Overcoming Web3 Game Traffic Barriers: A Wallet-Centric Approach
Key Findings
- EOA wallets cannot recover accounts if mnemonic phrases are lost due to the single private key verification mechanism.
- Smart contract wallets are difficult to upgrade and can be easily compromised by hackers due to the reverse proxy mode.
- MPC wallets use secret sharing for off-chain signatures, allowing for account recovery and the integration of risk control systems, making them suitable for Web3 game applications.
- MPC wallets can be integrated with traditional game engines to achieve compatibility with Web3 game applications.
In our previous article “EIP-3074 vs. ERC-4337: the Choice to Make as Web3 Games Are Moving Towards an Appchain Future,” we discussed how the EIP-3074 and ERC-4337 protocols can address the issue of poor user experience in Web3 games to varying degrees based on their unique features. In this article, we will continue to explore how to overcome traffic barriers in Web3 games. A general consensus in the Web3 industry is that wallets serve as the entry point to Web3.0. Therefore, we believe that addressing the issue of high entry barriers for players and traffic barriers requires starting with wallets.
Which of the Three Mainstream Wallet Types is More Suitable for Web3 Games?
First, let’s clarify the general context of Web3 games. In our previous article, we mentioned that Appchains are a major trend in the development of underlying infrastructure in the near future. The definition of Appchains given by the MOAC platform is closest to our vision of Appchains:
“An Appchain, also known as a subchain, is an independent blockchain system built on top of the main chain. The main purpose of a subchain is to offload business logic from the main chain and execute more complex business operations in the subchain.”
At the same time, there is an opposing view that the future trend is towards a multi-chain pattern. Multi-chain is currently happening, and we won’t elaborate on it here. Regardless of whether it is Appchains or multi-chains, in essence, the future will not return to the dominance of Ethereum alone. Therefore, we can conclude that Web3 games will develop in a more diverse underlying ecosystem.
EOA Wallet: Single Private Key Verification Mechanism while Unable to Recover Accounts
What is an EOA wallet?
An EOA (Externally Owned Account) wallet is the most widely used and popular wallet among Web3 users. The well-known Metamask is a typical example of an EOA wallet. The EOA wallet is managed by a public key and a private key. The public key is a visible wallet address for sending and receiving assets, while the private key is a mnemonic phrase that needs to be kept absolutely confidential. The EOA wallet is controlled by the private key, which takes the account funds in custody. The EOA wallet is the most common wallet in the industry, but its entry barrier is very high, and the general public often feels excluded due to difficulty in understanding and managing it.
Common solutions: MetaMask, Ronin Wallet, BSC Wallet, Keplr, etc.
Why is it not suitable for Web3 games?
Of course, we mainly consider the suitability for Web3 games from a technical perspective. First of all, the mnemonic system is a single private key verification mechanism. Once the private key is lost, the account assets will be exposed to great risk, and neither party nor any means can recover it. Another consideration is that in the application scenario of games, to ensure the gaming experience, the player’s account needs to be recoverable; to prevent game developers from acting maliciously, it is best if the player’s account can be risk-controlled through the wallet. However, the EOA wallet currently cannot achieve these two points.
Smart Contract Wallets: Complex Upgrade Process and Vulnerability to Code Tampering
What are smart contract wallets?
Smart contract wallets are wallets that do not require users’personal custody of their private keys, they address the mnemonic dilemma of EOA wallets. These wallets are controlled by code, with the logic defined by developers. The customizable logic of smart contract wallets establishes the foundation for their composability, allowing developers to selectively add functional modules to the wallet’s code, such as Web2 login methods or even asset lending and borrowing functionalities. Thus, smart contract wallets are often seen as the gateway for Web3 traffic in the future. However, aside from the security risks in the upgrade process we mentioned in our previous article, smart contract wallets have another explicit drawback: they require a burning cost from the initial stages of contract creation, which is not affordable for ordinary users.
Common solutions: UniPass, Gnosis Safe, Argent, etc.
Why are smart contract wallets not suitable for Web3 games?
At present, the development, deployment, and usage environment of smart contract wallets essentially depend on the Ethereum structure. Although the ERC-4337 protocol has improved the universality of smart contract wallets, in practical applications, especially in cases of contract upgrades, it requires a unified linkage among other related links such as other smart contracts and underlying infrastructure. Moreover, as we mentioned in our previous article, the reverse proxy mode used in smart contract upgrades creates a space for hackers to tamper with the code. Therefore, in the underlying environment of Appchains and multi-chain scenarios, smart contract wallets are not the best wallet solution for Web3 game applications.
MPC Wallet: Account Recoverable, Allows Risk Control System Integration
What is an MPC wallet?
An MPC wallet is also known as a multi-party computation wallet. It has a validation logic similar to that of a multi-signature wallet in a smart contract wallet because they both use a threshold signature solution, also known as secret sharing.
The signature algorithm typically used by an MPC wallet is TSS. It is important to note that TSS is not the only algorithm available for use in an MPC wallet. TSS is commonly used because it is an algorithm that can be validated by Ethereum, meaning it can be validated by all chains within the Ethereum system. In reality, an MPC wallet can also use the bls algorithm, but bls is still relatively “niche”. Although Ethereum 2.0 has supported the validation of bls algorithms, its validation mainly focuses on solutions related to zero-knowledge proof rather than wallet consensus.
