Device is Private Key: EverID’s account abstraction solution

Author: 0xmiddle

Translator: Peng Shi

Reviewer: Xiaosong HU

What is holding back the large-scale adoption of blockchain? Apart from expensive Gas and inefficiency caused by scalability limitations, the biggest obstacle is the complex account system. For Web2 users, understanding the account system based on the public and private key system and the cryptography behind it is a big challenge, and various operations such as backing up mnemonic words and importing wallets always confuse them. I believe that many encryption users have experienced a lot of setbacks when registering their first crypto wallet.

Although the public-private account system brings unprecedented censorship-resistant and decentralisation features. Just like the classic description:

“your key, your coin, not your key, not your coin”

As long as you keep your private keys safe, your account is almost completely secure, and no centralised entity can interfere with your assets and accounts. However, such an account system also brings terrible low fault tolerance and single-point risks. Backup and preservation of mnemonic words, always make people nervous, encryption novices often stumble in this regard, such as loss, forgetfulness, deception, copying errors…

How does EverID solve the above problems?

As the “Alipay” in the Web3 field, everPay has been committed to exploring blockchain large-scale applications. In its recently released version - everPay v2.0, everPay has introduced a new Web3 account solution - EverID.

So How does EverID solve the above problem?

Firstly, EverID follows the path most familiar to Web2 users: using email as an account.

But we do not use email as a means of signing transactions (although email providers offer signature services), because that would effectively make users’ encrypted accounts subject to email providers.

Our solution is to use the FIDO framework protocol, which allows users to bind their accounts to devices by using email only as a login name. Users will use the device as a key to verify the transaction signatures. This way, as long as you control the device, you have firm control over your account, just like a Web3 account based on public and private keys, and no centralised entity can interfere with your assets and accounts:

“your key, your coin, not your key, not your coin”

The principle can be simply understood as when you register an account, the private key will be generated and stored in your device, and your device (computer, mobile phone, or external security device such as USB flash drive) will become a hardware wallet.

There is no need to worry about the private key in the device being illegally read or called because it is stored in a special security chip in the device and can only be used for signature when you use biometric information (e.g. fingerprint/facial recognition) for authorisation.

What if the device is lost?

We realize that the above solution still involves single-point risks. What if the device is lost or physically damaged? Or if the device is formatted due to mishandling, and the private key data burned in it is lost. What should I do?

To cope with these situations, EverID provides multi-key functionality. You can add multiple devices to your account, which is equivalent to having multiple keys for one lock.

For example, you can register EverID on your computer and add your phone as a key device. This way, you can log in to your EverID account on both your computer and phone and if either one of them is damaged or lost, you can still log in to your EverID on the other device and transfer your assets.

What if both my computer and my phone are lost?

First, hopefully, it won’t be that unlucky… Secondly, theoretically, you can add an unlimited number of devices as key devices to your EverID account. If you want to increase fault tolerance further further, you can add more devices as you like.

So far, we can summarise EverID as follows:

  • Email account

  • The device is a private key

  • Signature requires fingerprints

  • Can bind multiple devices

To sum up, EverID is an account solution that combines the simplicity of Web2 with the security of Web3. If you don’t seek deeper understanding, knowing about EverID up to this point is sufficient.

If you would like to learn more about technical aspects, you can search for “FIDO” on the internet for more information.

“Debug" Program: If you find errors in this article, including typos, grammatical mistakes, incorrect descriptions, ambiguous meanings, redundant descriptions, or other problems, you can give us feedback and we will be rewarded with incentives. Click "here" to give feedback.

🔗 More about PermaDAO :Website | Twitter | Telegram | Discord | MediumYoutube

💡 Initiated by everVision and sponsored by Forward Research (Arweave Official), PermaDAO is a "Cobuilding Community" focused on the theme of Arweave consensus storage. All contributions from PermaDAO contributors form the bedrock of data consensus. Let's embark on a journey starting with data consensus and delve into a novel paradigm for decentralized collaboration - Decentralized Autonomous Organizations (DAOs)!

In EverID
Tagged with In EverID

Sign up for newsletter

Sign up here to get the latest news and updates delivered directly to your inbox.