Reviving Trust in Crypto
0x3cb9
January 9th, 2023

Cover image: “King’s Relief” by Hasan Göktepe

In 2022, the crypto industry faced catastrophic events driven by excessive risk-taking and explicit fraud that caused many to question whether what we are building is net positive for society. Opaque, exploitative, corrupt platforms rose to great heights before collapsing, hurting innocent bystanders in their wake and mimicking the failures of incumbents in traditional markets.

However, these events are not representative of what is possible if we optimize for the properties uniquely enabled by crypto networks. The constituents who remain today still believe that we have the opportunity to construct monetary, finance, and tech systems that provide fair, resilient, and sustainable alternatives to incumbent platforms and systems that wrongfully extract value from participants.

To move forward, of course we have to identify the ways in which we have failed. But we must also acknowledge what is working and re-articulate the properties we want our new systems to have:

  • Sovereignty to empower individuals to take control

  • Accountability to place checks and balances on intermediaries

  • Credible Neutrality for permissionless access to the crypto economy

Sovereignty

Self-sovereignty – the ability to take control of our assets, data, and identity – is one of the most powerful properties offered by crypto networks and has never been more important. When users take ownership of their assets and data, they don’t have to rely on third-party providers or trust that intermediaries won’t be evil. They can’t be evil.

However, self-custody today places prohibitive demands on end users. It has no safety net. This is why users cede control to centralized providers that feel familiar and safe but, time and again, fail to deliver. Users end up in the exact situations from which we hoped to free ourselves, in which a handful of centralized providers control (and sometimes abuse) access to users’ assets and data.

A key barrier to self-custody is that most wallets on L1s like Bitcoin and Ethereum are configured as private key accounts (formally known as externally owned accounts, EOAs). With private key accounts (whether they are “hot” – online – or “cold” – offline), individuals are responsible for securing the private key and mnemonic seed phrase associated with their account. This private key and seed phrase combination presents a single point of failure: if either is lost or compromised, all assets tied to that key are lost.

In fact, Coinbase identified key loss as one of the most frequent support requests from users of its non-custodial wallet, confirming most users are not prepared to secure and manage their own keys. Analytics companies also estimate that non-trivial amounts of assets are lost due to misplaced keys.

Up until now, users had to choose between accessibility and control. Two distinct approaches stand to address this trade-off – multi-party computation and account abstraction. Both offer the benefits of eliminating the single point of failure and, in doing so, making self-custody more user-friendly.

Multi-Party Computation (MPC)

One approach to bolstering self-custody today is multi-party computation (MPC). At a high level, an MPC protocol facilitates distributed key generation and transaction signing by a certain threshold of parties off-chain. Distinct entities (or devices owned by a single entity) hold individual “shares” that together represent a single private key, though the full key is never exposed to any one device.

Because computation takes place off-chain, a transaction from an MPC wallet looks the same as one from a private key wallet and is cheaper than a transaction from a multi-sig. MPC wallets are chain agnostic and can support different signature schemes (versus multi-sig – and smart contract wallets more broadly – which are not chain agnostic). Also, given key shares are distributed and may be rotated, there is no single point of failure with MPC wallets, conferring enhanced security and seedless recovery and reconciling previously conflicting characteristics of convenience and control.

Last year, Coinbase overhauled the infrastructure behind its retail application using MPC (where both Coinbase and the user hold key shares) to grant users greater flexibility in accessing decentralized apps directly via the Coinbase app while preserving strong security guarantees. The use of MPC tech for digital asset custody is also prevalent among institutional providers like Fordefi and Fireblocks.

Lit Protocol and Entropy are on-chain protocols that are using MPC in interesting ways to unlock access control and key management that is distributed and programmable. A recent proof of concept on Lit consists of using the protocol to validate transactions instigated from a web2 (e.g. Google) account suggesting that MPC can give rise to wallet and recovery mechanisms that resemble web2.

Account Abstraction (AA)

Account abstraction is another approach to improving self custody, though at deeper layers in the stack. Account abstraction proposes making contract accounts, which embed smart contract functionality into user accounts, the default account type on chain. In doing so, it seeks to preserve the benefits of self custody while enabling greater functionality, flexibility and customization.