The secret sharing solution of MPC wallet is that n people sign a message one by one while ensuring privacy. After the signatures are completed, the private key generated is verified once by the public key, and the transaction is successful if the verification is successful. Similar to the t-of-n threshold structure of a multi-signature wallet, secret sharing verification also requires at least t Approvers out of n validators to represent the entire group to sign the transaction, in order to generate the final signature (usually t needs to exceed 50% of n. For example, when n=3, t≥2).
The advantage of MPC wallet over smart contract wallets is that only an address is displayed on the chain, and the burning cost during use is much lower than that of smart contract wallets. Additionally, since it does not allow a complete private key to be concentrated on the same device, there will be no single point of failure.
Common solutions: ZenGo, Bitizen, and so on.
We believe that MPC wallet is the best solution for the Web3 gaming traffic barrier problem in the Appchain or multi-chain environment.
Firstly, the MPC wallet does not require the deployment of a smart contract, and its signature is executed off-chain, independent of both the smart contract and the underlying chain.
Secondly, the MPC wallet also includes a Hash address, and from the user’s perspective, it looks no different from an EOA wallet.
Most importantly, the MPC wallet is verified through secret sharing, with the wallet itself being one of the signers and participating in the wallet verification.
The validation method of MPC wallet’s secret sharing can solve two problems:
- Achieving recoverable accounts
Wallet recovery is possible because in the logic of multi-party verification, if one private key is lost, other private keys can help with the verification. Let’s take the example of a 2-of-3 structure mentioned earlier. Assuming there are three private keys that need for signature, as long as 2 of the private keys sign and verify successfully, the transaction can be completed. If one of the private keys held by the user is lost, the other two private keys can be used for verification. Upon successful verification, the wallet is recovered, and a new private key is generated to replace the lost one, returning to the user’s possession. You may wonder how to ensure that the player who obtains the new private key is the correct person, and we will address this issue later on.
2. Can be securely monitored
The ability to be securely monitored is related to the fact that the wallet itself can act as a private key custodian. During the signature verification process, the MPC wallet can improve the security of the entire transaction by adding a risk control system. There are two ways to add a risk control system:
(1) Adding risk control code or a security engine during the signature verification process. This method can monitor the behavior of the private key custodian and evaluate the security of the transaction, effectively preventing game operators from abusing their power. For example, if a game operator has malicious intent and inserts malicious code into a user’s true intent during signature verification, such as transferring assets from the player’s wallet, the risk control code or security engine at the underlying chain can play a role.
(2) Integrating a biometric authentication system, such as facial recognition or fingerprint recognition. First, players can use biometric authentication to call the private key stored on their end for verification. Second, in the event of a lost private key, players can use the biometric authentication system to prove their identity and initiate verification of the other private keys. This also answers the question we raised earlier — how to ensure that the player who obtains the new private key is the rightful owner of the lost private key.
Allowing secure monitoring can also to some extent solve the centralization risk of MPC wallets in storage.
As the MPC wallet uses off-chain signature and on-chain verification, its signature verification process does not rely on the underlying chain and on-chain smart contracts. Therefore, it needs to rely on third-party storage for private key storage, whether it is on-chain or off-chain storage, there is always some centralization risk in third-party custody. It can be said that MPC wallets sacrifice some decentralization characteristics to ensure convenience and security in use.
The biometric system in secure monitoring can solve this problem well. Taking the cryptocurrency wallet ZenGO as an example, ZenGO has adopted “keyless mechanism” and “passwordless authorization mechanism” and customized facial ID scan to activate the private key stored on the player’s iCloud, and then carry out key verification. In addition, if the wallet’s server itself is shut down, ZenGO will activate the trustee and trustee mechanism to ensure that the key can be awakened and restored.
How to enable MPC wallets to adapt to the Web3 gaming application scenario?
Integration with traditional game engines
At present, we have not seen a real solution that can integrate with traditional game engines such as Unreal Engine and Unity for any type of wallet or game SDK. Although some solutions claim to have achieved these integrations, from the perspective of their underlying code, most of them use .js code to create H5 games in the final implementation, which is not what we expect from large-scale MMORPGs.
In this state, we believe that by directly integrating MPC wallets into these game engines and implementing the call of iOS or Android code, MPC wallets can adapt to the ongoing Web3 gaming application scenario.
Reflections
Despite emphasizing that MPC wallets are no different from traditional EOA wallets in terms of user experience, they do have a limitation that cannot be solved at the current stage. In the underlying implementation, conducting a transaction through an MPC wallet requires completing multiple processes such as consensus, communication, and multi-signature verification. Therefore, in terms of transaction processing speed, MPC wallets are not as efficient as traditional EOA wallets. In the next stage, in addition to the transformation of MPC wallets for Web3 gaming application scenarios, we believe that enhancing the performance of MPC wallets themselves will play a more important role in games.
About MixMarvel DAO Venture
MixMarvel DAO Venture is a decentralized investment organization that unites builders and investors from the Web2 and Web3 worlds. Concentrating on pioneering Web3 applications, tools, and infrastructures, MixMarvel DAO Venture empowers Web3 ecosystem constructors through financial support and consulting services. It comprises a diverse portfolio of GameFi, Metaverse, Web3 engine, and infrastructure projects.
Website | Telegram | Medium | Twitter | Business Contact
