Take MetaMask as an example to learn about encrypted wallets from scratch

Original title: "Anatomy of MetaMask wallet"

Original source: Julia Wu 

Original compilation: Block unicorn

Since its launch in 2016, as of March 2022, MetaMask (Little Fox Wallet) has gained 30 million monthly active users. It has a global user base with high participation from the US, Philippines, Brazil, Germany and Nigeria.

MetaMask is one of the indispensable applications in the Ethereum community. In the Web3 world, MetaMask is known to everyone, attracting people to open the world of encryption through MetaMask trip. With NFTs, games, and DAOs bringing a lot of new users to web3, wallets remain a fundamental part of the ecosystem — they are the heart and center of all interactions between users and the blockchain.

This article will focus on the mechanism of blockchain accounts and MetaMask, with a preference for Ethereum. But if you're interested in its origins and business aspects, The Generalist has a very detailed story. The information in this post was gleaned from sources such as the Mastering Ethereum book, MetaMask support articles, and the Ethereum Homestead documentation. So if you're interested to dig in, these places are full of precious details.

They can also be intimidating to some people. But in reality, most wallet applications today (traditional financial wallets) are extensions built around a simple central component: an account consisting of a public key (account number)/private key (password) pair.

Start with principles

Before we talk about MetaMask itself , let's first dig into some of the basic concepts underpinning it.

< /p>

address (account)

Addresses are the core primitive of the blockchain. In Ethereum, there are two types of addresses: external owned accounts and contract accounts.

Each address is defined by a public key and a private key. The public key is created from the private key, and all addresses on the blockchain are sorted by their address (public key).

Let's analyze the two types of accounts and their characteristics:

Externally Owned Address

1. Have an ether balance

2. Can send transactions (i.e. transfer or trigger smart contract code)

3. Controlled by a private key

4. No associated code

Contract address

1. Actual smart contract with ether balance

2. Associated code

3. Code execution is executed from other contracts or Triggered by a transaction or message received by an address

Every action on Ethereum is triggered by an externally owned account.

If this article is about wallets, why are we talking about addresses (accounts)? Well, essentially a wallet is nothing more than an account manager.

What is a wallet?

If we remove all the functionality of chrome extensions and mobile apps, behind this cute little fox is a software.

Every wallet starts with a private key management component.

Once there is a private key management aspect, the wallet becomes a user interface that allows the user to interact with the blockchain. It facilitates the transfer of funds from one account to another, manages private keys, tracks token balances and helps you sign transactions. But none of these things would happen without private key management.

Think of it like a keychain, the main job of an Ethereum wallet is to contain the user's private key. They don't actually hold any real tokens, they just reflect how many tokens there are for your account on the blockchain.

A blockchain is simply a distributed ledger that links your accounts to the number of tokens you own. The keys held by the wallet are the only requirement to transfer ether or tokens to others. Using your private key, you can change the ledger of transactions by signing them with your private key, which we will cover in detail in a later section.

< p>

Types of wallets

Different wallets One way is through the way the private key is generated.

There are two main types of wallet private key generation: deterministic and non-deterministic. The difference is whether they are related to each other.

Non-deterministic wallets have private keys generated by random numbers, and these private keys are not related to each other.

This is more like a traditional Ethereum wallet. It comes in the form of a wallet file where a randomly generated private key is stored. Deterministic wallets will generate a new wallet file for each address, and backup and recovery may be more troublesome.

Non-deterministic wallets are considered inferior to deterministic wallets.

Deterministic wallets have private keys generated from a single master private key (called a seed, which can also be called a seed phrase). In a deterministic wallet, private keys are linked and can always be replicated using the same seed. This is the type of wallet we are more familiar with as it is considered a standard and used by MetaMask.

The seed is represented as a list of English words (usually 12 words) that you can write down in order to recover your key if needed. This is also the "Private Key Recovery Phrase" you see in MetaMask. It is also sometimes referred to as your "mnemonic". However, if someone gets hold of them, they can instantly access your wallet and do all sorts of things with your assets. This is why it is recommended never to share your seed phrase, or even store it electronically.

Seed Phrase allows for easy wallet export and import and easy migration of all private keys to different wallet applications. For example, if you have a wallet on MetaMask, you can still import that wallet into your Rainbow or Argent mobile app by entering your seed phrase.

The most advanced form of deterministic wallets are Hierarchical Deterministic (HD) wallets, based on Bitcoin's BIP-32 standard. Keys are called "hierarchical" because they represent a tree structure. A parent key can derive a set of child keys, and the child private key can then derive another series of grandchild keys.

HD wallets are superior to other types of deterministic wallets because: 

1. The tree structure can represent an organizational structure . Branches can be considered as sub-teams or subsidiaries within a company, which provides the opportunity to organize budgets and payments accordingly.

2. A public key can be generated without access to the corresponding private key.

A seed phrase (mnemonic) is a set of English words, but it's just a way of encoding a private key. It is currently widely used because other types of representations, such as hexadecimal strings, can lead to higher error rates when written on paper. At a high level, mnemonics are generated by a process defined by BIP-39 that involves starting with some information sources, transforming the data, and then mapping it to a list of words.

< p>

There is a set of industry standards (such as mnemonic phrases and HD wallets) that affect wallet implementation and lead to wallet interoperability. Thanks to these standards, you can easily export and import wallets from different wallet applications.

Wallet type

Wallets can come in several different forms, the most common:

Desktop wallets:MyCrypto, Gnosis Safe.

Browser plug-in wallets:MetaMask, MyEtherWallet, Web3Auth.

