are empowered to censor the transactions and even take over the assets. They might be subject to government regulations and enforcement. Wallet services highly dependent on the service provider are also more likely to be disrupted when malicious attacks or accidents happen.

Therefore the best UX for Web3 wallets must find the right tradeoffs between seedless key management and self-custody for the targeted user groups. For Web3 applications, we can assume that the primary goal is to seamlessly convert Web2 consumers, who are used to username/password or social login but do not have a significant amount of assets on-chain right away. Secondarily, the developers should consider upgrading the trade-off as the users’ assets grow, which will generally require more security and greater decentralization.

Finding the Right Balance: Comparison of Existing Seedless Wallets

Based on the above framework, we provide a survey of the representative seedless wallets of which we are aware and analyze them according to the degree of self-custody that they enable and other relevant factors.

MagicLink, Web3Auth, Particle Network, Sequence, UniPass

The latest generation of wallets relies on new technologies such as secured cloud storage, MPC, and smart contracts to enrich the design space and bring users a new set of functions to manage and use their Web3 account. While all of these are an improvement over EOA design, the degree to which they improve the user experience differs (as shown in Figure 1).

Figure 1: Utilization of Cloud, MPC and Smart Contract in Wallet Design

EOA wallets such as Metamask, Imtoken, and Phantom are the most native and self-reliant wallets. They are also the most cumbersome. The users need to learn how to safeguard their seed words or private key and how to use them to import the account to new devices. The account address derives from the private key and will be permanently locked or inaccessible if the key is lost or stolen.

The most straightforward alternative is to use a custody service. The best example is Magic Link. The custodian grants access to the account through email or social login, which is very convenient. But the key is vulnerable to the usual security and other centralization risks.

More complicated methods usually involve MPC (SSS, TSS), such as Web3Auth and Particle Network. By splitting the key into several shares, the login must be authenticated by multiple key shareholders, distributing the custodianship, therefore mitigating the centralization risks.

Finally, several projects have succeeded in wrapping smart contracts on top of MPC, introducing account management logic that allows the users to reconstruct or reset the master key managed by MPC, further reducing centralization risks. The core of the account management logic is the selection of so-called guardians, where profound customization could be implemented to remove the dependency on wallet service providers or certain custodians.

Beyond their handling of the tradeoff between seedless key management and self-custody, these seedless wallets can be evaluated on their improvement of the user experience according to six relevant factors, as described below.

Gas fee: Gas cost incurred on-chain for the creation of the smart contract account (gas fee for regular usage is similar to EOA)

Latency: Time to complete the creation and import process (e.g. smart contract wallets usually take longer due to the on-chain process)

Switch Device: Smoothness in switching to a new environment or device

Security: The existence of a single point of failure, including any individual party, such as the service provider or the integrated front end, that can reveal, reconstruct or reset the complete key or credentials to fully control the account

Custody: Service availability and censorship resistance (i.e. dependency of the service on the service provider and whether the custodian can access or freeze the client’s account)

Functionality: The ability to implement additional account management logic (e.g. sponsor gas fee, multiple signatures, delegated signing)

Among these supplemental factors, users are relatively more sensitive to gas fees, latency, and the availability of additional functionalities. Security and custody are less visible to the users; however, incidental events such as security breaches or service disruptions could be catastrophic to businesses or individuals.

Magic Link (Custodial EOA)

Magic Link is a seedless wallet that supports email and social login. After being authorized by Magic Link, the clients download a copy of their private key from the custodian to login into the account from new devices instead of using seed words. Magic Link outsources the encryption of the private key to AWS HSM to serve the client directly so that Magic Link does not store the private key in plain text.

Technically, Magic Link is equivalent to Metamask but with the added benefit of cloud custody that allows users to switch devices using online authentication. However, to bring the users the best experience, Magic Link operates the sole authentication server to grant access to the decryption key, making it a potential single point of failure in the workflow. Hackers or staff members, once they obtain access to the authentication server, could gain full control of a user’s account. Moreover, the decryption key might not be unique for each user, giving rise to the possibility of circumventing the authentication server using keys from other accounts.

