In-depth comparison of mainstream key management projects

This article was translated by Eigen Labs, the original author Zhen Yu Yong. Please click to read the original text to get the original English content of the article, Eigen Team will continue to deliver the latest dry goods of the blockchain for you, please continue to pay attention! Enjoy~

With the proliferation of blockchain and other encryption use cases, private keys are given more value in economics and other aspects. Following this is the increasing importance of key management. Currently, there are multiple key management systems. This article will further discuss several key management issues and key management system options.

Key management based on user equipment

This is almost the most basic way to manage a key pair-store it on the user’s device. Devices include their browsers, desktops, mobile devices or hardware wallets/ledgers. This is currently the most common way to manage private keys on a wallet, but it has several disadvantages.

First, most users are not familiar with key and mnemonic management methods. In addition, standard key management requires a trade-off between security (the possibility of a key being leaked), redundancy (the key is lost without a backup), and convenience. There are other management solutions

Managed key management

A trusted third party manages the private key on behalf of the user and returns the private key to the user when logging in.

Password management model

The password management model uses user-provided easy-to-remember passwords to encrypt the keys generated by the client, and then stores these encryption keys and password hashes on the server.

The password management model means that the private key is encrypted on the client through the password set by the user, and they store the encrypted private key and password hash on the server.

In-depth comparison of mainstream key management projects

When a user logs in, they provide a username/password hash combination to the server, retrieve and encrypt and decrypt the key locally. Especially convenient is that this model allows users to use any device to access their keys.

The non-custodial nature of the password management model makes us still need to make trade-offs when using this model. Since the user key is encrypted with a password, the model will also suffer the same brute force/rainbow attack as the traditional password system. Any attacker who has access to the password hash/encryption key can repeatedly try to decipher the user’s key. For passwords with symbols, letters, and numbers, it takes 34 seconds to crack a 6-character password combination, and 8 characters takes 1-2 days. In addition, access to the encryption key may be denied, which may lead to troublesome review.

Threshold key management

Threshold key management usually uses some kind of key sharing to divide the user key into multiple copies. As long as there is a certain minimum number of key fragments, it can be used to reconstruct the user key. Threshold key management allows multiple EOAs to control a single account, allows users to have multiple shards for a key, allows users to keep the shards as a backup without damaging the master key, and allows the Under the premise, the key fragments are reused.

The properties of the threshold key management model depend on where the user saves each key segment. Different wallets and programs have developed different methods according to actual use cases.


Smart contract wallet model

Smart contract wallets are not passwords, but contracts for holding and managing user assets, managed by private keys or externally owned accounts (EOA). Therefore, the properties of smart contract wallets also depend on the management method of the application field and its EOA. Similar to threshold key management, smart contract wallets have the advantage of multiple EOAs to control a single account. In addition, abstract computing can also be used to implement functions such as daily expenditure restrictions or permissions, thereby protecting user assets.

Accompanied by stronger computing power is less composability and higher cost. Smart contract wallets are limited to use on the blockchain where they are located, and even limited to between L1 and L2. Smart contract wallet is not a simple key, but a contract. Therefore, the simple native functions expected by the user (such as signing or authentication) cannot work. In addition, although with the introduction of faster and more scalable solutions, costs are expected to be further reduced. But cost is still a problem that cannot be ignored at present.


Below we will introduce a few different products. The characteristics of these products are slightly different, but we hope that our summary can provide you with an overview of the current mainstream solutions. If there are any errors or omissions, please contact for corrections.


Metamask can be used to access in the ordinary Chrome browser, called Chrome extension wallet or mobile wallet. Metamask can manage the keys on the device and has the characteristics of simple operation and non-custodial, but it needs to synchronize the mnemonic phrase with the device.


Portis uses a password manager model to store keys. As a web wallet integrated into DAPP, Portis uses the user’s browser iFrame and domain security model to protect the user’s key. Portis has a npm package (a well-known javascript package management tool) that provides Web3 support for developers.


Because Magic (formerly known as Ethernet Square wallet solution providers Fortmatic) using a password / email combination, it is often mistaken for password management model. However, they are actually kept by HSM (Hardware Security Module) and AWS (Amazon Cloud Service). After digging into the internal mechanism of Fortmatic, we found that its blog also confirmed our conclusion:

In-depth comparison of mainstream key management projects

The above figure shows us the interactive flow during the registration process. The explicit authentication of its access key depends on the calling credentials (Access Token). Fortmatic relayer and AWS cognito can also access this call credential.

Magic’s key recovery process confirms the above conclusion. Unless you brute force the user’s password, the password manager model is impossible to achieve key recovery. But Magic can send, verify and reset your password via email without knowing your previous password.

In-depth comparison of mainstream key management projects


Bitski is a custodial electronic wallet. They never disclose user keys on the front end or in the browser, thereby avoiding system loopholes and improving security.


Argent uses smart contract wallets and keys stored in its mobile app. Argent works with other Argent smart contract wallets to realize social recovery and even pay gas fees on behalf of users.


Authereum is also a smart contract wallet, designed for network use, and its EOA is managed through a password manager model. Authereum supports key recovery, and the entire recovery process is completed by attaching and downloading another key.


Torus implements a threshold model called tKey. They store user keys in slices between the device, input, and the Torus network-users can choose two of the three to recover their keys. The Torus network share/factor is further fragmented among its currently licensed node participants. Users access these shards by logging in to OAuth (such as Google, Linkedin, WeChat, etc.).

When users use tKey on different devices, they will increase the number of shards they hold, thereby reducing the possibility of losing the key. Users can also choose to increase their threshold to increase the security of access keys and create a two-factor authentication (2FA)-like experience.


Fireblocks also performs threshold key management, but it is usually geared toward the enterprise rather than the individual level. Fireblocks allows different individuals to manage company assets in different configurations.


In-depth comparison of mainstream key management projects

Eigen Network is the first end-to-end private computing network on Layer 2.

Based on TEE and other privacy computing technologies and the unlimited expansion of Layer2 computing power, Eigen can solve two problems currently faced: 1) the problem of data privacy leakage on the chain caused by the openness of the natural data of the blockchain; 2) the insufficient scalability of ETH The problem of high fees. In addition, Eigen will also reform the existing production relationship of data asset circulation on the chain, considering the privacy protection of individuals from application scenarios to technology stacks, and become a developer-friendly and practical privacy protection infrastructure for Web2 to Web3. Contribute to conversion.

Posted by:CoinYuppie,Reprinted with attribution to:
Coinyuppie is an open information publishing platform, all information provided is not related to the views and positions of coinyuppie, and does not constitute any investment and financial advice. Users are expected to carefully screen and prevent risks.

Like (0)
Donate Buy me a coffee Buy me a coffee
Previous 2021-11-02 22:00
Next 2021-11-02 22:15

Related articles