Rather than having a one-size-fits-all account operated by a single private key, contract accounts are controlled by code that can be customized to fit the needs of different users. They offer user-friendly recovery mechanisms, such as social recovery where, similar to MPC, users can specify multiple transaction signers and designate a third party as one of those signers to assist with account recovery. They also introduce the ability to employ different signature schemes, define transaction parameters (e.g., set spending limits, delegate fraud monitoring), enable “multi-call” atomic transactions (bundle multiple actions into one transaction), and more.

Introducing account abstraction on the base layer has been in Ethereum’s roadmap since 2016. The most recent proposal (ERC-4337) aims to mimic account abstraction on L1 without requiring consensus level protocol changes (though the timing and viability of the proposal are still under discussion). More imminently, L2s such as Starknet and zksync are launching with account abstraction natively integrated. This is a positive development, especially as user activity and interaction with on-chain apps shifts from L1 to L2. In December, Visa shared a paper outlining how it is using native account abstraction on Starknet to implement auto (pull) payments.

I look forward to seeing continued experimentation with MPC and development in making MPC libraries more open, battle tested, and standardized as well as establishing account abstraction as the norm on chain. As this happens, I hope to see greater use of the technologies, individually as well as in combination, to address shortcomings one or the other may have.

Accountability

Self-sovereignty may be one of the most important long-term goals of this industry. However, it will take time to level the playing field between non-custodial and custodial experiences, and we might never be able to eliminate the gap in convenience between custodial and non-custodial systems completely.

There will likely always be users who prefer to engage with crypto via centralized platforms. Additionally, certain stakeholders (institutions) are legally required to delegate custody and will always rely on third party providers. Acknowledging that, it’s our responsibility to guide users – retail and institutional – toward platforms that are accountable.

To our advantage, it is trivial to audit on-chain balances and activity using cryptographic techniques specific to crypto networks. Transparency and auditability are intrinsic properties of crypto networks that are commonly discussed in the context of decentralized applications and protocols. With some effort, crypto’s transparency guarantees may be extended to centralized exchanges and custodians that conduct operations on-chain – specifically through a practice known as proof of reserves.

In proof of reserves, cryptographic mechanisms are employed to generate proofs that platform assets (digital asset balances) match outstanding liabilities (customer deposits). The procedure allows stakeholders to verify that entities who custody digital assets on behalf of customers do in fact have the funds to which customers are entitled. For details on possible technical implementations, I recommend the pieces by Nic Carter et al and Vitalik Buterin and the ZK episode on the topic.

Not all proof of reserve procedures are created equal and weak implementations can leak sensitive information or contain attack surfaces and struggle to offer the guarantees we seek. However, best practices have emerged over the years that – if followed – allow platforms to give stakeholders reasonable assurance that they are solvent while preserving platform and client confidentiality in an automated manner.

Service providers have refrained from using these tools in the past, mainly because stakeholders (e.g., customers, investors, regulators) did not require it. However, we are now at a stage where trust in crypto institutions is broken. Incrementally, the crypto industry does not enjoy the industry-wide standards and regulatory clarity of traditional finance. In response, multiple exchanges have committed to conducting proofs of reserve, though it’s worth examining the soundness of individual implementations.

By self-regulating and standardizing proof of reserves, we can not only rebuild trust but also provide a level of consistent transparency and assurance that is unobtainable in traditional asset classes. Additionally, as the non-custodial initiatives discussed above develop and mature, I expect to see demands on centralized platforms move beyond publishing proofs of reserve to offering hybrid custody models that shift power in the direction of users.

At the same time, we should also work to strengthen DeFi and make it easier for people to use.  DeFi replaces intermediaries with smart contracts that enforce rules on-chain, making them innately auditable and corruption proof. The downfall of unaccountable CeFi institutions last year reminded us why (thoughtfully designed) DeFi protocols are valuable – because transparency is implicit.

Credible Neutrality

As we work on these problems, we need to stay true to crypto’s core value of credible neutrality. The new systems we’re building need to be open, un-restrictive, empowering, and resistant to censorship.

