Beyond mnemonics: Passkey wallet and its future vision

Author: Joel John, decentralized.co; Translation: Golden Finance xiaozou

Note: This article is in three parts Part two of a series of articles. The first part is about chain abstraction, please refer to Jinse Finance’s previous article "The AWS Moment of Blockchain: How Chain Abstraction is Transforming The World of Thousand Chains. The second part of this article is about how wallet infrastructure develops. They are the building blocks for attracting the next billion users to Web3.

A few months ago, I registered 0xppl.com. It was a few days after the meme craze, and I didn’t want my financially irresponsible choices to be spread on social networks. I wanted to create a new wallet – one that was both secure and easy to use. Not wanting to store another pair of private keys, I looked for alternatives and discovered Capsule on the Metamask Snap directory.

In the past, I’ve written about the importance of mobile-first for growth. As of 2024, multiple well-known DeFi products have launched mobile applications. Last year we discussed how volatility is becoming a service. Last weekend, the Pump.fun team’s cumulative revenue reached $100 million.

I want to see clearly what the next big opportunity is, and it seems that the passkey wallet may be one.

Passkey is a mechanism for storing private keys on the device to verify its identity. Companies such as Amazon and Google use passkey to help users log in without passwords, and the application of passkey has also been extended to Web3.

In this article, I will briefly explain how passkey works and propose a possible future implemented by passkey.

1、Crossing the Chasm

Imagine if mobile devices had never existed and people could only access the Internet through large, expensive personal computers. This was the reality in the late 1990s. Typically, these computers are connected to physical phone lines, which are disconnected when someone uses the Internet.

So, if you want to download the latest album from Napster, and you only have an Internet connection, your home may not receive any calls at this time.

Mobile devices have opened the door to network connectivity. From 2000 to 2020, 3 billion people used mobile devices to access the Internet. When 1 billion users joined Facebook in the 2010s, they generated enough attention to spur the development of a digital-first economy—one in which selling goods or dating online happens entirely through the social network.

If the Internet does not become accessible, affordable, and easy to use anytime, anywhere, these platforms may suffer the same fate as content television networks: Centralized, censored, and the content is generally boring. Mobile devices fuel the Internet economy.

Today, secure wallet access requires you to have a physical device (such as a ledger wallet), sign transactions, and keep it in a secure location. Therefore, people only use them to store high-value assets. Passkey wallet is more like mobile devices are to the Internet. They don't require high upfront costs and allow users to use them on the go, like Capsule. Passkey technology greatly lowers the threshold for wallet use.

The main driver for Passkey adoption is Fast Identity Online (FIDO: Online Fast Identity Verification Service) - more than 250 well-known companies already use this standard . Well-known password managers such as Bitwarden and LastPass use FIDO services. So, in a sense, this is a mature technology that is now being ported into the crypto ecosystem through entities like Capsule.

But what exactly are they and how do they work? Just like crypto wallets, passkey is based on a public-private key model. The public key is the identifier that websites use to identify you, and the public key is public. The private key is generated on your device.

When you pay with Apple Pay or log into a device using facial recognition, the biometric data doesn't leave your machine. A chip (often called a Secure Enclave) verifies information (such as a fingerprint), processes it, and provides the results to third-party software. I can steal your iPhone, but that doesn't mean I can access your biometric data, because that data never leaves the Secure Enclave.

Each application has a unique key pair, so your Google key pair may not be used again on Amazon. Think of them as unique passwords automatically generated by the device for logging into various sites. These keys are usually stored in the cloud. Both Google and Apple have corresponding cloud storage mechanisms for keys, so any device using their operating systems can synchronize login keys.

What does this mean for the crypto world? Wallets use private keys to sign transactions. Remember I said your secure enclave stores your private key? In fact, you can use facial recognition or fingerprint scanning as an authentication mechanism for signing transactions. Crypto veterans may not think this is cool. But if you are a developer of a game or web3 social product, and you have less than 10 seconds to attract users, then using iCloud's passkey is your fastest solution at the moment.

Capsule allows me to create a wallet that I can access at any time and verify transactions conveniently via a fingerprint scan or facial recognition from my mobile device. They provide a software development kit (SDK) that enables any developer to create new wallets for users. When you log in to a Capsule product using Gmail, you can immediately see a wallet that is ready for use at any time.

Wallet providers such as Capsule integrate funding solutions like Stripe. Therefore, users can hold ETH (to pay for gas) simply by using Apple Pay after activating the wallet. As a result, a process that previously took hours is reduced to minutes. No more having to deal with opaque offshore exchanges to mint NFTs. But what if a user loses their key?

This is where multi-party computation (MPC) comes in. This sounds a bit like account abstraction, but the concept is different.

MPC is an encryption key generation and management mechanism. As the name suggests, there are multiple parties involved in creating and storing a private key, without any of them knowing its full contents. In reality, no one person has access to the key, but if one person loses part of the key, two other people can help restore access.

For example, in a wallet that supports Capsule, the key is generated by input from the user and Capsule, and the specific content of these inputs is unknown to other parties . This setting is useful for permission recovery when keys are lost and users lose access. However, if any two of the parties cooperate, they can sign the deal. This setting is particularly useful for recovering keys when a user loses access.

I've explained how it works, now we can discuss what it achieves and why it interests me so much. The SDK provided by Capsule allows users to create a wallet that can be used across multiple products. For example, when you use the same wallet on Metamask for Uniswap and Aave, both applications can interact with the same address to query and execute transactions.