Figure 2: Magic.Link (AWS Key Management Service)

We tested and evaluated Magic Link as integrated by Zerion and present our findings below.

Figure 3: Our evaluation of Magic Link

Gas fee: Low, as it is an EOA wallet

Latency: Low, the same as Metamask

Switch device: Easy, to transfer the private key to a new device with the access token (email/OAuth).

Security: Low. Single point of failure. Complete private key exposed to sever provider and frontend

Non-custodial: Low. Highly dependent on the authentication server, therefore poor service availability and low censorship resistance

Functionality: Low. Not a smart contract wallet

Web3Auth (Distributed Custodial EOA)

Web3Auth is a popular wallet service that also supports social login, allowing users to authenticate themselves on various applications by connecting through a social site. It has been integrated by various Web2 and Web3 applications such as Chess.com, Opensea, and Skyweaver. Needless to say, social login is an attractive, and possibly the most seamless, authentication feature for any consumer-facing use case.

However, just like Magic Link, the social login workflow requires a server to generate the login request and sign it with an app key, and therefore must be centralized. Even though it is possible for a smart contract to verify the signature with the public key exposed to the authorization server, this is not a consumer-friendly process.

To mitigate the risk, Web3Auth added other keys to the OAuth key to collectively reconstruct the complete key for login. The three shares are first generated in a decentralized way using Shamir Secreting Sharing (SSS) when users first log in with their social account e.g. Gmail/Twitter. Then they are stored separately. As depicted in Figure 4, here is how the key slices are stored and used.

Device Share: generated and stored on the user’s device, must be recomputed on new devices
OAuth login share: generated on the OAuth server, then the share is further split in a network of nodes and retrieved once when the OAuth code is verified
Backup/2FA share: An extra share to be kept by the user, possibly kept on a separate device, cloud or email, needed to log in to new devices.

Figure 4: Web3Auth (Shamir Secret Sharing, social login)

Currently, both the OAuth key and backup key are controlled by Web3Auth through the Auth Network, which is used to reconstruct the complete private key. In services that have integrated Web3Auth, like Opensea and Sequence, users can authenticate their login directly through social login, without any other requirement, making Web3Auth the sole account custodian.

Web3Auth could potentially distribute the backup key to a third-party storage provider. In that way, when users are logging in from a new device, the backup key can be invoked to create a new device share in the environment. Delegating the storage of the backup key to a third party reduces the risk of security breaches and censorship. Bitizen.org is a great example of such a distributed custodial that uses ⅔ TSS and the client’s own cloud drive to store the backup key share. The downside is a privacy concern, as it grants the service providers full access to the files in the client’s cloud drive.

Figure 5: Our evaluation of Web3auth

Gas fee: Low. not a smart contract wallet

Latency: Low. Instant login

Switch device: Easy. Social login and password or just social login

Security: Low. Single custodian. OAuth alone is enough to log in. Complete private key exposed to the front end

Non-custodial: Low. Service is highly dependent on Web3Auth, with no censorship resistance

Functionality: Low. not a smart contract wallet

Web3Auth has been tested using Treasure.chess.com and Skyweaver.net

Particle Network (Distributed Custodial EOA)

Particle Network is another wallet service that features email or social login, by using 2/2 MPC-TSS-based algorithm. There are two parties in the key generation process, the client side, and the official side, jointly computing the public key, each holding a secret share of the private key. Only the client side can start the signing process.

During the signing, proof generated by TSS technology will be uploaded on-chain without showing the private key. When the client switches devices or recovers the account, the client invokes the client key stored on the cloud after authentication through email OTP or social login as shown in Figure 6.

Figure 6: Particle Network(MPC-TSS, social login)

The TSS multisig algorithm is more secure than SSS as it does not generate a complete private key that could be exposed in the process. However, the 2/2 TSS scheme is not recoverable when one of the two shares is lost, exposing the account to a higher risk of being locked permanently.

Currently, Particle Network supports social login on new devices by allowing clients to download the client’s key stored on the cloud. The key is not protected by a password, leaving the service provider full access to the account.

Figure 7: Our evaluation of Particle Network

Gas fee: Low, not a smart contract wallet.

