Web3 Galaxy Brain 🌌🧠

Nicholas: Welcome to Web3 Galaxy Brain. My name is Nicholas. Each week, I sit down with some of the brightest people building Web3 to talk about what they're working on right now. Today's special episode is the audio version of a research tech talk that I published on October 5th, 2023, entitled "The Consumer Crypto Stack - The 100X Unlock in Consumer Crypto Applications.". A video version of this talk is available on X.com and YouTube. If you enjoy this talk and want to go deeper, I encourage you to check out the recent and upcoming episodes of Web3 Galaxy Brain, where I get to talk to many of the people working with passkeys, account abstraction smart wallets, and L2s. You can subscribe to the show at Web3GalaxyBrain.com. And if you get value from Web3 Galaxy Brain and would like to support the show, please send me a tweet-length testimony explaining what makes it special to you. I'll post the best testimonies to the website to help others discover the show too. Thank you. As always, this show is provided as entertainment and does not constitute legal, financial, or tax advice, or any form of endorsement or suggestion. Crypto has risks, and you alone are responsible for doing your research and making your own decisions. I hope you enjoy the show. Hi, my name is Nicholas. I'm a Solidity Developer and the host of Web3GalaxyBrain.com, a podcast where I interview some of the brightest people in Web3 about what they're working on right now. Today, I'd like to talk to you about the Consumer Crypto Stack. It's a subject I've been researching for the past couple months, and I believe I've discovered a 100x unlock in user experience, and I'd like to show you how you can use it in your apps too. So what's the problem that we're facing? Essentially, self-custodied crypto experiences aren't great. The first big problem that users encounter when they try and use a dApp as a website is that when they click the Connect Wallet button, they're asked which wallet they're already using. If they're a new-to-crypto user, the only option is to click "I don't have a wallet" and be directed to either the Ethereum.org website or a specific wallet to download an app or a web extension, follow a complete onboarding process, including the unusual requirement of storing a recovery phrase somewhere, and then returning to the app in which they initially intended to use that originally piqued their interest. This UX is just terrible. No Web2 company would expect you to download a separate app in order to become a user of theirs, and it's something we should strive to improve on. The second big problem is the high cognitive overhead when starting to use crypto. Ideas like paying gas to execute a transaction are entirely foreign to most users of web services and apps. In addition, concepts like fungibility and non-fungibility as represented in these complex technical jargon language like ERC-20, 721, and 1155 is very difficult for people to appropriate. What's more, there are even more levels of confusion when they discover that you can wrap tokens in other tokens and that they have names that can be difficult to parse. And finally, there's things like token approvals on ERC-20, 721, and 1155 contracts, which can be dangerous if not handled carefully. Another big problem is that most crypto apps are desktop-oriented. Even though there are some mobile apps that support crypto, in general, experience is designed towards desktop users, which simply is not where the majority of users are spending most of their time. There's additionally a lot of foot guns, a lot of problems that can arise as you begin to use crypto more and more. For example, people are constantly trying to fish each other's seed phrases. There are malicious websites that will prompt malicious signature requests by promoting fake websites in Google search results and with AdSense. There's also sophisticated scams on Telegram, on Discord, etc. And even things up to and including SIM swapping threaten one's self-custodied wallet. There are a lot of solutions that have been proposed over the years that provide a more custodial experience and a centralized familiar front end to crypto experiences, but these basically make a compromise on the essential values of crypto, and most oftentimes might as well just be a regular old Web2 app. We want to preserve several values, such as permissionless access, censorship resistance, trustless execution, and decentralization in general, which centralized custodied front ends really just don't provide you. So there's a number of values which I've alluded to. The first one of these which I've mentioned is self-custody. I believe, and I think it's really important for consumer crypto apps to give the users control of their wallets. If they don't have controls of the keys to their wallets, then they aren't really the ones in control, and it's not really crypto. Second of all, consumer crypto apps need to be application-first. Users are interested in solving problems they have in their lives, such as being bored or trying to execute some kind of transaction that they can't because the fiat system