Trading off Self-Custody for Easy Wallet Recovery

The Need for Self-Custodial Wallets

In order for cryptocurrencies to become more mainstream, it is commonly agreed that we need to provide simpler user experiences, more akin to Web2, especially for users that want to operate beyond a CEX.

One key element required to fully explore all options that Web3 has to offer (i.e., moving outside CEX) is a cryptowallet (or wallet for simplicity). A wallet is a piece of software (yes, hardware wallets run software inside) that, regardless of its name, does not hold your cryptocurrency; it holds a pair of cryptographic keys (private and public) that allow you to access and interact with the different blockchains where your cryptocurrency is “reflected”. You can install it on your smartphone, in your computer, run it as a browser extension, or use a hardware dongle. If you want to expand your knowledge on this topic, you may read our previous blogpost: Why Apple Probably Isn’t Venturing Into Crypto Wallets.

The common feature of all the above options is that you own the wallet, i.e. you, and only you, can access your assets. No dependency on third parties, no fear of some bank or CEX collapsing and taking away your money, total control, and independence. This is what we call a self-custodial wallet. However, as Spiderman says, “With great power comes great responsibility”, and thus, you need to follow certain measures to secure access to your wallet. In this post we will focus on the measures that can be used to recover a lost wallet.

Current Recovery Options Overpromise and Take Away Your Self-Custody

At LTA Labs, we consider usability as a key element for users to engage with whatever (d)application you offer them. Therefore, since minute one, one of our main concerns was about how to simplify life to end users that want to enjoy Web3, without having to worry about what lies behind the curtains, i.e. a cryptowallet.

Remember that a self-custodial wallet requires the user to set up a recovery mechanism, which typically consists of writing down on a piece of paper a set of 12/24 words. Why on a piece of paper? Because this mechanism protects you from crackers looking for this info on your device. Although it is a very secure mechanism, it is pretty unusable with millions of people having misplaced the pieces of paper (or never having done a copy) and thus having lost access to their assets (more than 25% of Bitcoin is lost due to this).

Therefore, we started to do deep research on the available options in the market and initially, we were gladly surprised to find out many user-friendly solutions to perform wallet recovery for self-custodial wallets:

  • MPC wallets and similar approaches
  • Contract-based wallets
  • New Account Abstraction implementations
  • Even some solutions for hardware wallets and EOA software wallets.

However, when we started to dig deeper, we soon realized that it was not gold, even if it shined:

  • Usability was still limited in several ways, with users having to do complex operations to set up recovery options (e.g. delegating access third parties), even paying gas fees, and many times the mechanism was only applicable to certain blockchains; and/or
  • Self-custody was removed. Even if the solution claimed to offer easy recovery for “self-custody wallets”, you could fin in their documentation how that was uncertain; they basically renamed “self-custodial” as “full self-custodial”, acknowledging that they did not offer a solution for the latter; and/or
  • There was a relevant dependency on Web2 third parties, may it be for storing “recovery data” and/or to create and access the recovery data (e.g. social logins that rely on giants like Google, Apple, Meta or Microsoft). Could you imagine a situation where they block your social login account and it takes weeks to get access again? Do not need to imagine, it happens continuously.

Notice that we are only focusing on the recovery options provided by the solutions listed above, which we consider not good enough. Those solutions were designed to offer other type of valuable benefits, but typically wallet recovery was a secondary sub-product with limited focus on it.

A Novel Approach: Safeguarding Any Type of Wallet Using Visual Passcodes

For us, who consider real self-custody, independence and usability very relevant, the above solutions were not good enough, so we came back to the starting point, thinking whether we could bring to the table a solution that was super-easy, which had no cost for users, which could be used on any type of wallet (EOA, MPC, AA…), ensuring real self-custody, and that relied as little as possible on third parties.

And voilà, we created Secrets Vault, a novel protocol that combines advanced cryptography and steganography to safeguard wallet private keys using images that can be openly shared (e.g. posted in social media).

It takes 30 seconds to create a visual passcode to protect wallet private keys (or in fact, any type of digital information), from a PC or a smartphone, following four simple steps that anybody can understand and execute.

In case you need to recover your wallet, you just need 20 seconds and the image that you used to generate the original passcode. That is all, no storage of pieces of paper, no complex setups, no gas fees, even no dependencies on third parties, while keeping the level of self-custody you had in your original wallet.

Comparing the Options: Self-Custody vs. Usability

The comparison of the previous recovery methods highlights a fundamental principle: the easier the recovery process, the greater the potential dependency on external systems or third parties. For instance, while seed phrases offer high security, they place immense responsibility on the individual to manage them securely. On the other hand, options like social recovery lower the barrier to recovery but introduce elements of trust and potential privacy issues.

The graphic above represents on the Y axis the level of self-custody, and on the X axis the level of usability. Secrets Vault offers the best tradeoff between self-custody and usability.

Conclusions

Selecting a recovery method involves balancing the need for security with usability. Users must consider their ability to manage these responsibilities against their personal security requirements. As the crypto environment matures, understanding the nuances of each recovery option will be crucial in making informed decisions that align with one’s security needs and management capabilities.

LTA Labs will be launching soon Secrets Vault, a novel mechanism for wallet recovery that provides the best tradeoff between usability, security and self-custody, which can be implemented as a feature on any existing wallet.

If you want to follow up on the progress of this solution, visit our website and our regular posts, and subscribe to our channels and newsletter.