Buterin Proposes Guardian System to Enhance Digital Wallet Security

Concept: Distributing Security Responsibility Across Multiple Guardians

This approach greatly enhances account security by requiring access to multiple keys simultaneously, making breaches significantly more difficult for hackers. Additionally, it offers a recovery mechanism if one key is lost.

According to Buterin, guardians can include both trusted individuals (such as friends or family members) and organizations (like specialized security firms). Each guardian holds a unique key, and transactions require the approval of multiple guardians to proceed.

For added convenience and security, tools like session keys and standards such as *ERC-7715 can be employed. These mechanisms allow for flexible access management and provide more precise control over crypto assets.

*ERC-7715 is an Ethereum standard designed to delegate specific permissions to other addresses. For instance, it allows one address to execute transactions on behalf of the primary account, but only within pre-defined limits. This standard ensures a balance between operational flexibility and robust security.

A cornerstone of Vitalik Buterin’s proposed security system is the use of zk-SNARKs to create digital identifiers based on existing accounts, such as email addresses. This innovative approach simplifies key management while significantly enhancing security.

The key benefits of Buterin’s proposal:

1. Enhanced Security: By distributing access across multiple guardians, the risk of unauthorized access is drastically reduced. 
2. Customizable Flexibility: The system is designed to adapt to individual user needs with graded access control. The primary key, held by the wallet owner, would allow for low-risk operations, such as minor transactions or account registrations. High-value operations, such as withdrawing all funds, would require approval from multiple guardians, providing an additional layer of security.
3. Built-In Recovery Options: Even in the event of lost keys, users could recover access to their funds through the network of guardians.
4. User-Friendly Design: Integrating zk-SNARKs streamlines the key management process and ensures rigorous security standards.

Buterin’s vision is to create a “smart wallet” that not only defends against hacking and malicious developer actions but also protects users from their own potential mistakes.

Who Can Serve as a Guardian for an Account?

Vitalik Buterin has outlined several options for guardians to enhance the security of cryptocurrency wallets:

1. Friends or family members can act as guardians, each holding a portion of the cryptographic key required to access funds. This approach offers a high level of security but depends on a close and trustworthy network of people.
2. Specialized companies like CryptoCorp, which provide services for key storage and transaction verification, can also serve as guardians. These companies deliver robust security solutions, though their services often come at a cost.
3. Users can distribute keys across personal devices, such as smartphones, computers, or hardware wallets. While this method offers flexibility, it requires a certain level of technical expertise, which may make it less practical for beginners.
4. Buterin highlights ZK-wrapped centralized ID as the most promising solution. This innovative approach uses existing accounts, like email addresses, to generate cryptographic keys through zk-SNARK technology, ensuring both advanced security and privacy.

For more insights, read our article: What is zk-SNARK?

The advantages of zk-wrapped centralized ID are compelling. Users can easily create a backup key by linking their existing email addresses. This approach is designed to be user-friendly and accessible, making it suitable for a wide range of individuals, including those new to cryptocurrency.

Implementing the Guardian System

For maximum usability, the guardian system should feature a straightforward and intuitive setup. When creating a new wallet, users can adopt a simple model involving three types of guardians:

1. Email (zk-email): The user provides their personal email address, and the system generates a cryptographic key based on it, adding another layer of security.
2. An additional key stored on the user's device (in the form of a password).
3. A backup key for emergencies stored with a trusted service provider.

This setup offers a balance between robust security and user-friendly functionality, making it accessible to both experienced and novice users.

While zk-email offers significant advantages, Vitalik Buterin acknowledges its limitations, particularly due to its reliance on *DKIM signatures. The periodic rotation of DKIM keys—often every few months—could undermine the system’s long-term reliability. To address this, Buterin suggests exploring the use of **TLSNotary. However, integrating TLSNotary into the system could introduce additional complexity, potentially deterring less tech-savvy users.

*DKIM (DomainKeys Identified Mail) is a digital signature used to verify the authenticity of emails. It is embedded in outgoing messages, enabling recipients to confirm that an email genuinely originates from the stated domain and has not been forged.

**TLSNotary is a protocol designed to ensure transparency and verify the authenticity of data transmitted over secure TLS (Transport Layer Security) connections. It enables an independent observer to confirm that the data transferred through a secure channel has not been altered.

How Can a Guardian Wallet Be Integrated into Apps?

For the guardian system to achieve widespread adoption, it must seamlessly integrate with a variety of applications. To facilitate this, users should be able to easily link their wallet to multiple decentralized applications (dApps) without the need to create numerous separate accounts.

One possible solution is a hierarchical structure, where a user’s primary wallet acts as the guardian for all secondary wallets. This approach simplifies key management and enhances usability, allowing users to control multiple wallets through a single, unified system.

An example of this concept is Farcaster Warpcast, an application that has already implemented a similar framework. It allows users to connect multiple wallets or accounts under a unified structure, streamlining interactions and improving the overall user experience.

For more information about this protocol, check out our article: Farcaster: The Protocol for Web 3.0 Social Apps