Latency: Low, 2/2 MPC is quite efficient.

Switch device: Easy, email OTP or social login

Security: Medium, the complete private key does not exist, and there is no permanent exposure. Authentication for social login is still centralized

Non-custodial: Low. The server side can suspend service or censor transactions.

Functionality: Low. Not a smart contract wallet

Particle network wallet has been tested on their website. https://wallet.particle.network/

Sequence(Distributed Custodial Smart Contract)

Sequence is a multisig smart contract wallet that supports email or social login by delegating one of the three keys to Web3Auth. It allows developers to manage the security of the accounts with more flexibility. In addition, as a smart contract wallet, Sequence enables additional logic to improve UX in different use cases. It has been adopted in games and Web3 applications.

As shown in Figure 8, Sequence Wallets are currently secured using three private keys that are sufficient to create a majority weight to fully control the account: Session keys, a Guard key and a Torus key.

Session keys are stored in the browser’s IndexedDB.
A Guard key is a key owned by Horizon (Sequence server).
A Torus key(SSS) is a key generated by the Torus network, also known as Web3Auth; please refer to the previous section for its features.

Figure 8: Sequence (Smart contract, SSS)

Compared to Web3Auth, Sequence adds options for developers or clients to further distribute the custody. Currently, however, Sequence allows the social login to invoke both the Torus key and Guard key when logging into a new device to minimize friction.

Gas cost is an extra factor for smart contract wallets. Account creation, signing transactions, and reconstructing the keys all happen on-chain and therefore cost gas. The transaction signing cost is negligible but the account creation and key reconstruction cost $0.005 to $0.01 on Polygon, and about x1000 more expensive on Ethereum, making smart contract wallet a much more viable solution on the side chain and layer 2s in general.

Figure 9: Our evaluation of Sequence

Gas fee: Low to medium.

on Ethereum: 270k gwei around $5–12 (gas price at 15–30 gwei, ETH at $1500) for the creation of the account

on Polygon: $0.0068–0.015 (gas price at 47 gwei, MATIC at $0.9) for the creation of the account

Latency: Medium; it usually takes about 15 seconds to sign in the first time; social login takes 10–20 seconds

Switch device: Easy. Social login

Security: Low. Single point of failure. In the current implementation, the Torus key alone is enough to log in

Non-custodial: Low. In the current implementation, the OAuth alone is enough to log in

Functionality: High. A sequence is a smart contract wallet and therefore supports additional account management logic.

UniPass(Distributed Passive Custodial Smart Contract)

UniPass is also a smart contract wallet wrapped on top of MPC key management. It shares all the great features of smart contract and MPC wallets. Compared to Sequence, it uses the domainkeys of the guardian emails (DKIM) to authenticate reset requests instead of the guardian key and social key. The clients can simply send emails from their predefined email accounts to reset the master key.

The mechanism of DKIM-based reset is that the client sends an email in a certain format, and the content that includes the email address gets hashed and signed by the DomainKeys and then the signed hash is broadcasted using any RPC service to invoke the reset function in the smart contract. The signatures of the domainkeys of the guardian emails are verified on the chain, as shown in Figure 10.

Since authentication for DKIM can be done by sending an email, this approach does not involve any server that authenticates the request for the clients, effectively removing the centralization risk. The Unipass server currently does facilitate the reset process by drafting the recovery emails for the clients as well as providing the RPC service. But the client does not rely on the server, and open-sourced front end can be hosted locally to completely skip the server in the reset workflow.

Figure 10: UniPass DKIM recovery

The guardian emails can still be considered playing the custodian roles in this design, however, only passively, because the service providers do not need to be notified or recognized for it. This format significantly reduces the chance of the service provider being targeted by malicious attacks internally or externally or being regulated as a custodian service. The access to the accounts is not only guarded by the security environment of the email services but also hidden in a stealth mode.

Due to the gas fee, the clients usually log into the account using 2/2 TSS keys without invoking the more costly functions of the smart contract. As depicted in Figure 11, to log into a new device or environment, the client downloads the encrypted key from the cloud using email OTP and decrypts it with the password. The key can then be used locally to initiate transaction signing. Once transactions are signed by the client’s key, the other key held by Unipass will be used to complete the signature. The Unipass key serves as a gatekeeper that automatically monitors the content of the transactions to check for potential frontend attacks.