makes it difficult for them to do so. We need to be creating solutions in consumer crypto that are application-first because users are interested in applications, not in technology stack elements like discrete wallets. Our experiences also are probably going to have to be mobile-first because the majority of the world's internet users are on mobile. When we address the mobile audience, we're addressing the largest portion of the global population possible via this kind of digital internet interaction. We also need to strive for one-click transactions. FriendTech has demonstrated that it is possible to create legitimate crypto experiences with a one-click checkout feeling, even skipping the checkout phase altogether and having buttons correspond directly to on-chain transactions in a user session. We should also avoid KYC-ing users too early. A Web2 app would never ask a user for basic entry into the app for their driver's license or passport or banking details, and yet these are common things to ask for when asking a new user to join a crypto service via some kind of KYC. So consumer crypto apps have to delay KYC as much as possible. I'm referring to this as lazy KYC in this slide. It's also important to lower the cost of transacting in the first place. for anyone who was there during the 2021 NFT bull market, for example. You remember how expensive it was to execute some transactions. Most users are simply losing money on these transactions or not participating at all. L2s unlock cheaper transactions and make it easier for us to onboard a larger number of people making legitimate crypto transactions with self-custodied wallets. Finally, and kind of as a summary to all these ideas, we just need to create consumer crypto experiences that are both for consumers and genuinely crypto, and that is to say that they need to be friendly to new to crypto users, not just for existing insiders. So the consumer crypto stack, I believe, can be divided into these four parts. The PWA or app, a smart contract wallet, living on an L2, and with a gasless design. If we divide it down further, you can imagine that the PWA app and smart contract wallets are a 10x improvement on the wallet experience, and we'll get into a little bit of details why. And the L2 and gasless experience design are a 10x in terms of the transaction experience for a cumulative 100x UX user experience improvement, in my opinion, at least. First, let's talk about the PWA or the app, one or the other. The hot wallets and discrete software wallets like MetaMask, Rainbow, Rabi, et cetera, that were considered to be the kind of easy way to access crypto, but maybe not as safe as a hardware wallet, are now being reclassified as prosumer products. MetaMask is not something that everyone is going to use when they come online on a chain. Instead, we're going to see native embedded wallets or at least native embedded signers inside of PWAs and apps. So what's a PWA? A PWA is a progressive web app, and since some recent updates to iOS in the last couple versions of iOS, these are actually feeling really good on iOS. We get a lot of features with a PWA. For example, you can add them to your home screen, get an icon on the home screen. You get notifications, which are crucial to reengaging users in the life of any software application. And you also get things like access to local storage, so you can save persistent data over multiple sessions. One classic example of this is FriendTech, whose add to home screen button, really, I think a lot of people have experienced at this point, but gives you that app-like feeling without the browser Chrome from Safari and with a persistent icon on your home screen and notifications. This is a great example that a lot of people have already tried. One other innovation, really nascent and almost ready to arrive, is the introduction of pass keys as a first class citizen on various platforms. So what are pass keys? Pass keys are kind of like a brand name for this web authentication web API. And essentially what they are, are private public key pairs that are native to browsers and operating systems. The private key is generated on device and stored inside the secure enclave of the given device that you're on, if it has access to it. And a public key is generated corresponding to it, which is given to the app that incites its creation. And they can use that for authentication in the future. Web authentication, WebAuthn API, is available on iOS, Android, Windows, macOS, Chromium, Firefox, Safari, the works. What one can do with a pass key is allow for biometric authentication with an embedded pass key based signer on an account abstraction wallet. What this means in terms of user experience is that someone simply creates and then later on uses their pass key by doing face ID or touch ID or the equivalence on their respective platforms in order to gain access to that pass key, which is then used to authenticate into a service or even to sign transactions that can be propagated to the chain and executed from an account abstraction smart wallet, which we'll talk about in just a second. These pass keys are