Mobile wallet: Argent, Coinbase Wallet, MetaMask, Rainbow, Trust Wallet.

Hardware Wallets  (A secure method of accessing funds online as they do not Expose private key): Ledger, Trezor, KeepKey, Bitbox, Lattice1.

< /p>

Smart Contract Wallets

For example Argent and Gnosis Safe are smart contract wallets, these are similar to this article The "contract address" described at the beginning.

These wallets use an alternative to externally owned accounts and are built on top of smart contracts. Since business logic has more room for implementation, they can provide functions such as helpless recovery, automatic blocking of certain transfers to untrusted contracts, social recovery, transfer restrictions, and account freezing.

The following is a sample code of a very simple smart contract wallet, based on the tutorial of Block Explorer: (For detailed tutorial, please read the original text)

Enter MetaMASK

The protagonist we have been waiting for, this little geometric fox tells us that "the decentralized network is Waiting" - which many of us have a love-hate relationship with.

< p>MetaMask is a non-custodial (or self-custodial) cryptocurrency wallet. This means that no third-party "custodian" holds your private keys. It allows you to live out the spirit of "not your keys, not your tokens". MetaMask doesn't store any data about the wallet, everything you see is in your browser or mobile app at the local level.

MetaMask uses 3 different types of "secrets" to protect your wallet:

1.  Secret Recovery Phrase (Mnemonic): As mentioned earlier, this phrase is a mathematically generated mnemonic based on your master key. These words, when placed in a specific order, can regenerate all accounts in your wallet. Remember, there can be multiple accounts in one wallet. Your wallet is a keychain holding many public/private keys. Each key corresponds to an account in the wallet. When MetaMask regenerates your wallet from the Secret Recovery Phrase, it may only generate the first account at first, but since wallets are deterministic, other accounts can be recreated in the same order.

2. Private key: Each account has its own public key and private key. Typically, the account and its address, the public key, can be seen. A personal private key can be used to import that specific account (and only that account) into any other wallet application.

3. Password: This is used to secure the wallet app itself. You only use it to unlock apps. FaceID works on mobile devices.

Coinbase and MetaMask

It is worth noting that Coinbase (The core app) is a custodial wallet, so the difference is that instead of you holding your own private keys, Coinbase actually stores them for you. So you can't just export your Coinbase wallet and import it into another wallet like MetaMask. However, you can do this from Rainbow Wallet to MetaMask (and vice versa), since both are non-custodial.

Note: Coinbase also offers a non-custodial solution through Coinbase Wallet.

How does MetaMask connect to the blockchain network

MetaMask and other wallets can also be your key to the public blockchain network. Let's remind ourselves what a web browser does: a software program that allows us to access the World Wide Web. When a user requests a web page by entering a URL address, the browser fetches the content from the web server and displays it on the user's device.

Blockchain nodes constantly synchronize network status and observe transaction history. Likewise, MetaMask allows you to access the blockchain network as your current browser cannot.

In order to communicate with blockchain nodes, there is a standard called JSON-RPC which allows to request and submit data from them. These requests over JSON-RPC can be made over HTTP or WebSocket.

How does MetaMask discover these nodes to send requests to? It uses Infura, which provides a highly available, scalable blockchain API to access blockchain networks.

< p>

The life cycle of transactions

Blockchain is a distributed ledger, just Like the mapping of accounts and their assets. Imagine a spreadsheet where each row is an account (Ethereum address) and each column is the cryptoasset it holds.

Suppose Alice wants to send 1 Eth to Bob. At this point Alice opens her MetaMask wallet, enters Bob's wallet address, and hits send. When she hits send, she is also using her private key to sign the transaction.

The transaction will enter the local memory pool (mempool), which is then obtained by the nearest node in the Ethereum network.

When this transaction is initiated, Alice's transactions will be prioritized according to her gas (handling fee) settings, and the transactions will be propagated among the nodes in the network. After processing the transaction, the node will also check that Alice has enough ether to spend before performing the transfer.

In the end, the transfer is just a modification to the ledger, debiting 1 ETH from Alice's balance and adding 1 ETH to Bob's account.

Core Functions

Let's summarize the main features of MetaMask - note that many of them are related to or revolve around private key management:

1. Account management (creating, importing, exporting accounts, docking hardware wallets)

2. Connect to the public blockchain network

3. Sign transactions (transfer, smart contract interaction), allowing users to determine each Gas price for transactions

4. Use fiat to buy cryptocurrency (using MoonPay, Transak, Wyre)

5. Swap tokens

6. Display assets (ERC20 tokens, nft)

7. Display activity (transaction history)

8. Link dApp

Wallet standards are always evolving, and so is MetaMask. We may start to see more attempts at features like social recovery wallets, multi-factor authentication for improved security, and new user experiences by injecting functionality into MetaMask itself when connecting to dApps.

There are many possibilities for innovation in wallet user experience, dApp interaction and security. While MetaMask has paved the way, the wallet’s work is far from done. For example, we haven't quite figured out how to sign transactions on mobile devices. Due to industry standards, wallets can be combined and rebuilt to suit user and application needs.

One could argue that wallets are similar to digital identities/passports, bank accounts , browsers, etc. It could be these, it could be something else. We're just scratching the surface - the room for development is huge.

Original link

Welcome to join the official BlockBeats community:

Telegram Subscription Group: https://t.me/theblockbeats

Telegram Discussion Group: https://t.me/BlockBeats_App

Official Twitter Account: https://twitter.com/BlockBeatsAsia