Retail Friendly Wallet for Progressive Security

progressive-wallet.md

There is currently a significant gap in the market for power users who desire the security of hardware wallets like Ledger but prefer the flexibility of using standard devices. These users may also want the option to eventually transition some of their accounts to arbitrary threshold approval systems similar to Gnosis Safe. This self-service wallet aims to provide an extremely simple initial setup and day to day usage similar to Phantom, while offering power users the ability to progressively add sophisticated access controls that can scale from personal use to enterprise environments.

Core Features

Seamless Multi-Device Access

• Login on any device by approving from an already-authenticated device (no manual seed phrase entry required)

Progressive Multi-Signature Support

• Gnosis Safe-like threshold signing workflows with configurable requirements (including approving users and auth methods)

Power User Mode

• Custom payload injection for advanced transaction signing
• Enterprise-grade controls comparable to Anchorage/Fireblocks
• Advanced authentication controls (OTP, desktop, mobile, SMS combinations)

AI and Third Party access

• Allow adding expiring API keys from AI agents and other third parties to automate actions on your behalf
• Dapps could be allowed to do things such as liquidate users positions across multiple chains allowing users to acess more collateral
• AI agents could be granted restricted access to certain dapp transactions and given spend limits to minimize blast radius of hallucinations

Unique Value Proposition

• First wallet offering intuitive onboarding with phantom like functionality that also scales to enterprise-grade custody within a single platform

Target Audience

This wallet would uniquely serve users across the entire spectrum: from those simply wanting better device sync to sophisticated users who have outgrown basic wallets but find enterprise solutions too complex or expensive for their current needs.

Primary Market: Retail users seeking enhanced convenience

• Phantom and MetaMask users frustrated with manual seed phrase entry on new devices
• Casual crypto users who want seamless access across phone, laptop, and tablet
• Users who frequently switch between devices for crypto activities

Secondary Market: Crypto-native professionals and enterprise teams

• Small teams and startups needing shared custody solutions
• Organizations requiring compliance-friendly multi-signature workflows
• Teams needing granular access controls and audit trails

Tertiary Market: Advanced retail users

• High-net-worth individuals seeking institutional-grade security with consumer-friendly UX
• Hardware wallet users frustrated with the lack of flexibility and seed phrase backup risks

Monetization Strategy

• Freemium subscription model that upcharges for enterprise features (e.g. multi-user threshold signing)
• Fees on in-app swaps for tokens and NFTs
• Refferal payments from strategic business partners

gmgm good sir ❤️ love your thoughts / ideas here!

would be curious to hear a bit more in terms of what the actual product would look like in your eyes.

the security of hardware wallets like Ledger but prefer the flexibility of using standard devices

the premise of hardware wallets is that in order to sign using stored private keys, you need physical possession of a device. I’m guessing the “middle ground” between Ledgers/Trezors and overly-flexible auth methods (like email/SMS) would be cloud-based passkeys and HSMs/yubikeys

I think this is directionally inline with the old Chrome Extension idea we had in the sense that you have a standalone Turnkey wallet (intentionally avoiding overloading the term “global wallet” here) that you can configure + sign with from a variety of settings.

would this be like a Metamask/Coinbase Wallet-type of situation where you have a browser extension, mobile app, and can thus sign messages on both web and mobile (via WalletConnect/other standards)?

or a higher/lower-level set up where things are a bit more segregated: use WalletConnect to initiate a transaction, then strictly approve via a separate web or mobile app that is only responsible for parsing / approving activities

This is some gooood content here! Im thinking about the linking mechanisms between devices. Assuming a mobile app and browser extension to start (can extend to other platforms down the line).

I personally think it would be sick if you could do this linking through a local communication mechanism. If Turnkey is the infra for this, this means transporting some API key from one device to the next. If some backend (not Turnkey) is mediating this linking flow, they could potentially MITM this scenario.

I was thinking about using Bluetooth, NFC, or a QR code to facilitate the transfer of an API key from device to device. The reason for these mechanisms and not say a hardware key or even a wire is I want to meet users where they are and keep the process as simple as possible.

Bluetooth/NFC would be sick because you could have a "touchless" sign up process. Just hit link device on either the extension or mobile app and hold you phone near your computer and boom they're connected. However some early research suggests theres limitations on the types of bluetooth devices that a browser can actually connect to (the phone would have to play the role of the bluetooth server). NFC looks even less promising. This might be worth a deeper dive.

