User Wallets (Programmable Key Pairs)
STATE OF THE NETWORK
Storing and transacting live assets with Programmable Key Pairs (PKPs) IS now supported on the Habanero Mainnet and Manzano Testnet. Take a look at the docs on migration to start building today!
Overview
Defined technically, multi-party computation (MPC) allows a set of parties to collectively compute a function over private inputs without ever revealing the inputs themselves. In the context of key management, MPC can be used to generate distributed shares of a public/private key pair (AKA a wallet), without ever exposing the private key in its entirety. This means no one party ever has full control over the underlying key pair which serves to eliminate the central points of failure that exist in "custodial" key management ecosystems and setups. An in-depth look at the current state of the MPC wallet space is explored in this article published by 1kx.
MPC Wallets with Lit
Lit can be used by web3 developers to easily deploy white-labeled and programmable MPC wallets. These non-custodial wallets can be used to simplify user onboarding while simultaneously making it more secure. Each key generated by the Lit Network is distributed as shares among each participating node. This means that keys created by Lit never exist in their entirety and no one party ever has the power to deny service. In order to use these keys (such as when signing a transaction), more than a threshold of key shares must be collected and aggregated. This two-thirds threshold design provides a level of censorship resistance and fault tolerance that “typical” 2-of-2 MPC designs do not. In addition to any 2-of-2 provider being able to deny the user access to their funds or censor transactions, most of these systems also require the end user to custody a key share. This means the goal of a seamless, “web2” style onboarding UX is not possible (onboarding without seed phrases or private key management), instead delivering the UX of self-custody with additional steps. With Lit, the entire key lives in the network and any arbitrary authentication logic can be assigned to that key pair. This authentication logic determines what individuals or credentials have the ability to control these keys and use them. This gives the application developer or end user full control over designing how interactions with the MPC wallet should be managed. For example, allowing a user to onboard into web3 with nothing but their Gmail account, or requiring multi-factor authentication (MFA) when attempting to spend more than X amount of assets, or even enabling more complex social recovery mechanisms. Today, the following auth methods are supported by Lit that make the onboarding process seamless:
- WebAuthn from FIDO Alliance (AKA Apple Passkey, demo)
- Web3 ownership (holding the “controller” PKP NFT)
- Social login (Google, Discord)
- Email and SMS
- Self-custody key (such as a Ledger hardware wallet)
What’s the end goal? Providing a seamless onboarding experience for the next one billion users in web3!
Getting Started and Further Reading
Some links to further reading and resources to help you get started building with MPC wallets on the Lit network today:
- Getting started with the Lit SDK
- Working with User Wallets
- Creating a wallet
- Overview of supported authentication methods