We’re excited to introduce Passport Protocol - A programmable and MPC-based distributed key management network!

In a non-custodial manner, Passport lets devs customize authentication and key recovery rules and fully automate and program transactions.

Get access at https://passport.0xpass.io/

Now, let’s dive in!

Crypto has a user experience problem.

From authentication to transactions, the crypto landscape is encumbered with friction at every layer. Incremental improvements in onboarding and authentication won’t cut it for bringing in the next billion users, for that, we need to rethink the entire user experience.

Improving flexibility while ensuring user control calls for a fundamental redesign of our key management infrastructure, from there we can build a frictionless experience, requiring minimal human interruptions

Key Management Today

Self-Custody

While self-custody remains the gold standard to ensure complete ownership, it comes with onboarding-related challenges that limit web3 applications from expanding their audiences.

Custodial Solutions

Custodial solutions, on the other hand, grant that flexibility but require enormous amounts of trust to be placed on custodians.

MPC: The "Middle Ground" Solution

Traditional non-custodial, MPC-based solutions represent a "middle ground" partially solving the problem of key storage and recovery.

However, since they split key shares between end users and providers’ backends and networks, they come with limited flexibility around programming auth and recovery mechanisms and cannot reimagine the post-onboarding, transaction experience - requiring the user to always manually initiate transactions.

Programmable and Network-Managed MPC

We're excited to introduce our vision for Passport Protocol - a programmable, and MPC-based distributed key management network.

Passport Protocol separates itself from traditional MPC models by distributing key shares solely among network nodes. The core innovation lies in programmable, immutable rules for authentication and transaction governance, providing an entirely non-custodial infrastructure that makes use of MPC algorithms and secure enclaves.

Passport Protocol fundamentally rearchitects the entire onboarding process - making authentication and recovery rules, entirely customizable. In addition, it also fundamentally reimagines the post-authentication, transacting experience making it entirely programmable.

For the first time, developers can specify the rules around what, when, and how signing should take place and choose to even completely automate that process.

Highlights and Implications

Non-Custodial and Secure By Design

Using secure enclaves and MPC algorithms we ensure that no one - not the dapp, nor our wallet adapter 0xPass, nor the node operators, nor the infra providers we use - can see even one share of the private key.

Customizable Authentication and Social Logins

Developers now have full customizability over the rules that govern how to authenticate users. While this enables social logins, it goes even beyond that - enabling even the chaining of multiple authentication rules or custom auth logic depending on a developer’s use case.

Programmable Transactions

Unlike traditional key management protocols and services, developers can program multiple authentication and recovery methods and enable superior UX through automated and scheduled transactions. Transactions can even be pre-approved and governed by immutable off-chain programs that dictate when and how signing takes place!

Seamless Key Recovery

Since authentication and recovery methods can be programmed, users can recover their keys across devices without having to handle a user share, a code, or being tied to their device in any manner like it’s necessary with existing MPC solutions.

Programmable Interoperability

Through the notion of “scopes,” developers can choose to create wallets that are interoperable, ensuring end-users don’t have to onboard or top up assets into their wallets every single time they use a new app.

Protocol Architecture

How Keys are Created and Managed

Passport Networks divide the creation and storage of private keys across multiple nodes. Each node in the network generates a "share" of the private key, which is then stored in an encrypted database through secure enclaves. This distributed approach ensures that:

• Keys are never stored in one location, reducing single points of failure.

• No one, not even the node operator has the access to the key share in any process.

• The network offers strong fault tolerance and resilience.

By dividing private keys into multiple shares and scattering them across nodes, Passport achieves an extra layer of security, ensuring no single node can compromise the entire system.

Programmability Through Scopes

Passport Networks' architecture enables programmable key pairs, governed by authentication and verification rules defined by the scope owner. This feature empowers developers to:

• Enable user-controlled keys through OAuth.

• Offer custom recovery options.

• Establish a variety of authentication rules.

Utilizing network custody, wallets function under these immutable "rules," accessible only to the owner. This design not only grants unparalleled control and flexibility in wallet creation and key management but also ensures trustlessness by eliminating reliance on centralized elements like relayers.

Additionally, Passport's event handler orchestrates the cadence of transactions, enabling scheduled and automated operations as well as facilitating bot development.

Security and Performance

Passport Network employs peer-reviewed algorithms and audited implementations. Specifically, it uses DKLS23 for threshold signatures. This algorithm offers:

• High performance with the lowest latency possible in Multi-Party Computation Threshold Signature Schemes (MPC-TSS).

• Robustness by avoiding the computationally-intensive Paillier operations commonly found in traditional MPC solutions.

Metadata and Node Operation

In its early stage, Passport utilizes replicated internal databases in each node for managing metadata and states. This ensures improved performance and data integrity. Future iterations plan to increase decentralization by using external node operators and on-chain state managers. This will fortify the network's resilience and transparency.

How To Use Passport Protocol

For those that want a drop-in “Connect Wallet” component, social logins and embedded wallets powered by Passport Protocol will be made accessible through our wallet adapter 0xPass.

For those that want to use it alongside existing authentication solutions, we will be providing client side SDKs as well as APIs.

However, Passport Protocol is meant to be a trustless, public good. Over time, our team will focus on building an ecosystem allowing for other wallets, apps, and infra providers to easily build on the protocol.

A Future Beyond Key Management

While Passport Protocol today only handles key management, our ambitions go way beyond that.

Future versions of Passport Protocol will also look to allow developers to trustlessly authenticate, manage, and authorize users - thereby and in conjunction with key management, opening up not only web3 use cases but also traditional web2 ones.