Aave can check your wallet balance before approving a loan, and you can use Uniswap's Liquidity Provider (LP) token as another platform loan collateral. Interoperability of cross-platform assets is a core principle of Web3. Historically, achieving this interoperability has required users to have their own wallet with a mnemonic phrase. Migrating interoperability between devices can be a pain.

Capsule takes away these pains by allowing users to sign transactions or manage wallets using more traditional forms of authentication.

You can log in with your Google account and use the same wallet across multiple products. One might say that this feature is available to anyone using MetaMask, but most users are not familiar with mnemonics or keeping them secure. However, they are familiar with using Google, Twitter or Apple's login system. Users can create a wallet with just the click of a button, which could be the difference between retention and churn.

Another factor to note here is that email links or embedded wallets themselves are not new. There are many service providers in this market segment.

It's interesting how you can use the same authentication form in different products - for example, an X handle or a Gmail login. The interoperability is unique.

In the past, if you used an email (such as [email protected]) to launch a wallet on a decentralized exchange and then tried to launch a wallet on another product (such as a lending product), you would have two different wallets. So any kind of composability (or cross-application interaction) is out of the question. Capsule helps port assets and identities between web2 native authentication systems, and its SDK allows any developer to integrate it into a product with just a few lines of code.

Another improvement Capsule brings to the wallet field is programmable transactions, which support automatic transactions under certain conditions.

For example, let's say you want a wallet holding USDC to purchase $100 worth of ETH from Uniswap every time the price of ETH drops below $2,000. In the past, you had to deposit your entire $100 into a centralized exchange (like Binance) or manually track the asset's price movements.

With programmable transactions, this process is much easier. Products like Velo Data can pass a variable (in this case, the price of ETH) to verify a transaction. The user makes a choice, and when the conditions for ETH to be less than $2,000 are met, the Capsule can sign the transaction.

Having the signatures required to execute transactions across parties enables programmability. You can set prerequisites for trading assets through Uniswap without user involvement — similar to the if-then statements used for transactions when logged into the application.

For example, an on-chain insurance product can query data from an oracle that provides weather data and make payments from a pool of funds funded by multiple users. A prediction market that uses Google query data could also pay for sporting events. Even better, you can connect your Apple Watch with a preset wallet so that money is automatically transferred to friends if the user misses a workout for the day.

In all these cases, the unique advantage Capsule offers developers is that it never leaves users struggling with mnemonic phrases. Users can open their wallet, purchase $10 of ETH, log in using their Gmail account to bet on sports markets, and purchase ETH using the SDK through Stripe.

The design space here is limited only by the data types that the product can query and the Capsule's ability to interpret and sign transactions based on the data. However, this model may be less effective for more subjective data or trading needs.

2, more than trading

Why is this important? I can give an example to explain. Recently, Capsule partnered with r/datadao to enable users to port data from Reddit to the DAO. Simply put, the product allows users to export their data from Reddit to DataDAO (run by Commonwealth) for training large language models (LLM). Such a system requires a simple login model that can handle email addresses and interact with web3 native products like Commonwealth.

R/datadao's DAO is managed by a tool called Commonwealth. So when a user sets up a wallet (using Reddit) and then logs into Commonwealth, they can use the points (or tokens) they earn from Reddit to vote on a Commonwealth-governed DAO. Capsule allows users to register for DataDAO using a wallet generated from an X handle, Discord, or Google account, and use their points to vote on the system built by Common. It only takes a few seconds to complete these steps.

A more relevant example is that Uber drivers can manage the DAO in proportion to the miles they have on their Uber account. Support for these use cases comes in part from the tools provided by ZkTLS.

Another way Capsule is expanding its market to new Web3 users is through pre-generated wallets. In other words, Web2 products allow users to activate their wallets when logging in to the product, and there are already assets in the wallet.

For example, if I wanted to get the most active members of a running club in Dubai to join a product, I could pre-generate a wallet associated with their Twitter account, load Offer them discounts on items like shoes with the NFT, then private message them to ask them to join the community.

Now, I'm not entirely sure how many people qualify as:

●  ;Living in Dubai

● Running

● Active on Twitter

● Use NFT to access the community

However, my point is, this is Tools can be used to guide the Web2 community in using Web3 primitives. What if the user doesn't reply to my private message? I can use a pre-programmed transaction to send the NFT back to the claiming wallet after a certain point in time. Just like a discount has a certain period of time.

This opens up design space for entirely new applications. Perhaps one of the most accessible opportunities is the content itself. Currently, we write on Substack because it allows us to connect with our readers via email. If we need to mint an NFT, our best options are Paragraph, Mirror or Farcaster Frame. Suppose the Capsule SDK allows the creation of a Web3 native publication that allows users to generate articles and send them to their own email addresses.

In fact, we can even connect the wallets of our most active readers with OP (Optimism) token preloading so they don’t have to mint via a bridge asset NFT. The process looks like this.

On the left side of the above picture, I used something like Metamask to explain the steps of minting coins on Mirror today; on the right side, I explained how to use Capsule SDK What does it look like.

This means that a product can reactivate users using traditional distribution channels (such as email) while engaging them on Web3 payment rails (such as stablecoins) interactive.

Tools like those provided by Capsule appear to be a bridge between the current market and the market that may exist in the next ten years. In my opinion, they are the perfect middle ground between the ease of use and convenience of Web2 products and the security, hosting and customization of Web3 native building principles.