stored in iCloud Keychain, which is really the state of the art and the absolute market leader in terms of consumer solutions for storing private keys. Using the advanced protection option from Apple, you can even have Apple throw away their recovery key so that you are really stuck with just your own security. And you can also add recovery contacts, which is to say anyone who has an iMessage or iCloud account who can then at a later date recover to a device should you forget your password or lose access to your Apple ID. With pass keys, we're also able to do sessions, which gives you a feeling, app feeling, like FriendTech. Although FriendTech doesn't literally use pass keys, the experience of logging in one time and being able to send these one-click transactions without signing ever again is also viable with pass key signers. Finally, the EU Digital Markets Act is set to go live in March 2024, and this will jailbreak iOS. It promises to allow us to sideload applications, have alternative app stores on the iOS, and because of those affordances, skip the 30% Apple tax and the App Store guidelines, which are very restrictive on interactions, untaxed interactions that are purely digital. So while you can buy something on Amazon without paying a fee, if your app lets people buy an NFT or do a swap, Apple wants a 30% cut, this Digital Markets Act should, promises, to allow us to bypass Apple altogether. There remains an open question about how scary it is to actually go ahead and sideload an app and how popular that is with regular users. In summary, we can build PWAs that are consumer-friendly today, and in the very near future, it looks highly likely that we'll be able to build a wide gamut of crypto apps that are actually natively running on iOS. Next up, smart contract wallets. So what is account abstraction and why does it matter? Account abstraction is a new model for having accounts on the EVM, where instead of having a private key that is external to the network that's able to sign transactions that can be verified by the nodes, instead we have a smart contract wallet that handles all of our assets, and we have external signers, external to the network of a variety of types, that can authenticate transactions. So in this first bullet point, I mentioned BYO authentication. The account abstraction model allows a kind of modular authentication where you can bring whichever type of authentication you prefer to sign on your given smart contract wallet. That includes things like SMS-based authentication, where essentially a server, or same thing for magic links, a server hangs onto your private key, you authenticate with them via whatever their mechanism is, 2FA, or clicking a button in an email, and then they are able to sign transactions on your behalf, so we can go for these very Web 2.0 type experiences through to social logins, SSO, OAuth, things like Facebook and Gmail can be used to authenticate into a session, or we can use things like PASCEs, which I discussed earlier, which are the most self-custodied of any of the options that I've mentioned here. You can also, of course, have an EOA be a signer on one of these things, so any kind of traditional wallet solution can handle that as well. Additionally, smart contract wallets allow you to rotate the signers so that if ever any one of your keys is compromised, you can swap it out without having to move any of your assets. There's also additional incredible permissions functionality, which allows you to restrict certain signers to only execute certain types of actions against specific smart contracts with certain assets or other limitations, requiring even things like multisig in order to be able to execute a specific type of subset of transaction on an AA wallet. There's a lot of affordances for both permissions and modular authentication with AA. The second really interesting thing is that AA introduces new ways to pay gas. For example, if a wallet has only USDC, through Paymasters, it's possible to have someone else essentially swap the USDC for ETH and pay the gas for the transaction in a seamless way. You can also swap out paying the fee for gas instead of just using a token in the wallet. It can also be offloaded to other players in the ecosystem. For example, MEV searchers who have a financial motivation to propagate your transaction at a specific point in time. Or the dApp itself, if an app developer wants to subsidize their user's transactions, is now very easy to do with a smart contract wallet. Or L2 sequencers, such as Base, for example, could include transactions that they'd like to incentivize on their network by choice. We also get the advantage of transaction bundling in account abstraction smart wallets. So this means the classic example is when you go to swap on Uniswap or some other DEX, you have to approve and swap in two separate transactions. With an AA wallet, this can be bundled into a single user operation, making it much more seamless for users. You can also do crazy things like batch send all of your assets as long as they fit within the block gas limit. So you could imagine sending all of your