Spica Upgrade: Simplifying On-Chain Access With Passkeys

What if we could enhance on-chain UX by integrating the benefits of legacy systems? This is the philosophy behind xAlias or ecosystem products like Arcana, which use popular social login methods (Google, Twitter, etc.) for wallet creation and management, and Guardians, which brings on-chain 2FA security to all MultiversX users.

The upcoming Spica network upgrade, currently under governance vote, will take things a step further by introducing an alternative to secret phrases, leveraging advanced cryptographic primitives.

The problem with passwords and secret phrases

In theory, passwords can be incredibly reliable if the user generates unique and complex ones for each individual account, but in practice most people end up using the same simplistic password across the board. That means that when one account is compromised, a user's entire digital life can be, too. With huge databases containing millions of login details being actively sold, password reuse can put identities or funds at significant risk.

As much as companies have tried to convince, or in some situations even force users to generate strong passwords to access their services, the fact of the matter is that most of them find password maintenance complicated and tedious. Not to mention that what a user considers a strong password is still guessable, whereas remembering strings of random characters is neither user-friendly nor efficient.

This issue is mirrored in Web3, where secret phrases were meant to offer a more secure solution to passwords, but they ended up being convoluted, hard to remember, difficult to manage, and often prone to user error which, in any case, still presents the most significant threat to security.

Passkeys as a potential alternative

Given that modern smartphones are among the most secure consumer devices ever built, big tech companies such as Google, Apple or Samsung have finally created the context for a password-free future, something they have been aiming at for years, if not decades. The robust mobile operating systems and cutting-edge hardware, including dedicated security chips and biometric sensors, offer unparalleled protection against unauthorized access.

What if you could use the same authentication method your phone relies on to unlock, without requiring a password, to confirm your identity when logging in to various online services or apps? This is where passkeys come into play. 

We are talking about a technology that creates unique cryptographic key pairs for each online service you want to access. The private key stays on your device, while the public key is registered with that respective service. During login, your device would check for the private key via a local authentication method, such as fingerprints or facial recognition. By mandating an additional security layer, passkeys are phishing-resistant, protect user privacy, and simplify login experiences across platforms and services.

The latest MultiversX network upgrade (depending on the result of the governance vote), namely Spica, will bring this incredibly convenient feature at the protocol level. By integrating passkeys on-chain, we can mitigate the inconvenience associated with seed phrases, bolster security, and streamline the onboarding process for newcomers.

Enabling Web2-like experiences

Speaking of getting new users on chain, a consistent barrier to mass adoption continues to be the complexity of creating a wallet. It can be overwhelming at first, and it discourages many blockchain beginners from exploring it further. Web2 has normalized ease of use to such a degree that it becomes difficult to propose a new way of doing things.

For example, you can create a social media profile, start an email account, sign up to a new cloud service or anything in between in seconds, without having to go through any verification hoops or write down any password or account recovery phrases. Most of the time, the UX is so self-explanatory, anyone can navigate it without prior instructions.

Usually, interacting with Web3 apps requires a bit more of a setup, but with passkeys we can bring that onboarding simplicity to any dApp, enabling new users to enjoy the same simplicity they would on any Web2 app. For builders, integrating passkeys in their apps would exponentially increase user acquisition and retention rates, allowing them to abstract away the learning curve that usually comes with on-chain activity.

How will it work?

As far as you're concerned, there will be no significant difference between using passkeys on chain or for online banking or to log in into TikTok, for example.

To get there, additional smart contracts will be used, since the network doesn't natively support passkeys. In practice, any MultiversX address will be able to link its private keys to a device's unique key and register both within special smart contracts (like multisig or account abstraction). 

Using relayers, the wallet can interact with these smart contracts, initiating and signing transactions through on-device authentication. At this point, when the required smart contracts are live, any MultiversX app will be able to utilize passkeys.

Cast your vote

Now it’s time to make sure we get there.

Implementing a new wallet management system that recognizes passkeys would provide users with the same secure and easy-to-use experience found in non-Web3 applications.

If you’re excited about the prospect of not having to depend on secret phrases any longer, you can support the Spica governance proposal, which will also introduce a multitude of other features, such as enhanced ESDT functionality with dynamic NFTs, upgraded relayed transactions and more.

You can do so by casting your vote here: https://governance.multiversx.com/proposal/erd1qqqqqqqqqqqqqpgq4qvrwlr2e6ld50f3qfc94am38p8298kthg4s3f0vfn/1