Background: The Ethereum network is becoming more and more widely used, but the load of the protocol is very limited, resulting in abnormal congestion on the chain, and the gas fee is getting higher and higher. Many large-scale applications cannot be realized on the Ethereum network, which is not conducive to the Ethereum blockchain. Ecological development. In this case, Layer2 emerged, an overall solution to improve the performance of the Ethereum network (Layer); zkSync is a Layer 2-based expansion solution launched by Matter Labs in 2019.
zkSync core mechanism: Several off-chain transactions are integrated into a single transaction through smart contracts. After submitting data, the smart contract can confirm all transactions (proof of validity). Since blocks contain less data, verification is faster and transaction gas fees are lower.
ERC-4337 is a specification that experimentally verifies logic without changing the Ethereum consensus layer protocol.
Important functions mainly implemented by ERC-4337: social recovery, multi-signature, more efficient and concise signature algorithm, wallet upgradeability, etc.
Currently Echooo supports most functions, and Gas bundle capabilities will be implemented in the future.
Multi-signature means that multiple users digitally sign the same message, which can be simply understood as multiple signatures of a digital asset.
Traditional EOA wallets have only one private key, such as mnemonics. When mnemonics are lost or leaked, assets will be lost or stolen. The multi-signature technology ensures that each asset transaction requires multiple private keys to confirm successfully, thus greatly improving asset security.
It can be assured that Echooo's multi-signature application scenario can protect the privacy and security of users. Users can set permissions on authorized Guardians to ensure personal privacy.
Guardian: The user authorizes other users to sign permissions, the user is called ”Guardian“
Through the pre-set Guardian multi-sig signature, users can help restore access to the AA wallet. Currently, only the AA wallet supports social recovery function.
Although Layer2 is an expansion solution for the Ethereum Layer1 network, it is essentially an independent application layer. The zk wallet is developed on top of Layer2. It can be understood as two wallets, but the underlying technology is the same, and the generated private key and public key are the same., so the address is the same.
Note: At present, the direct transfer of assets from the zk wallet requires the receivers wallet to also support the Layer2 network before it can be directly transferred out, otherwise the assets will be lost. It is recommended to refer to "Using zkSync for Transactions" for asset transfer in and out.
MPC, the full name of ”Multi-Party Computation“, is an important cryptographic security measure. It contains a variety of technical solutions (Echooo mainly uses MPC-SSS and MPC-TSS technologies). MPC wallet realizes more complex verification methods such as ”multi-signature“ and ”cross-chain“ off-chain through multi-party calculation of private keys. Simply put, it is to divide a private key into multiple fragments, and hand over the private key fragments to a decentralized network for calculation and encryption. When private key signature is required, the fragments are then spliced into a complete private key. The core idea of MPC is to decentralize control to achieve the purpose of Risk Diversification or improve disaster preparedness, so as to effectively avoid security issues such as single-point failure.
MPC Wallet No mnemonic is required, the private key or its fragments will automatically generate an encrypted file when you create the wallet, and encrypt and store it in your own personal cloud storage system account according to your configuration (you can choose Google Drive/iCloud/Dropbox). The file is generated by an advanced encryption algorithm to ensure that even if the file is lost, others cannot obtain your wallet private key. At the same time, the mobile phone will also encrypt the backup and save a file under the local TEE (Trusted Execution Environment) hardware encryption environment. Under no circumstances will Echooo upload and save your private key file.
Echooo does not have permission to automatically back up files. Echooo will only back up encrypted private keys if it is authorized. If you have not authorized but find that your wallet is backing up your account, you can check whether Google Drive/iCloud/dropbox has turned on the function of automatically backing up new applications. If you want to turn off the backup function, users can also set it in the Google Drive/iCloud/Dropbox authorization.
The essential difference is that the stored private key pieces are different, and the two backup paths store one private key respectively. It is recommended that users choose different paths to store the private key pieces to minimize the risk of private key leakage. If the user does not turn on the backup, the private key will not turn on the protection measures of sharding encrypted backup.
Just turn on the backup switch to realize automatic backup.
In order to prevent the risk of not logging in to the account in person, Echooo has set a 24h recovery protection mechanism for changing device login. During the recovery period, the new device cannot be logged in and the old device can stop the recovery process at any time. Uninstalling and reinstalling the app will be recognized as changing device login, so it will enter the process.
Due to the strong correlation between mnemonics and private keys, leaving mnemonics to the user will increase the risk of private key leakage and the burden of user storage and memory. With the development of technology, Echooo has supported a silky experience that can be directly registered and logged in through social accounts without mnemonics, and adopts multi-layer security protection to fully guard the security of assets on the chain.
In addition, at the moment when the mnemonic is generated, the private key has already touched the Internet. Even if the mnemonic is copied on the notebook, the risk of complete private key leakage cannot be eliminated. Therefore, the private key is sharding technology and encrypted storage from the source. And setting protection such as intelligent multi-signature at the transaction layer can maximize the risk of complete private key leakage.
Because EOA ties the account and the signature private key together, once the private key is lost, the account is also lost. The private key becomes the largest single point of risk for fund loss. The AA Wallet separates the account and signature private key. The signature private key is only used to initiate the transaction, but the approval of the transaction requires AA's multi-signatory to do the signature approval. If the signature private key is lost, the signature private key can also be replaced through community recovery, so the single point of failure of the signature private key loss is completely eliminated. At the same time, because AA wallet has programmable capabilities, it can realize more policy controls to improve account security, such as changing the signature ratio, setting Trust addresses, etc