ERC-20s and all of your 721s in a single transaction, gas permitting. That's great for upgrading to a different wallet. If you want to just upgrade the implementation of the wallet that you're using without moving the assets, there are optional ways that you can make an AA wallet upgradable so you can improve its affordances over time without having to move any assets. That's, of course, optional. There are some drawbacks, however, to smart wallets, at least right now. For example, permissions aren't propagated across to different chains. So if, for example, I add a signer and remove a signer on Base, that change of state isn't propagated automatically to any other chains, Mainnet, Zora chain, Arbitrum, et cetera. And so one needs to be careful when changing permissions or making modifications to the state of the contract that control, you know, its security, essentially. That isn't propagated automatically cross-chain. The second thing that's a drawback here is that the pass keys that I mentioned earlier, although they are private keys that can sign transactions, pass keys are on the R1 elliptic curve. And the R1 elliptic curve is different from the K1 curve. that's common to both Bitcoin and Ethereum. So in the EVM, we have this EC recover function that allows us to check if a certain wallet signed a certain message in order to propagate things like 0x orders or OpenSea listings in a trustless way where the open source contract is verifying. That's not something that you can do built into the EVM today. There's a few different solutions. One of them is to bring your own smart contract that can verify R1's signatures. That costs about 70,000 gas currently to execute and is a pretty optimized contract. In the future, there's an EIP in the improvement proposal process that proposes to incorporate the R1 elliptic curve as something that can be verified and recovered just like EC recover and reduce that gas cost down from 70,000 to 3,450, which is much closer to the EC recover cost. And finally, instead, some people are choosing to use MPC solutions, multi-party computation solutions, where the pass key is a signer on a multi-party computation, which essentially has many, many nodes that together are able to summon a kind of synthetic EOA, externally owned account, in a process called distributed key generation. What's cool about that is that the EOA's private key doesn't live on any one computer and isn't completely in memory anywhere at any one time, and yet it's able to sign transactions or messages, which, because it's an EOA of a regular K1 variety to the EVM chain, can be propagated directly to the AA wallet without any kind of fancy verification. So there's a bunch of different options, and we'll get into one last surprise option at the end of this presentation. The third thing I'd like to talk about are L2s. L2s have radically lowered the cost of interacting with blockchains at the expense of decentralization, at least in the short term. So L2s allow us much, much, much cheaper transactions, which is not something insignificant because often, transacting on L1 can cost many cents or even dollars, even tens of dollars, and even sometimes hundreds of dollars when there's a lot of congestion. So L2s make a much more approachable experience for people who don't have as many crypto assets and can't justify those transactions as easily. I also think that L2s will be fighting for top apps, and so if you're able to create an application that is interesting and has users and some traction, then I think it's very likely that you'll receive DMs from other chains that would like you to migrate. One other interesting thing about the current trend, at least in L2s, especially with the optimistic roll-ups that are particularly popular right now, is their 1/1 EVM equivalents. These L2s just work, and so you can bring your Solidity contract, your Viper contract, and it'll essentially just work with the rest of the ecosystem, which is super handy and a great point of DevX. It's also possible to create app chains. If you have an app that is really popular and is onboarding lots of new users, there's no necessary reason for you to be on an existing chain. In fact, you might even be able to cut costs and assert some control over the network by using a roll-up as a service provider, and these allow you, as an app developer, to cut out the middleman who is essentially marking up L1 block space and providing a specific other network. Of course, chains like Base, et cetera, have lots of liquidity. that's very interesting, Arbitrum, others, so there's reasons to go on existing chains, but it may appeal to some apps, depending on how their application works and who their target audience is, to just live on their own app chain and cut out the middleman who's marking up the L1 block space. In the little image on the right, you can see this is actually generated for ZK by Tycho to describe the four types of ZK roll-ups that Vitalik described in a blog post. You can see in 2018, Barry Whitehat created the original roll-up design, which was actually a ZK design, predates Optimistic designs. However, in