Figure 11: UniPass 2/2 MPC-TSS Login Flow

Unipass also supports session keys, which are authorized to sign transactions on their own under predefined conditions, like under a certain transaction amount, within a short period of time, or to whitelisted addresses, thanks to the functionality of smart contracts. The use of session keys could greatly improve user experience in certain scenarios like gaming.

Figure 12: Our evaluation of Unipass

Gas fee: Low to Medium.

on Polygon: 80k-130k gwei for $0.0033 — $0.005 (gas price at 15–30 gwei, MATIC at $0.9) for the creation of the account for the creation of the account

Latency: Medium

Switch device: Medium to high. Email OTP + password. Users cannot simply import accounts with social login

Security: High. Hackers need to compromise 2 emails (the relationships between addresses and emails are hidden by zk-tech) to access a client’s account, which is almost impossible.

Non-custodial: Medium to high. High service availability since clients can still access their wallet even if UniPass is out of service; the custodianship is not notified or recognized.

Functionality: High. UniPass is a SCW so it can implement additional account management logic.

Unipass has been tested on https://v1.tryunipass.com/

Summary

As we are smoothing out the bumps in Web3 user conversion, more developers are realizing and attending to the key role of the wallet, and its role as an entry point of user traffic. Particularly after MPC and smart contract solutions expanded the design space, companies are drastically mitigating the severity of the tradeoffs between seedless key management and self-custody. The distributed custodial solutions, especially the passive custodial solution of Unipass, provide the most balanced UX and security features to the users and developers. They are likely to see much broader adoption with the arrival of a batch of Web3 consumer apps in the next 12 months.

Figure 13: Our evaluation of leading seedless wallet solutions across relevant metrics

This content is provided for informational purposes only, and should not be relied upon as investment advice. Youbi Capital is a digital asset venture capital fund and accelerator of Web3 technologies and therefore may hold positions in one or more of the companies and technologies mentioned.

将 Web2 用户带入 Web3 —— 未来属于无助记词钱包

youbi-capital@newsletter.paragraph.com (Youbi Capital | Since 2017) — Fri, 18 Nov 2022 10:13:12 GMT

本文由 Youbi Capital 的 Chen Li，Ivy Zeng 和 Ivo Entchev 共同撰写

对于第一次接触 Web3 的 Web2 用户来说，初次上手的体验（客气地说）是不大愉悦的。传统的 EOA 钱包需要经过钱包生成，私钥管理，保存助记词等一系列复杂繁琐的流程。下一代无助记词钱包试图通过抽象私钥和助记词来解决这个摩擦点，只需点击几下就可以使用常用的 Web2 社交账号登录，实现一套更熟悉的登录流程。因此，无助记词钱包是 Web3 迈向大众普及的重要进步。

钱包提供方实现无助记词钱包的一种方式是完全中心化的账户托管解决方案。然而，这与 Web3 应用的初衷背道而驰。正确的解决方案不应该以用户失去对账户的所有权和自托管为代价，来达到抽象化的便利性。而应该根据用户的需求在两者之间取得适当平衡。

我们正处于将 Web2 消费者引入 Web3 的拐点。登录流程将在下一阶段的增长中至关重要。因此，创造一种既符合 Web3 去中心化的精神，又具备 Web2 的便利性和互操作性的登录和账户管理体验至关重要。

正因为登录和账户管理体验如此重要，我们一直在密切关注 Web3 账户基础设施的创新。许多开发者也想了解Web3用户登录的最新进展和我们对钱包的看法。本文正是为此而来。

取舍：无助记词密钥管理 VS 自主保管

最近所有钱包产品的迭代都可以通过它们对两个主要但相互牵制的特性的追求进行分析：无助记词密钥管理和自主保管。无助记词密钥管理是新用户无缝进入 Web3 的基础。这意味着用户不需要助记词短语或私钥就可以在新环境中登录账户。因此，他们的进入流程和账户管理是抽象的，类似于 Web2。