Concerns about censorship on Ethereum arose when OFAC decided to sanction smart contracts associated with privacy preserving mixer, Tornado Cash. To avoid the consequences of non-compliance, many ecosystem players responded by censoring transactions from addresses that had interacted with the mixer, causing many to question Ethereum’s credible neutrality. If a single entity can determine who can use Ethereum and how, then what is left of the systems we’re building but another set of centralized and censorship prone databases?

Simultaneously, the merge (Ethereum’s transition to proof of stake) altered the power dynamic across protocol players. Block building and proposing were separated in what is known as proposer-builder separation (PBS) via out-of-protocol software (relays) that sits between validators and block builders to allow validators large and small to capture MEV (maximal extractable value) and prevent validator centralization by shifting MEV’s scale economies to block builders.

Note: James Prestwich has a succinct description of the MEV supply chain today – “Users create MEV, Searchers extract it. Searchers pay Builders; Builders pay Proposers.”

While validators were not directly enforcing censorship, post-merge they began receiving fully built blocks rather than transaction bundles. As a result, validators proposing blocks from censoring relays/builders were censoring by default because they could no longer append transactions these entities may have excluded, delaying transaction inclusion. Concern was heightened because the largest relays and builders were sharing censored blocks.

The community was quick to react and implement interim measures that would improve the network’s resilience. This included:

  • Flashbots open sourcing its relay to encourage and support the development of a diverse and healthy relay market

  • Neutral relays such as Agnostic Relay by Gnosis, Ultrasound Relay by ultrasoundmoney, Relayooor, and Aestus launching in response

  • Flashbots open sourcing its builder to lower the barrier to developing competitive builders

  • Flashbots introducing min-bid (a new parameter in its relay software) allowing validators to specify a threshold below which they would build blocks locally

  • Validators making conscious efforts to connect to non-censoring relays to lessen de facto censorship

These efforts have started to pay off. After peaking at almost 80% in November 2022, the portion of censored (or “compliant”) blocks has dropped to 67% as measured over the last week (as of 1/5). Additionally, while Flashbots’ dominance in relaying blocks is still high, it has declined over the past months. Eventually, Ethereum plans to enshrine the relay function into the protocol via in-protocol proposer-builder separation (PBS), further strengthening the network’s censorship resistance.

Concentration in the builder market persists with the top 5 entities commanding ~85% of total blocks over the last week, but the current distribution across these entities is an improvement compared to a few months ago, when a single entity dominated the function. That said, right now, nothing is actively holding builders accountable to neutrality, and this needs to change.

We need to introduce checks and balances at the protocol layer on builders (e.g., via transaction inclusion lists) and proposers (e.g., via re-staking on Eigenlayer) as well as decentralize the builder market to avoid a situation where a dominant entity produces blocks and imposes arbitrary preferences on users. Regarding builder decentralization, Flashbots announced SUAVE (Single Unifying Auction for Value Expression), a new approach to segregating and decentralizing block building as well as constructing a mechanism to return value extracted to those who create it (users).

Such protocol level solutions that (1) align incentives rather than depend purely on the community’s benevolence to offer robust censorship resistance guarantees and (2) more fairly distribute value captured to those who generate it are necessary. But the early progress should inspire optimism and confidence that the community will continue to prioritize and strengthen the credible neutrality of our foundations.

Final Thoughts

“The burned hand teaches best. After that, advice about fire goes to the heart.”
J. R. R. Tolkien

Last year, we had to learn hard lessons because some bad actors strayed from the ideals on which this industry was founded. The series of unfortunate events reminded us that we need to wield crypto’s core properties across centralized and decentralized products we build, rather than abstract them away. If we return to the core values that united us in the first place, I believe the original vision of crypto can be realized.

If you are building products or protocols that move these values forward, I would love to connect: ria@castleisland.vc | @riabhutoria

Special thanks to David Phelps, Ryan Watkins, Aditi Sriram, Nic Carter, Sean Judge and Matt Walsh for their feedback and suggestions.

Subscribe to Ria Bhutoria
Receive new entries directly to your inbox.
Collectors
View
#1
#2
#3
View collectors
This entry has been permanently stored on-chain and signed by its creator.
Author Address
0x3cb91A674fd62…cBcF963CEde73ad
Content Digest
zOHZ3iMU9WmK3eZ…DRJ6gCWg0dHEI8A