UX for Key Management

Transcript

1. UX for Key Management Shuichi Nagao | Co-founder of Credify

   [email protected] Updated 11/2019 blockchain.tokyo 29th, Nov, 2019 1

2. About Me Shuichi Nagao @Tokyo/Ho chi minh @ngo275 2019 ~

   Co-founder 2017 ~ 2018 Software engineer 2016 ~ 2017 Software engineer 2

3. Using Dapps is very difficult for beginners, isn’t it?? 3

4. Can you remember the first time you used Dapps? 4

5. Binance Dex 5

6. Binance Dex 6

7. Which option should I take?? 7

8. Binance Dex 8

9. Binance Dex 9

10. Binance Dex 10

11. What is mnemonic?? 11

12. CryptoKitties 12

13. CryptoKitties 13

14. What is MetaMask?? 14

15. CryptoKitties 15

16. How do I use this app on my mobile?? 16

17. MetaMask 17

18. Shit…!! I lost my private key!! 18

19. There are many pains around key management. 19

20. User pains around key management Users have to understand what

    mnemonic is. There are many ways to manage your private key. Users have to understand what wallet is. Key sharing between mobile and web is hard. Memorizing mnemonic is too demanding. 20

21. The root cause is signing TX is too complex. 21

22. <Desktop web app> Sign TXs on Google Chrome (Brave) Extension

    (e.g. MetaMask) Sign TXs on a mobile wallet app Sign TXs on a hardware wallet Import Mnemonic / Keystore File to the app <Mobile web app> Sign TXs on a Dapp Browser app (e.g. TrustWallet, MetaMask) Sign TXs on a Key Management app Import Mnemonic / Keystore File to the app <Mobile native app> Use a private key stored in this native app Redirect to Key Management app, and sign TXs on it, redirect to the Dapp native app again How to sign tx with your private key 22

23. <Desktop web app> Sign tx using MetaMask 23

24. <Desktop web app> Sign TXs on Google Chrome (Brave) Extension

    (e.g. MetaMask) Sign TXs on a mobile wallet app Sign TXs on a hardware wallet Import Mnemonic / Keystore File to the app <Mobile web app> Sign TXs on a Dapp Browser app (e.g. TrustWallet, MetaMask) Sign TXs on a Key Management app Import Mnemonic / Keystore File to the app <Mobile native app> Use a private key stored in this native app Redirect to Key Management app, and sign TXs on it, redirect to the Dapp native app again How to sign tx with your private key 24

25. <Desktop web app> Sign TXs on Google Chrome (Brave) Extension

    (e.g. MetaMask) Sign TXs on a mobile wallet app Sign TXs on a hardware wallet Import Mnemonic / Keystore File to the app <Mobile web app> Sign TXs on a Dapp Browser app (e.g. TrustWallet, MetaMask) Sign TXs on a Key Management app Import Mnemonic / Keystore File to the app <Mobile native app> Use a private key stored in this native app Redirect to Key Management app, and sign TXs on it, redirect to the Dapp native app again How to sign tx with your private key 25

26. <Desktop web app> Sign TXs on Google Chrome (Brave) Extension

    (e.g. MetaMask) Sign TXs on a mobile wallet app Sign TXs on a hardware wallet Import Mnemonic / Keystore File to the app <Mobile web app> Sign TXs on a Dapp Browser app (e.g. TrustWallet, MetaMask) Sign TXs on a Key Management app Import Mnemonic / Keystore File to the app <Mobile native app> Use a private key stored in this native app Redirect to Key Management app, and sign TXs on it, redirect to the Dapp native app again How to sign tx with your private key 26

27. <Desktop web app> Sign TXs on Google Chrome (Brave) Extension

    (e.g. MetaMask) Sign TXs on a mobile wallet app Sign TXs on a hardware wallet Import Mnemonic / Keystore File to the app <Mobile web app> Sign TXs on a Dapp Browser app (e.g. TrustWallet, MetaMask) Sign TXs on a Key Management app Import Mnemonic / Keystore File to the app <Mobile native app> Use a private key stored in this native app Redirect to Key Management app, and sign TXs on it, redirect to the Dapp native app again How to sign tx with your private key 27

28. <Mobile web app> Sign tx using mobile wallet app (TrustWallet)

