Deutsch한국어 日本語中文EspañolFrançaisՀայերենNederlandsРусскийItalianoPortuguêsTürkçe
Portfolio TrackerSwapBuy CryptoCryptocurrenciesPricingWalletNewsEarnBlogNFTWidgetsCoinStats MidasDeFi Portfolio Tracker24h ReportPress KitAPI Docs

Ambire Submitted a Proposal for the EF’s Account Abstraction Grants 2023

10M ago
bullish:

0

bearish:

0

We proposed a way to develop a self-custodial email/password authentication via DKIM.

Hacking culture is strong in the Ambire team, so last week felt like a hackathon at our HQs, as the dev team developed a proposal for the Ethereum Foundation’s Account Abstraction Grants 2023.

We proposed a way of enabling an email-based recovery mechanism that is very secure, doesn’t compromise on self-custody, and unlike the current solution, doesn’t require a timelock.

About the Grants

In February, The Ethereum Foundation launched a new grant round to encourage development, research, and education around Account Abstraction and the necessary infrastructure to support it.

While Account Abstraction frees the design space for user experience and wallet innovation, the community still needs to build and establish a set of standard interfaces without compromising on decentralization and censorship resistance.

  • The Ethereum Foundation

Being among the most active teams in the AA space, we decided that the grants provide an opportunity for our team to develop an interesting concept that we’ve been researching recently:

Self-custodial Email/Password Authentication via DKIM

Ambire is a web-based account abstraction wallet launched in late 2021, the first to offer self-custodial account creation using email/password authentication, thanks to an underlying 2/2 multisig.

After one year of running on Mainnet and other EVM networks, we believe that email/password accounts demonstrate how Account abstraction makes Ethereum more inclusive. We found out that email-based registration is perfect for onboarding people who aren’t technical or patient enough to deal with seed phrases or browser extensions.

When using email/password signers, Ambire creates a 2/2 multisig under the hood for you, where one of the keys is on your device and encrypted with the password, while the other is responsible for verifying email confirmation codes and “lives” on a back-end HSM. Both keys are necessary to control the account, but one is enough to trigger the time-locked recovery procedure.

We provide a recovery option for email/password accounts in case the password or email access is lost. If a transaction was signed with only one of the keys, the contract triggers a time-lock recovery for 72 hours. After 72 hours, the missing key from the transaction will be replaced with a new one provided by the user in the same transaction. (For more details, read our security model or, more generally, our whitepaper.)

Right now, the private key related to email is managed by Ambire’s back end. Also, the user experience of time-lock transactions is not native for the Web2 world and often confusing, especially when combined with a cross-chain experience, where you have to trigger the time-lock on each of the networks you use.

With our Account Abstraction Grants 2023 proposal we want to implement email recovery with DKIM. With this we will provide option for the user to not share any sensitive information with the wallet provider. Additionally, it will allow the time-lock to be dropped.

Check our full grant submission here

How Ambire saved $186,000 worth of user funds thanks to account abstraction

For our submission, we ran some calculations to test the hypothesis that email registration and password retrieval are actually useful for users, and here’s what we found:

62% of all registered wallets since we released Ambire were created with email multisig signers. However, they account for appr. 1/5 of all TVL. We can conclude that people favoring email registration hold smaller funds and are probably new to Web3 and experimenting/learning. Traditionally, this group is the most vulnerable one to fund loss due to the inability to recall seed phrases or private keys.

Using our account recovery mechanism, our users regained access to 117 accounts holding $186,000 — funds that would have otherwise been lost.

All of this shows that the Account Abstraction implementation in Ambie Wallet is already achieving the goal of onboarding new people to Web3.

Interested in Ambire? Follow us:

Discord | Twitter | Reddit | GitHub | TelegramFacebook


Ambire Submitted a Proposal for the EF’s Account Abstraction Grants 2023 was originally published in The Ambire Blog on Medium, where people are continuing the conversation by highlighting and responding to this story.

10M ago
bullish:

0

bearish:

0

Manage all your crypto, NFT and DeFi from one place

Securely connect the portfolio you’re using to start.