All Blogs
Key Management in the Wallet-as-a-Service Space
Industry Insight
September 10, 2024

Key Management in the Wallet-as-a-Service Space

This blog analyzes the rising demand for Wallet-as-a-Service (WaaS) products, the latest trends, and the different key management infrastructures used in the space.

Introduction

The Wallet-as-a-Service (WaaS) space has grown significantly over the recent years, driven by increased demand from businesses that want to interact with Web3.

Although there are different types, WaaS products generally serve the same purpose: allowing businesses to quickly launch Web3 wallets for their customers without the know-how or allocating the resources required to build them.

This evolution has opened the Web3 doors for companies lacking resources or technical expertise to build such wallets, to offer their customers Web3 experiences.

What’s Driving the Demand for WaaS?

There are several reasons why Wallet-as-a-Service has gained momentum:

  1. Demand for seamless user experience: The never-ending quest for seamless Web2-like UX that will abstract the complexities of Web3 and onboard the next billion users to Web3.
  2. Web2 enterprises entering the Web3 space: A growing interest in Web3 among Web2 companies that wish to provide their customers with Web3 experiences (such as loyalty programs, NFTs, etc.) without the hassle of building them.
  3. Independence from external wallets’ UX: Web3 companies that want to avoid being dependent on the UX of other wallets that serve as a gateway to their app.
  4. Growing competition: In an increasingly competitive Web3 ecosystem, companies strive to retain users within their ecosystem. Offering a native wallet helps ensure that users stay engaged with the company’s products and services, while also enabling new revenue streams from wallet-based activities like staking, swapping, and more.

Recent Trends in WaaS Products 

Although WaaS is a relatively new concept, we can already spot several trends. The first WaaS products focused on providing a speedy onboarding experience for end-users, usually via social logins. Most products prioritized UX over security or regulatory clarity regarding the custody model. In recently launched WaaS products, we can identify different characteristics:

  • Focus on security - While the vast majority of the first WaaS products used less secure key management schemes, mainly Shamir's Secret Sharing, we are currently seeing a shift towards MPC-based products with more focus on security, alongside providing a great UX. 
  • New authentication technologies - Movement from social login to Passkeys or SSO of a specific company that allows the identification of that user across all ecosystem products.
  • WaaS as a part of an ecosystem - We are seeing fewer standalone WaaS products launch and more WaaS products that serve a role in expanding an ecosystem's assets - whether a token or a powerful on-ramp/staking capability. Therefore, the success of the WaaS is measured by the overall contribution to the greater mission. For example, Circle’s WaaS is likely an ecosystem play for distributing USDC and reaching more end-users by leveraging other developers. Additional examples are Coinbase, Exodus and Fireblocks. 

Different Key Management for Varied Products 

While WaaS products share a common goal, they differ in many ways, such as the provided UI (embedded, white-label), custody models (custodial, self-custodial), security and key management (MPC, SSS, account abstraction etc.), chain support (multi-chain vs. chain-specific), and target audience (Web3 native or Web2). 

This blog focuses on the underlying key management model, which determines several other criteria, such as security and compatibility with various blockchains.

As can be seen below, a snapshot of the space reveals that most WaaS products are currently built on MPC:

Let's dive into the different key management models to understand the main differences.

MPC (Multi-Party Computation)

In MPC-based WaaS, private keys are generated in a distributed manner, meaning the private key never exists as a whole. Instead, several key shares are created, and they communicate with each other from separate secure storage locations to sign a transaction without ever being reconstructed into a full private key.

SSS (Shamir’s Secret Sharing)

In SSS-based WaaS, a private key is first generated as a whole, then split into multiple shares and stored in secure locations. These shares are reconstructed into a full private key to sign a transaction. It can be considered as a less secure version of MPC.

Account Abstraction

Account abstraction allows blockchain accounts to be controlled by code (smart contracts) rather than private keys. This model enables developers to set up customizable rules for accessing and managing an account.

Secure Enclaves

Secure Enclaves are hardware technologies that protect sensitive data in cloud computing, and are often used in Web3 to store private keys.
Note: This section refers to the usage of Secure Enclaves solely to store a full private key, and not a combination of MPC/SSS with Secure Enclaves, which is a best practice for securing secret shares.

Final Remarks

The WaaS space continues to evolve rapidly, driven by the increasing demand for secure, user-friendly Web3 experiences. Key management remains a crucial differentiator among WaaS products, as it affects the security level, regulatory clarity and more.

As businesses seek to offer seamless Web3 wallet solutions, choosing the right key management model plays a pivotal role in ensuring security, scalability, and long-term success in the competitive Web3 landscape.

For additional information, feel free to reach out.

About Sodot

Sodot provides a self-hosted and highly performant MPC infrastructure for leading crypto custodians and wallets. We enable companies to seamlessly build great Web3 products with enterprise-grade security and delightful UX, the way they intend to, without limitations or dependencies.