从技术层面上来说，这种抽象是通过钱包提供方将客户账户的权限委派给服务器或第三方来实现的。例如，Magic Link 要求用户获得（官方）授权后才能访问加密密钥，并使用主密钥（由 AWS 上的中心化托管服务 HSM 保护）进行解密。其它方法则是通过将私钥拆分为多个片段并将它们存储在不同的位置来减少暴露整个密钥的风险，从而实现更大程度的去中心化。显而易见，用户需要在无私钥和自主保管两个特性之间作出取舍，这对许多加密货币使用者来说很重要（如果不是完全神圣不可侵犯的话），理由也很充分。当钱包服务依赖于第三方时，这些第三方就拥有审查交易，甚至接管资产的权力。它们可能会受制于政府监管和干预。对服务提供商依赖程度较高的钱包服务，在发生恶意攻击或事故时也更容易中断。

那么，如何在无私钥和自托管这两者间权衡以获得最佳用户体验呢？对于 Web3 应用程序，我们可以假设其首要目标是无缝转化 Web2 用户，他们习惯于使用用户名/密码或社交登录，但不会立即拥有大量的链上资产。而接下来，随着用户资产的增长，他们往往对安全性和去中心化有更高的要求，此时开发人员应该考虑对两种特性的权衡进行调整升级。

找到正确的平衡：现有无助记词钱包的比较

基于上述框架，我们对一些有代表性的无助记词钱包进行了调研，并根据它们的自主保管程度和其它相关因素对进行了分析。这些钱包是：

MagicLink，Web3Auth，Particle Network，Sequence，UniPass

安全云存储、MPC 和智能合约等新技术丰富了新一代钱包的设计空间，为用户带来一系列管理和使用其 Web3 账户的新功能。以上针对 EOA钱包的改进方案对用户体验有不同程度的改善（如图 1 所示）。

图 1：云计算、MPC 和智能合约在钱包设计中的应用

诸如 Metamask、Imtoken 和 Phantom 等 EOA 钱包是最本地化与独立的钱包，当然不可避免也是使用体验最繁琐的类型。用户需要学习如何安全保存他们的助记词词或私钥，以及如何使用它们将账户导入到新设备中。账户地址来源于私钥，如果私钥丢失或被盗，账户地址将被永久锁定或无法访问。

最直接的替代方案是使用托管服务。例如Magic Link。托管人可以仅通过电子邮件或社交登陆授予账户访问权限。然而，托管服务的便利性往往伴随着密钥安全风险和中心化风险。

更复杂的方法通常涉及 MPC（SSS、TSS），如 Web3Auth 和 Particle Network。通过将密钥拆分为几个部分，登录时必须由多个密钥持有者进行身份验证，从而分散了管理权，降低了集中化的风险。

除此之外，也有成功者将智能合约结合在MPC之上，引入了账户管理逻辑，允许用户重构或重置由 MPC 管理的主密钥，进一步降低了中心化风险。账户管理逻辑的核心就是选择所谓的守护人，以实现深度自定义，消除对钱包服务提供商或特定守护人的依赖。

除了处理无助记词密钥管理和自主保管之间的取舍之外，这些无助记词钱包还可以从用户体验的六个维度进行评估。

Gas 费用：创建智能合约账户在链上产生的 Gas 费用（常规使用的 Gas 费用接近 EOA 钱包）

延迟：创建和导入过程花费的时间（例如，由于是链上的过程，智能合约钱包通常需要更长的时间）

更换设备的便捷性：平滑地切换到一个新的环境或设备

安全性：单点故障的存在，包括任何单独的一方，如服务提供商或集成前端，是否有能力暴露、重构或重置完整的密钥或凭据，以完全控制账户

托管：服务可用性和抗审查能力（即服务对服务提供者的依赖性以及托管者是否能够访问或冻结客户的账户）

功能性：能够实现额外的账户管理逻辑（例如，资助 Gas 费用、多签名、委托签名）

在这些补充因素中，比起 Gas 费用、延迟和附加功能这些显著影响用户体验的因素，安全性和托管因素对用户来说相对是无感的。然而，安全漏洞或服务中断等偶然事件可能对企业或个人造成灾难性的影响。

