Aqua Wallet Roadmap

[ademidun]

Aqua is a wallet that is both secure and easy to use. Our thesis is that the best way to optimise for both security and ease of use is by securely distributing your private keys amongst your social network.

Every wallet faces the wallet dilemma: “How can you make a wallet that is both secure and easy to use?” On the easy to use but less secure end of the spectrum, you have custodial wallets like Coinbase that are very easy to use but less secure because one entity holds all the user’s private keys.

On the more secure but hard to use end you have wallets like Metamask that don’t hold user’s private keys but are hard to use because it requires users to write down and manage their own private keys.

The optimal tradeoff is a hybrid approach where a group of trusted people hold a user’s keys.

The ideal wallet is one that combines the self-sovereignty of a self-custody wallet with the convenience of a centralised exchange or custodial wallet. I will present such a wallet.

Problem

If you want to hold crypto you have two options. Use a centralised exchange or self-custody. The problem with centralised exchanges is that they require you to trust the exchange not to steal or lose your money. Mt. Gox, Quadriga and FTX have shown us that this trust can be broken.

Meanwhile self-custody wallets have two problems: First, they don’t provide an easy way to convert your fiat into crypto. Second, self-custody wallets are too hard to use and put too much responsibility on the user.

An ideal solution would be a wallet that provides the convenience of a centralised exchange: simple user experience, swapping from fiat to crypto and low user responsibility with the benefits of self-custody, no reliance on a single entity to hold your assets. Today I present Aqua, a wallet that offers all these features.

Solution

Aqua is a crypto wallet that is a hybrid between a centralised exchange and a self-custody wallet. Aqua has the following key features:

1. Onramp to Crypto with Fiat

2. Shard private keys are split and shared with a user’s trusted circle

3. Create Smart Contract Account Easily

4. Integrate with other crypto exchanges

To truly onboard the masses unto crypto we need a wallet that the masses can use. This means a wallet that:

1. Meets people where currently they are

2. Makes it easy to enter the crypto world

3. Brings their social circle along with them

Fiat Integration

The first key feature that a wallet needs to solve is to make it easier for people to convert their fiat into crypto. Most people have way more money in fiat than they do in crypto [footnote: money_supply]. If a wallet wants to onboard new users, it needs to come to users’ where they currently are and make it easy for them to enter the crypto world.

Imagine that crypto is a new restaurant. If we want people to visit our restaurant, we need to travel to the most popular restaurant (Chez Fiat) and make it easy for them to come and try our new restaurant. We can do this by offering a free shuttle service that picks people up at the highest traffic restaurant and drops them off at our restaurant.

Sharing Private Keys

The user’s private keys are split into 3* pieces and divided amongst a user’s guardians. You can think of this as a simplified implementation of Shamir’s Secret Sharing (simplified explanation). This solves the problem of a user having to store their private key themselves while also removing the need for having to trust a central party to hold your keys for you.

*3 is the default shard value, with a 2/3 shamir threshold (2 out of 3 users can recover the private key). Both numbers can be set by the user.

To improve redundancy, the user may also share each shard of the private key with multiple people.

The interesting thing about this model is that the trust model is a function of how much people trust their social network. It sits in the middle of two other trust models that we are most familiar with. On one spectrum you have self-custody solutions that ask “How well do you trust yourself?” On the other spectrum you have centralised exchanges that ask “how well do you trust yourself”. Social Secret Sharing asks, how well do you trust your social circle?

Footnotes

[money_supply]: The total money supply in the United States is about $21 Trillion (archive) while the total market cap for all crypto currencies is about $834 billion or $0.8 trillion (archive). In other words, the money supply in the United States alone is 26 times larger than the money supply in all of crypto.

Further Reading

1. secrets.js ( see also: grempe/secrets.js and original secrets.js)

2. Runkit example using secrets.js and passguardian

3. M-of-N secret sharing with pre-known shares - Cryptography - Ethereum Research

4. enable sharding of seed word · Issue #1292 · MetaMask/metamask-extension · GitHub

5. GitHub - iancoleman/shamir39: Split BIP39 mnemonics using Shamir's Secret Sharing Scheme

6. GitHub - NethermindEth/research-mnemonic: Shamir secret sharing for mnemonic lists

7. trezor/python-shamir-mnemonic

Account Recovery

The benefits of a shared private key comes into effect when the user has forgotten their account recovery phrase. The server maintains a list of who is in their social circle. The user can then message each user in the circle to securely share the private key.

The user will then message each friend and ask them to share the secret with the user. Each friend can then reply with a challenge question, accept, or deny the share request.

Friend Recovery

To reduce the risk of your friend losing their part of your recovery key, your friend can back it up to the cloud and encrypt the recovery phrase. The decryption key is stored in the centralised server or with the user.. Either way, each friend only holds ⅓ of the recovery phrase for another user.

What Does Aqua Store?

Since Aqua doesn’t store private keys, what does Aqua store? Aqua stores the social graph of each user. So Aqua knows that user_1 has their private keys stored with user_2, user_3 and user_4. If a hacker can get access to user_1s account they can impersonate user_2, user_3 and user_4, however an authentication method will be shared in a messaging channel decided by users.

Create Smart Contract Accounts

The wallet should make it easy for users to create Smart Contract Accounts. This will give users the ability to add features such as changing signing keys for an account, account spending limits and more.

Integrating Other Exchanges

This wallet would become like a super wallet that contains other exchanges and bank accounts. Users would authenticate to their centralised exchange using the wallet frontend and the exchange would return a token that would allow the user to perform actions on the wallet that would take effect on the exchange.

For example, a user could see their Binance and Coinbase balance on the wallet and trigger a withdrawal from the wallet that would then be forwarded to their Binance account. A sample implementation of this was proposed in the Tally Wallet extension.