Replies: 1 comment 1 reply
-
Thanks Corwin! I'll answer mostly from a product perspective:
I would add, supporting #4, that derivation path with NEAR would be even more human-friendly than what we are used to: we can easily replace an anonymous |
Beta Was this translation helpful? Give feedback.
-
After exploring several directions towards the aim of supporting both implicit accounts and Torus in the next iteration of our onboarding UX, we've surfaced a few critical unknowns. I'd like to see if we can gain some clarity around these to unblock the work. Following are a few questions, scenarios, and/or considerations.
Implicit Accounts with a
0
balance: This item has been on our roadmap for > 2 months. The problem with how accounts are implemented currently is that they require storage to occupy space on-chain. It has been suggested that implicit accounts may offer a way to circumvent this by enabling a user to be "logged in" to the wallet without first having to fund the account, since the concerns of a limited namespace are absent. For the next iteration of our onboarding UX, we need a final word on the feasibility of this functionality. Is it feasible to allow users creating an account using an implicit address to reach a "logged in" state without having to fund the account first?Resume Onboarding & Recycling Keys: A tangential problem exists when considering the need for users to resume onboarding, or to enable them to navigate back to a wallet account that has yet to be funded. We currently provide users with their private key before the account has been created. With implicit accounts, it makes sense then that as long as the user is in possession of their private key, they should be able to return to their account, even if they have not yet funded it. This brings into question the concept of recycling keys. Consider the following scenario: A user begins account creation and reaches the funding step. Inevitably, some users will decide not to fund the account right away. Expecting to be able to reach their account later on, they may attempt to use their seed phrase to "recover" the account in order to do this. Currently, since the account does not exist on chain, they will encounter an error that says the key is invalid. Theoretically, since a private key pair will generate a unique implicit address, we could derive the implicit account from a user who has provided their private key, deriving the same address consistently even if they have yet to fund the account. However, we need to consider what this means for keys that have been used before. If a key was previously used for an account (even a named account), but was removed and is now not attached to any account, we could in theory again derive the implicit account from this key were the user to provide it. This idea of "recycling" keys is something that has not been discussed at length. Is there any risk associated with this action? Are there any clear reasons why this should be avoided?
Torus Limitations: By default, Torus maps a single email address to a single private key. Consider the nature of implicit accounts: since an implicit account is unique to a private key, this means that if Torus can only generate a single private key per email or social login, then it can only be used to create a single implicit account. If a user attempts to create a new implicit account using Torus after they have done so once already, it is likely they would be prevented from doing so.
Unless...
hardened derivation
to derive multiple implicit addresses from a single private key. Similar to Ledger, where HD paths can be used to generate a unique address for each path index, Seed Phrases can also leverage HD paths to derive multiple addresses. This enables a single key to be used to secure multiple addresses. The biggest challenge here becomes determining how to find these accounts during an import. The defecto solution for most wallets is to leverage an algorithm to iterate over the HD path indices, importing each account with any kind of activity. Once a predefined number of accounts in the array are scanned that have no activity, the algorithm stops. An outline for this approach and process can be seen here: https://github.com/bitcoin/bips/blob/master/bip-0044.mediawiki#Address_gap_limit, and is the approach used by a large majority of crypto wallets.As we prepare to incorporate implicit addresses, we should take this into consideration. If we make a decision to limit a user to a single implicit account per private key (
HDpath[0]
), this means then that the user will need to secure and manage a unique private key for every address they decide to create. While this is very secure in theory, it could also be argued that a user managing many "paper wallets" is forced to endure larger cognitive load and complexity in managing their keys and accounts, which could result in increased risk that they lose the keys for one or more accounts. This would also result in objectively subpar onboarding, since every time the user creates an account, they would need to generate a new private key pair.Since NEAR natively offers the ability to change and rotate keys on a given account, it stands to reason then that we should not force users to generate a new private key each time they want to generate a new implicit address. Users should be allowed to secure and derive multiple implicit accounts from a single private key. They should also retain the ability to generate new accounts with a fresh key, if that is something they desire or need.
The question is, is the implicit address generated in this scenario derived from an existing key using the common HD path solution, or by some other means?
One last thing to consider is that we currently support the importing of accounts from multiple HD paths from a Ledger device. We will also be enabling users to define which HD path they use when creating accounts. It therefore stands to reason that similar behavior could be useful when leveraging other security methods.
Beta Was this translation helpful? Give feedback.
All reactions