Magic Link（托管EOA钱包）

Magic Link 是一个支持电子邮件和社交登录的无助记词钱包。在得到 Magic Link 的授权后，客户在新设备登陆账户时，从托管人处下载一份他们的私钥副本即可，从而避免保存和使用助记词。Magic Link 将私钥的加密版本外包给 AWS HSM 以直接服务客户端，这样 Magic Link 就不会以纯文本的形式存储私钥。

从技术上来说，Magic Link 就相当于 Metamask，但增加了云托管的好处，允许用户使用在线身份验证切换设备。然而，为了给用户带来最好的体验，Magic Link 官方使用唯一的身份验证服务器来授予对解密密钥的访问权，这使得它在工作流中成为潜在的单点故障。黑客或工作人员一旦获得访问身份验证服务器的权限，就可以完全控制用户的账户。此外，解密密钥对于每个用户可能都不是唯一的，这就产生了使用其它账户的密钥绕过身份验证服务器的可能性。

图 2：Magic Link（AWS密钥管理服务）

我们对 Zerion 集成的 Magic Link 进行了测试和评估，以下是我们的发现。

图 3：我们对 Magic Link 的评估

Gas 费用：低，因为它是一个 EOA 钱包

延迟：低，和 Metamask 一样

更换设备：很容易，私钥会被传输到拥有访问令牌（Email/OAuth）的新设备。

安全性：低。单点故障。完整私钥在前端暴露

非托管：低。对认证服务器依赖程度高，因而服务可用性差、抗审查能力弱

功能性：低。不是智能合约钱包

Web3Auth（分布式托管EOA钱包）

Web3Auth 是一家流行的钱包服务提供商，它还支持社交登录，允许用户通过社交账号连接，以在各种应用里验证他们自己。目前已经有各种 Web2 和 Web3 应用程序集成了 Web3Auth，如 Chess.com、Opensea 和 Skyweaver。毫无疑问，对于任何面向 C 端用户的应用，社交登录都是一种极具吸引力，甚至是最无缝的身份验证方式。

然而，就像 Magic Link 一样，社交登录工作流需要服务器生成登录请求并使用应用程序密钥进行签名，因此必须是中心化的。尽管智能合约可以使用公开给授权服务器的公钥来验证签名，但这对终端用户来说不是个友好的过程。

为了降低风险，Web3Auth 在 OAuth 密钥中添加了其它密钥，然后需要多把密钥共同签名重构完整密钥。当用户第一次登录他们的社交账户（例如 Gmail/Twitter）时，首先，以去中心化的方式，通过 Shamir Secreting Sharing（SSS）生成三个密钥分片，而后分开存储。以下是这些分片的存储方式：

设备分片：生成并存储在用户的设备上，每次在新设备上登录时都会重新生成
OAuth 登录分片：在 OAuth 服务器上生成，然后在节点网络中进一步分割保存，并在 OAuth 代码得到验证时才会获取一次
备用 / 2FA 分片：由用户保留的额外分片，可保存在单独的设备、云或电子邮件上。登录新设备时必须用到该分片。

图 4：Web3Auth（Shamir Secret Sharing，社交登录）

目前，OAuth 分片和备用分片都由 Web3Auth 通过 Auth 网络控制，这两个分片被用来重构完整的私钥。在集成了 Web3Auth 的服务中，如 Opensea 和 Sequence，用户可以通过社交账号直接认证身份并登陆应用，不需要任何其它要求，这使得 Web3Auth 成为唯一的账户托管者。

Web3Auth 可以把备份密钥分发到第三方存储。如此一来，当用户从新设备登录时，就可以调用备份密钥来在环境中创建新设备共享。将备份密钥的存储委托给第三方可以减少安全漏洞和审查的风险。Bitizen.org 就是这种分布式托管的一个很好的例子，它使用 2/3 TSS 和客户自己的云盘来存储备份密钥共享。然而因为服务提供方对用户的云存储有完全的访问权限，隐私问题是不容小觑的缺点。

