Ethereum Security Researcher Yoav Weiss Believes that Decentralized Identity Could be a Big Improvement for the Web3 Space

Share this article

• 
• 
• 
• 
• 

by Vadim Krekotin

Published: March 01, 2023 at 6:33 am Updated: March 01, 2023 at 7:45 am

To improve your local-language experience, sometimes we employ an auto-translation plugin. Please note auto-translation may not be accurate, so read original article for precise information.

As Vadim Krekotin continued speaking to industry experts on the ground at Starkware Sessions 2023, he brought us a conversation with Yoav Weiss, a security researcher at the Ethereum Foundation. In this interview, Yoav Weiss talked about the controversial topic of censorship on the Ethereum chain and the challenges facing the mass adoption of decentralized identity.

Vadim: Can you please say a couple of words about yourself?

I’m Yoav. I’m a security researcher at the Ethereum Foundation, and I’ve been working on account abstraction for the past couple of years. I’m one of the authors of ERC-4337.

Vadim: How do you see the current development of web3 and the state of the industry now? What are the biggest challenges we have at the moment?

Well, there are many different things, so I wouldn’t know where to start. I am focused on improving usability and security for the next billion users, making it easier for the rest of the world to join us. I don’t think the next billion users are going to use private keys and write walls of text on a piece of paper; we need to abstract it away. That has been my focus: Making it easy to develop wallets so that users don’t even need to know that there is a private key involved.

Vadim: I definitely agree with you that technology should be under the hood, and people should reap the benefits. What do you think are the most pressing challenges for Ethereum mass adoption?

I think the usability is not great at the moment due to the technical complexity that is too much for many users. There’s the scalability issue around the gas prices, but the scaling strategy is based on layer-2s. I believe a lot of the innovation and a lot of the transactions will move to layer-2, so we’re focused on improving usability on Ethereum and on the layer-2s.

Vadim: Besides putting blockchain technology under the hood to accelerate mass adoption, how else do you think account abstraction could impact the development of decentralized applications (dApps) on the Ethereum network?

First, it’ll enable more applications simply by making it easier for new users (“the next billion users”) to start using dApps without worrying about key management. The network effect will enable projects that wouldn’t make sense for a smaller community like we are now. Then, there are usability improvements made possible by AA, such as batching operations together. No more having to sign two transactions to approve+transfer tokens. I anticipate that dApp and wallet devs will work together to create better UX for everyone. We may even see wallet plugins being developed by dApp developers to add functionality to wallets and better accommodate the dApp’s flows.

Vadim: You mentioned that Ethereum’s scaling strategy is based on layer-2s, what about EVM-compatible layer-1 smart contract platforms?

Different L1s solve scaling in different ways. It’s always a trade-off. Some would solve it through an L2 ecosystem and efficient bridging, with L1 itself remaining expensive and mainly used as the settlement layer for L2s. Others compromise on being less decentralized, application-specific, or making different trade-offs. From the perspective of account abstraction, it won’t matter. Whatever scaling solution they use to lower their gas fees will make account abstraction cheaper to use on these networks.

Vadim: From a security perspective, what are some potential attack vectors or vulnerabilities that could be introduced by account abstraction, and how can they be mitigated?

Account abstraction improves user security in many ways, but it adds the risk of smart contract bugs. Any account abstraction wallet should be carefully audited, and if it’s used to hold high-value assets it should also be formally verified. ERC-4337 tries to solve a lot of the complexity for wallet developers, but ultimately the wallet itself needs to be implemented securely. Other security issues are potential DoS against the infrastructure that serves AA wallets. Prior to ERC-4337, this infrastructure consisted of centralized relays that could be attacked. With ERC-4337, it becomes a decentralized network that can scale to mitigate attacks, but we had to solve many challenges to make this network DoS resistant.

Vadim: In your opinion, what are some of the biggest challenges facing the Ethereum community from a security standpoint, and how do you think they can be addressed?

Cross-chain bridging is still an unsolved problem from a security standpoint. Each bridge makes different trade-offs, and we see too many security incidents around them. The community needs to keep working on these problems and come up with better architectures.

Vadim: Can you provide an example of a security issue you discovered or helped resolve in the Ethereum network or a specific dApp, and walk me through how you identified and addressed the issue?

One example is the security issues I discovered in the Optimism fraud proofs system in 2021. I described the process in this post.

Vadim: What do you think about decentralized social networks and their places in the future?

Well, I’m a strong believer in decentralization, and I think censorship resistance is a big part of the story, so I think decentralized social media should be a part of the future.

Vadim: Decentralized identity is one of the hot topics now. What are the biggest challenges right now in bringing mass adoption for people to use a decentralized identity?

Again, there are the technical challenges of managing it. Then, there are many projects using zero knowledge in order to allow you to prove certain assumptions about your identity without revealing too much. For example, if you go into a bar, and you need to prove that you’re 21 in order to buy a beer, there’s no real reason to give your name and your address and all of these details to the bartender. You only want to prove that you are who you are and that you are also a certain age. Having wallets that can prove these assumptions about your identity, I think it’s going to be a big improvement for the space.

Vadim: Censorship on the Ethereum chain is a controversial topic. Why and what’s your personal point of view on that?

Well, I think censorship resistance is one of the most important things for any decentralized system. Otherwise, what are we doing here? Ethereum is working to address this for Proposer/Builder separation and inclusion lists, so there’s a lot of research going on in this space in order to improve this.

Vadim: What do you think about AI, VR, and their place in the future?

Interesting technology with a lot of potential. I don’t see it connected to what we’re building right now, but I’m a fan of the space.

Vadim: Are there any other industry-related issues you’d like to tell our readers more about?
As I said, I’m working on improving the usability of blockchains in general and Ethereum, in particular, by creating account abstraction. So I think we need to make it better, make it easy and secure to use blockchains so that they can be so they can be used for more things in the future.

Vadim: Alright, anything else you’re working on other than research on Ethereum?

No, just my account abstraction research. It’s more than a full-time job. There’s more than enough to do.

About The Author

Founding partner at Cryptomeria Capital and Cryptomeria Labs; Ex-CEO at Cointelegraph China;

More articles

Vadim Krekotin

• 
• 

Vadim Krekotin

Founding partner at Cryptomeria Capital and Cryptomeria Labs; Ex-CEO at Cointelegraph China;

• 

More articles