    28

29. <Desktop web app> Sign TXs on Google Chrome (Brave) Extension

    (e.g. MetaMask) Sign TXs on a mobile wallet app Sign TXs on a hardware wallet Import Mnemonic / Keystore File to the app <Mobile web app> Sign TXs on a Dapp Browser app (e.g. TrustWallet, MetaMask) Sign TXs on a Key Management app Import Mnemonic / Keystore File to the app <Mobile native app> Use a private key stored in this native app Redirect to Key Management app, and sign TXs on it, redirect to the Dapp native app again How to sign tx with your private key 29

30. <Mobile web app> Sign tx using Key management native app

    30

31. <Desktop web app> Sign TXs on Google Chrome (Brave) Extension

    (e.g. MetaMask) Sign TXs on a mobile wallet app Sign TXs on a hardware wallet Import Mnemonic / Keystore File to the app <Mobile web app> Sign TXs on a Dapp Browser app (e.g. TrustWallet, MetaMask) Sign TXs on a Key Management app Import Mnemonic / Keystore File to the app <Mobile native app> Use a private key stored in this native app Redirect to Key Management app, and sign TXs on it, redirect to the Dapp native app again How to sign tx with your private key 31

32. <Desktop web app> Sign TXs on Google Chrome (Brave) Extension

    (e.g. MetaMask) Sign TXs on a mobile wallet app Sign TXs on a hardware wallet Import Mnemonic / Keystore File to the app <Mobile web app> Sign TXs on a Dapp Browser app (e.g. TrustWallet, MetaMask) Sign TXs on a Key Management app Import Mnemonic / Keystore File to the app <Mobile native app> Use a private key stored in this native app Redirect to Key Management app, and sign TXs on it, redirect to the Dapp native app again How to sign tx with your private key 32

33. <Desktop web app> Sign TXs on Google Chrome (Brave) Extension

    (e.g. MetaMask) Sign TXs on a mobile wallet app Sign TXs on a hardware wallet Import Mnemonic / Keystore File to the app <Mobile web app> Sign TXs on a Dapp Browser app (e.g. TrustWallet, MetaMask) Sign TXs on a Key Management app Import Mnemonic / Keystore File to the app <Mobile native app> Use a private key stored in this native app Redirect to Key Management app, and sign TXs on it, redirect to the Dapp native app again How to sign tx with your private key 33

34. <Mobile native app> Sign tx using Key Management native app

    34

35. <Desktop web app> Sign TXs on Google Chrome (Brave) Extension

    (e.g. MetaMask) Sign TXs on a mobile wallet app Sign TXs on a hardware wallet Import Mnemonic / Keystore File to the app <Mobile web app> Sign TXs on a Dapp Browser app (e.g. TrustWallet, MetaMask) Sign TXs on a Key Management app Import Mnemonic / Keystore File to the app <Mobile native app> Use a private key stored in this native app Redirect to Key Management app, and sign TXs on it, redirect to the Dapp native app again How to sign tx with your private key 35 It’s not seamless at all!!

36. Dapps are exclusionary services due to their complexity. 36

37. We need to simplify the UX. 37

38. Ideal UX No mnemonic 38

39. Ideal UX No mnemonic No friction between web and mobile

    39

40. Ideal UX No mnemonic No friction between web and mobile

    No need to learn 40

41. Ideal UX No mnemonic No friction between web and mobile

    No need to learn Secure 41

42. Ideal UX No mnemonic No friction between web and mobile

    No need to learn Secure Easy 42

43. Ideal UX No mnemonic No friction between web and mobile

    No need to learn Secure Easy Easy 43

44. Ideal UX No mnemonic No friction between web and mobile

    No need to learn Secure Easy Easy Easy 44

45. Ideal UX No mnemonic No friction between web and mobile

    No need to learn Secure Easy Easy Easy Easy 45

46. 70 million smartphones are lost every year. 46

47. Can we trust device security? 47

48. What if we use AWS/GCP Key Management Service? 48

49. Cloud KMS Use Case 49 Signed Tx Key Access Request

    Sign Private Key Cloud Function Cloud KMS SMS/Password based session This process is volatile Secure Key Manager Interface is same as non-Dapps

50. Pros & Cons No MetaMask, nor Wallet apps to use

    Dapps. Easy and simple UX can be achieved Same interface as familiar web/mobile services 50 Pros Cons We need to trust GCP/AWS If users deal with a big amount of money, this will be uncomfortable Custody, or exchange wallet is not suitable

51. Conclusion Dapps need users. Dapps impose complex key management on

    users. Cloud KMS can make Dapps easier and simpler. 51