图 5：我们对 Web3Auth 的评估

Gas 费用：低。不是智能合约钱包

延迟：低。立即登录

更换设备：简单。社交登录和密码，或者只是社交登录

安全性：低。单一的托管人。私钥完整暴露到前端

非托管：低。服务高度依赖 Web3Auth，没有抗审查能力

功能性：低。不是智能合约钱包

我们对 Web3Auth 测试是在 Treasure.chess.com 和 Skyweaver.net 上进行的。

Particle Network（分布式托管EOA钱包）

Particle Network 是另一款以电子邮件或社交登录为特色的钱包服务，采用基于 2/2 MPC-TSS 的算法。在密钥生成过程中有两方，客户和官方，他们共同计算公钥，各自持有一段私钥。只有客户这一方才能启动签名过程。

签名时，由 TSS 技术生成的证明将上传到链上，而无需显示私钥。当客户端进行设备切换或账号恢复时，通过邮件 OTP 或社交登录验证后，就会调用存储在云端的客户端密钥。

图 6：Particle Network（MPC-TSS，社交登录）

TSS 多签名算法比 SSS 更安全，因为整个过程中它不会暴露完整的私钥。然而，在 2/2 TSS 方案中，两片密钥少了任何一片都无法恢复，这将使账户面临永久锁定的更高风险。

目前，Particle Network 允许用户下载存储在云端的密钥，从而轻松实现在新设备上的社交登录。然而，该密钥不受密码保护，服务提供商完全可以访问该账户。

图 7：我们对 Particle Network 的评估

Gas 费用：低，不是智能合约钱包。

延迟：低，2/2 MPC 非常高效。

更换设备：简单，邮件 OTP 或社交登录

安全性：中等，完整的私钥并不存在，也没有永远的暴露。社交登录的验证仍然是中心化的

非托管：低。服务器端可以暂停服务或审查交易。

功能性：低。不是智能合约钱包

我们对 Particle Network 钱包的测试是在 https://wallet.particle.network 上进行的。

Sequence（分布式托管智能合约钱包）

Sequence 是一个多签智能合约钱包，通过将三个密钥中的一个委托给 Web3Auth，同时支持电子邮件或社交登录。它允许开发人员更灵活地管理账户的安全性。此外，作为智能合约钱包，Sequence 支持在不同用例中设置额外的逻辑来改善用户体验。目前已有一些游戏和 Web3 应用采用了 Sequence。

Sequence 钱包目前使用三个私钥保证安全性，这三个私钥足以创建一个多数权重来完全控制账户：会话密钥、一个守护人密钥（gardian key）和一个 Torus 密钥。

会话密钥存储在浏览器的 IndexedDB 中。
守护人密钥保存在 Horizon（Sequence 服务器）上。
Torus 密钥（SSS）是由 Torus 网络生成的密钥，也称为 Web3Auth。关于它的特性，请参考上一节。

图 8：Sequence（智能合约，SSS）

与 Web3Auth 相比，Sequence 为开发人员或客户端添加了进一步分散托管的选项。目前Sequence 允许用户在登录新设备时，直接用社交账号同时调用 Torus 密钥和守护人密钥，以减少摩擦，改善用户体验。

Gas 费用是智能合约钱包的一个额外因素。账户创建、签署事务和密钥重构都是在链上进行的，因此需要消耗 Gas。交易签名成本可以忽略，但在 Polygon 上创建账户和密钥重构的成本为 $0.005-0.01，而在 Ethereum 上的成本约为此的 1000 倍。因此智能合约钱包在侧链和二层网络更可行。

图 9：我们对 Sequence 的评估

Gas 费用：低-中

在 Ethereum 上：270k gwei大约$5-12（Gas价格在 15-30 gwei，ETH 在 $1500）用于创建账户。

在 Polygon 上：$0.0068-0.015（Gas 价格 47 gwei，MATIC 为 $0.9）创建账户

延迟：中等，第一次登录通常需要 15 秒，社交登录需要 10 - 20 秒

更换设备：简单。社交登录

安全性：低。单点故障。在当前实现中，仅 Torus 密钥就足以登录

非托管：低。在当前实现中，仅 Torus 密钥就足以登录

功能性：高。Sequence 是一个智能合约钱包，因此支持额外的账户管理逻辑。

UniPass（分布式被动托管智能合约钱包）

UniPass 也是一个建立在 MPC 密钥管理之上的智能合约钱包。它继承智能合约和 MPC 钱包的所有优秀功能。与 Sequence 相比，它使用守护邮件（gardian email）的域名密钥（DKIM）来验证重置请求，而不是使用守护密钥和社交密钥。用户可以简单地从他们预先设置的电子邮件账户发送电子邮件来重置主密钥。