the last year, two years, the Optimistic roll-ups have proved to be sort of sooner to market and gaining lots of traction, and the Optimistic roll-ups, one of their advantages is that they are really EVM equivalent, and so it's very easy for developers to move from mainnet to these 1.1 equivalent EVM chains. However, I think going forward, it seems very likely that as people explore that space and get comfortable deploying on other chains that roll up to L1, we might start to see, again, an exploration of increasingly specific L2s that are not EVM equivalent but have some interesting affordances that are useful or interesting for app developers. You can imagine things related to data availability and other affordances that I think we'll see explored in the next couple years. So the pendulum may be swinging back to these increased prover performance where specificity of an L2 is an interesting property, not just equivalence to EVM. Finally, there are some drawbacks about L2s, and the main one I alluded to earlier, which is that decentralization is really not fully baked in a lot of the "L2s" today, and so it's something to keep in mind. My personal feeling is that most of these chains have a direct motivation to decentralize properly so that they aren't responsible for everything that goes on on those chains, and so I have faith. However, it's something to keep in mind. Finally, let's talk about gasless user experience design. The point of this is really to reduce the friction for users getting into using your app. So the goal is to have zero-balance wallets be able to explore 99.9% of the app and not be blocked or added friction by the need to either deposit some token from another chain, which is unlikely if they're a new user to crypto, or to KYC and OnRamp. The first thing that can alleviate this tension is sponsored transactions. Talked about this a little bit in the AAA piece, but essentially, by paying with Paymasters, Sequencers, MEV, or through sponsored transactions, you can reduce the cost for transacting to actually gasless experiences if you're just willing to find a way to sponsor them yourself. Another solution that's increasingly popular is what I'm calling lazy maxi. This has grown out of the lazy minting tendency, which was introduced in 2020, late 2020, by OpenSea, and it's just recently being reinvigorated by Zora, who have a similar implementation. Essentially, you treat on-chain interactions the same way 0x or cowswap or OpenSea listing and bidding work, which is to say that the user signs a permit or an intent, and that intent is stored off-chain until someone wants to take the opportunity proposed by that intent. You can use this for swapping tokens, for minting NFTs, even for deploying whole contracts and then doing subsequent interactions once those are deployed. You can simply think about this as buying makes it real. The buyer puts it on-chain. Finally, we can have all kinds of interactivity without on-chain actions themselves. There are lots of interesting crypto-related experiences that don't require an on-chain transaction at the time of interaction, and there's a picture of a lazy Garfield. Let's take a look just before finishing off at a case study. I want to take a look at Warpcast, their latest version that they just put out this past week. For those who don't know, Warpcast is a client to the Farcaster protocol. Warpcast is a client that signs messages. every time you send their equivalent of a tweet. Every time you post, it signs that cast and propagates it to their gossip network of nodes, the hubs. In the most recent version of Warpcast, they introduced passkeys. Now a user can enter the app and with their face ID create a passkey, and they're using a brand new extension feature that's supported only recently in iOS called Large Blob. And what Large Blob does is allow you to store another piece of information associated with a passkey that's given to the application or PWA when the user face IDs and authenticates for that passkey. So they'll never see the private key of the passkey itself, but they will get access to this large blob. This is great because this allows them to store the private key that they need for you to be able to post on the Farcaster network inside of iCloud Keychain, which as I mentioned before is really state of the art in terms of consumer private key backup and recovery. So in summary, the Consumer Crypto stack is composed of PWAs or apps, smart contract wallets, living on L2s with gasless designs. Consumer Crypto is here. I'm excited to see what you come up with. I'm also hiring for my project. Please subscribe to Web3GalaxyBrain.com. I hope to see you at the next recording. Thanks for listening. Hey, thanks for listening to this episode of Web3 Galaxy Brain. To keep up with everything Web3, follow me on Twitter @Nicholas with four leading ins. You can find links to the topics discussed on today's episode in the show notes. Podcast feed links are available at Web3GalaxyBrain.com. Web3 Galaxy Brain airs live most Friday afternoons at 5 p.m. Eastern Time, 2200 UTC on Twitter Spaces. I look forward to seeing you there.