ioPay (built by the IoTeX team) has just launched Account Abstraction, making ioPay the largest, battle-tested multi-chain AA wallet on the market. This article will focus on the importance of Account Abstraction (ERC4337), and how IoTeX has leveraged ERC4337 to build a zkSNARKS-based wallet.
Account Abstraction, as defined by ERC-4337, “allows users to use smart contract wallets containing arbitrary verification logic instead of EOAs as their primary account.” ERC-4337 introduces many user experience benefits, most notably enabling people to use Smart Contracts as their primary accounts.
ERC-4337 runs on top of the blockchain and does not require any changes to the blockchain itself.
IoTeX is a full-stack blockchain based infrastructure (fully compatible with Ethereum ecosystem and tools) essential for applications that require custom proofs derived from off-chain data (like “proofs of physical work” in DePIN). DePIN is a new category in the web3 space, and it stands for Decentralized Physical Infrastructure Networks. DePIN applications facilitate token rewards to incentivize communities to run and maintain certain infrastructures.
Leveraging zk-SNARK proof technology, IoTeX has built an account abstraction wallet that can be authorized by password. Earning itself a grant from the Ethereum Foundation back in September, 2023. Specifically, the grant awarded was for ERC-4337 and IoTeX’s work in employing Zero-knowledge Account Abstraction Wallets.
zk-SNARK (Zero-Knowledge Succinct Non-Interactive Argument of Knowledge) is a cryptographic proof system that enables one party to prove to another party that a statement is true without revealing any additional information beyond the validity of the statement itself. The term zk-SNARK is sometimes colloquially used to refer to any zero-knowledge proof system, but strictly speaking, zk-SNARK refers to a particular type of zero-knowledge proof system that has a succinct proof size and does not require interaction between the prover and verifier.
If you would like to test out the IoTeX’s MVP which earned zero-knowledge account abstraction grant you can do so at the following link: https://zk-wallet-demo.iotex.io.
ioPay has always had a deep focus on security and user experience. Both of which have been enhanced by the implementation of account abstraction. IoPay currently offers Gmail AA login support. In the near future ioPay plans to implement other methods of AA authentication. In building this feature into ioPay, the team leveraged P256 to authenticate wallet transactions and email based DKIM protocol to recover user accounts. DKIM( DomainKeys Identified Mail ) is an email authentication method that uses a digital signature to let the receiver of an email know that the message was sent and authorized by the owner of a domain. Once the receiver determines that an email is signed with a valid DKIM signature, it can be confirmed that the email’s content has not been modified. So we can verify DKIM signature users on-chain contracts and recover users ioPay accounts. P256 uses the secp256r1 elliptical curve, a widely accepted cryptographic standard that can be applied on EVM to create secure authentication and signing for transactions/smart contracts. Most of the modern devices and applications rely on the “secp256r1” elliptic curve. For example:
- Apple’s Secure Enclave: There is a separate “Trusted Execution Environment” in Apple hardware which can sign arbitrary messages and can only be accessed by biometric identification.
- Webauthn: Web Authentication (WebAuthn) is a web standard published by the World Wide Web Consortium (W3C). WebAuthn aims to standardize an interface for authenticating users to web-based applications and services using public-key cryptography. It is being used by almost all of the modern web browsers.
- Android Keystore: Android Keystore is an API that manages the private keys and signing methods. The private keys are not processed while using Keystore as the applications’ signing method. Also, it can be done in the “Trusted Execution Environment” in the microchip.
- Passkeys: Passkeys is utilizing FIDO Alliance and W3C standards. It replaces passwords with cryptographic key-pairs which is also can be used for the elliptic curve cryptography.Because IoTeX network already supports pre-compiled contracts that perform signature verifications in the “secp256r1” elliptic curve. It made sense to base ioPay AA wallet’s verification logic based on Apple’s Secure Enclave and Android Keystore with a constant gas cost. Leveraging the device’s secure enclave/keystore and biometric identification, we can achieve highly secure AA wallets.To encourage usage of these new AA wallets, for a limited time, IoTeX supplies 2 IOTX per day to pay for gas fees for user’s who leverage the ioPay AA wallet. If ioPay users own the MachineFi NFT they can receive 10 IOTX per day for gas fees as an extra level of utility for our MachineFi NFT holders.