基于 DKIM 的重置机制是：用户以某种格式发送电子邮件，包含电子邮件地址的内容由 DomainKeys 进行哈希计算和签名，然后使用任何 RPC 服务广播已签名的哈希值，以调用智能合约中的重置功能。在链上验证监护人邮件的域密钥签名，如图 10 所示。

DKIM 的身份验证可以通过发送电子邮件简单地完成，整个流程不涉及任何需要授权用户请求的服务器，从而有效地消除了中心化风险。目前，Unipass 服务器通过为用户起草恢复邮件以及提供 RPC 服务来简化重置主密钥的流程。但是用户并不依赖于官方服务器，开源前端可以在本地运行，在账户恢复/社交恢复的流程中完全跳过服务器。

图 10：UniPass DKIM 恢复

在这种设计中，仍然可以认为守护邮件(gardian email)扮演着托管人的角色，但这是被动的，因为整个过程不存在具体的服务提供方，就不会面临审查风险。这种方式大大降低了服务提供者被内部或外部恶意攻击的风险，降低托管服务商被审查的可能性。账户的访问不仅由电子邮件服务的安全环境保护，而且对于外部来说还是隐身的（邮件地址和账户之间的关联关系通过zk技术加密，没有人知道和你钱包对应的邮箱是什么）。

由于存在 Gas 费用，用户通常使用 2/2 TSS 密钥登录账户，而不调用智能合约更昂贵的函数。如图 8 所示，要登录到一个新的设备或环境，用户首先使用电子邮件 OTP 从云端下载被 keystore 加密的用户密钥，并用 keystore 的密码解密它。然后可以在本地使用该密钥来启动交易签名。一旦用户密钥（client key）签署了交易，Unipass 持有的另一个密钥将自动参与签名。Unipass 密钥充当一个看门人，自动监视交易的内容，以检查潜在的前端攻击。

图 11：UniPass 2/2 MPC-TSS 登录流程

Unipass 还支持会话密钥（session key），它被授权在预定义的条件下自动签署交易，比如在一定的交易金额下、在一段时间内，添加白名单地址。这得益于智能合约的功能。使用会话密钥可以极大地改善某些场景下（如游戏）的用户体验。

图 12：我们对 Unipass 的评估

Gas 费用：低至中。创建账户的费用在 Polygon 上：80k-130k wei 为 $0.0033-$0.005（Gas 价格在 15-30 gwei，MATIC 价格为 $0.9）

延迟：中等

更换设备：中等。邮件 OTP + 密码。用户不能简单地通过社交登录导入账号

安全性：高。黑客需要破解两封邮件（地址和邮件之间的关系被 zk-tech 隐藏了）才能进入客户的账户，这几乎是不可能的。

非托管：中等。高服务可用性，即使 UniPass 官方停止服务，客户仍然可以访问他们的钱包；未发现托管行为。

功能性：高。UniPass 是一个智能合约钱包，因此它可以实现额外的账户管理逻辑。

总结

随着 Web3 用户转换门槛的降低，越来越多的开发人员开始意识到钱包本身，以及它作为用户流量入口的作用。过去，项目方要在无助记词密钥管理和自主保管之间取舍，现在，MPC 和智能合约减轻了这种压力。分布式托管解决方案，特别是 Unipass 的被动托管解决方案，为用户和开发人员提供了最均衡的用户体验和安全特性。在接下来的 12 个月里，随着一批面向消费者的 Web3 应用程序的到来，这种均衡的解决方案可能会被更广泛地采用。

图 13：我们对领先的无助记词钱包解决方案相关指标的评估