Web3 and pain with the single point of failure

The mantra ‘Not your keys, not your coins’ rings true for anyone delving into the realm of cryptocurrencies. It’s almost law – hand over the keys to your crypto kingdom to a third party, and you might as well consider your coins lost. Time and again, we’ve seen the disastrous outcomes: people duped and treasures plundered; the decentralised dream turns into a centralised nightmare.

Stories like that of Stefan Thomas, who had ~$250 million worth of bitcoin just trapped forever in his IronKey flash drive due to a lost password, are not new to us. In an attempt to make sure of a rigid security in the IronKey, the creators came up with a self-destruct capability for the device post 10 incorrect password attempts. All of this resembles the story of the Cryptex, from Dan Brown’s The Da Vinci Code, which is said to be a device from the times of DaVinci. There’s got to be a better solution to custody in this age.

To learn from Web2: Growing 2FA mandate

With the age of the Internet and computing power, we humans have figured out that ‘Passwords’ alone are just not enough to secure your accounts. And thus rose the advent of 2 Factor and Multi-Factor Authentication. A simple tweak was made in the number of factors a service needs to authenticate your identity – usually done in the form of validating possession of multiple devices. Governments and Institutions realised the threat and promptly advocated for the use of a multi-factor authentication setup for your most important accounts.

Today, your trading, banking, shopping, Social etc. accounts all have some or other form of Multi-Factor authentication. The popular forms being: an SMS OTP and the use of a Companion Authenticator Application like Google Authenticator.

Practically, all of this was possible because of the TOTP mechanism with a shared secret between the Service Provider and the user which acts as a second factor of verification

The missing link in Web3

The philosophy of Web 3.0 lies in self-ownership and non-reliance on institutions for any identity or store of value. It relies on the principles of decentralization and cryptography to enable a user authentication system that applies to applications and services within any given protocol. While this reliance on cryptographic security allowed users to have control over their accounts with seed phrases, it came at the cost of a single point of failure and an extremely complex user experience. This necessitates that we bring back the learnings from web2 to bring in security without compromising on an intuitive yet familiar user experience.

Bringing a great MFA experience is one such learning from web2 we at Silence Laboratories have been working toward. One compromised factor of authentication should not mean the end of the world for people like Thomas.

The problem arises however in these traditional 2FA services in the Web2 world as the second shared secret is with the service provider which then verifies the code generated in your phone. All of which, is against the whole philosophy of Web 3.0. The secret must only be shared between your 2nd-factor device (your phone) and your Application without relying on any Institutions.

This is where Multi-Party Computation (MPC) comes to the rescue. MPC allows users a spectrum of custody plays to choose from using threshold cryptography. With MPC, users can split their key into multiple key shares across devices/custodians of their choice and perform a distributed signature generation across a threshold number of participants without any participant revealing their secret (key share) to the other participant. It’s Magical!

This allows for a 2FA-like experience right within the realm of Web3 creating a beautiful amalgamation of great, familiar user experience while upholding the security guarantees. With these principles in mind, we bring to you…

The Universal MPC 2FA Signer by Silence Laboratories

The 2FA Authenticator equivalent of web3: The Silent Shard Application is a road to salvage the 2FA battle for Web3. Now, any Browser-based Wallet or DApp can integrate the Silent Shard library and provide 2FA security for their users with the Silent Shard Application acting as the 2nd Factor of authentication. And the experience – it’s a simple, very familiar and intuitive ‘slide to approve’ for your transactions.

At Silence Laboratories, this story started as a companion signer for the Silent Shard Snap on MetaMask. Any MetaMask user can now install the Silent Shard Snap on their browser extension from the MetaMask Snap Directory and get a 2FA experience along with the Silent Shard mobile applications for all their transactions. Go ahead and take it for a spin to get to know more about the experience here.

The application now supports browser wallets for enhanced 2FA security. During registration, users pair their DApp or browser wallet with their phone by scanning a QR code, triggering an automatic distributed key generation. Users can initiate transactions on the browser wallet or DApp, prompting an approval popup on the paired Silent Shard mobile app. Approving the transaction results in a successful distributed signature.

As you can note, the experience is crafted carefully to resemble the Web2 2FA experience to the T – so don’t have to worry about weaving complex webs for an intuitive experience for your users.

How enterprises and projects can start adding MPC Authenticator?

Super Simple Integration

Get started with the Silent Shard SDK and with just a few lines of code, you can integrate the Silent Shard library into your Browser-based Wallet / Dapp.

To make the integrations easier for you and add a substantial delight for your in a single go – we have added example integration through various partners- some of the promising Account Abstraction providers and integrated the Silent Shard Library into their SDKs.

You can dive directly into the documentation and get started with the SDKs. The following image shows how the Silent Shard Authenticator application will look as you keep adding more and more accounts and providers.

To learn more about Silence Laboratories and the Silent Shard Application, please visit https://www.silencelaboratories.com/silent-shard .