QR codes require the user perform another step, and might be confusing. However it still does make it possible to transfer an API key locally without needing through some mediating backend.

Anyone have any cool thoughts for local communication mechanisms that might work here? A desktop application could solve the bluetooth problem, but for normal everyday users this is the least likely medium they might utilize imo.

Other mechanisms that require a backend include entering an OTP code that is generated on either the mobile app or the browser extension, however this could suffer from the same MITM attack mentioned earlier. We could also utilize Turnkey Auth for linking, aka use a phone number/email on the mobile app, then use the same phone number/email on the browser extension, but this might be a tradeoff in security (phone number)/UX (email) that doesn't get us to "institutional-grade security with consumer-friendly UX" as lined out in the original post.

gmgm good sir ❤️ love your thoughts / ideas here!

would be curious to hear a bit more in terms of what the actual product would look like in your eyes.

the security of hardware wallets like Ledger but prefer the flexibility of using standard devices

the premise of hardware wallets is that in order to sign using stored private keys, you need physical possession of a device. I’m guessing the “middle ground” between Ledgers/Trezors and overly-flexible auth methods (like email/SMS) would be cloud-based passkeys and HSMs/yubikeys

I think this is directionally inline with the old Chrome Extension idea we had in the sense that you have a standalone Turnkey wallet (intentionally avoiding overloading the term “global wallet” here) that you can configure + sign with from a variety of settings.

would this be like a Metamask/Coinbase Wallet-type of situation where you have a browser extension, mobile app, and can thus sign messages on both web and mobile (via WalletConnect/other standards)?

or a higher/lower-level set up where things are a bit more segregated: use WalletConnect to initiate a transaction, then strictly approve via a separate web or mobile app that is only responsible for parsing / approving activities

Having a single user be able to require approvals from mutliple devices that can parse the signing request has the same functional benefits of using a ledger to validate before signing, regardless of where the signing request is initiated (inline in wallet, dapp etc). I don't mean it as a strict one to one comparison, but instead that it would interest an overlapping set of users

This is some gooood content here! Im thinking about the linking mechanisms between devices. Assuming a mobile app and browser extension to start (can extend to other platforms down the line).

I personally think it would be sick if you could do this linking through a local communication mechanism. If Turnkey is the infra for this, this means transporting some API key from one device to the next. If some backend (not Turnkey) is mediating this linking flow, they could potentially MITM this scenario.

I was thinking about using Bluetooth, NFC, or a QR code to facilitate the transfer of an API key from device to device. The reason for these mechanisms and not say a hardware key or even a wire is I want to meet users where they are and keep the process as simple as possible.

Bluetooth/NFC would be sick because you could have a "touchless" sign up process. Just hit link device on either the extension or mobile app and hold you phone near your computer and boom they're connected. However some early research suggests theres limitations on the types of bluetooth devices that a browser can actually connect to (the phone would have to play the role of the bluetooth server). NFC looks even less promising. This might be worth a deeper dive.

QR codes require the user perform another step, and might be confusing. However it still does make it possible to transfer an API key locally without needing through some mediating backend.

Anyone have any cool thoughts for local communication mechanisms that might work here? A desktop application could solve the bluetooth problem, but for normal everyday users this is the least likely medium they might utilize imo.

Other mechanisms that require a backend include entering an OTP code that is generated on either the mobile app or the browser extension, however this could suffer from the same MITM attack mentioned earlier. We could also utilize Turnkey Auth for linking, aka use a phone number/email on the mobile app, then use the same phone number/email on the browser extension, but this might be a tradeoff in security (phone number)/UX (email) that doesn't get us to "institutional-grade security with consumer-friendly UX" as lined out in the original post.

This comes down to desired UX, but I think starting with QR codes sounds totally reasonable and then adding in the option to allow OTP/email seems like a sensible follow ons. Bluetooth/nfc seem questionable due to requirements on both devices. Security conscious users can require specific auth factors and configurations for bootstrapping new devices

Anyone have any cool thoughts for local communication mechanisms that might work here?

WebRTC comes to mind for this, it's an open standard for browser-to-browser communication, with JS bindings ready to use!

Also hiiii @emostov 👋

IMO there's a huge opportunity here: Turnkey can build all of this in a cross-chain way.

• "Seamless Multi-Device Access" => can be accomplished today with a mix of long-lived sessions and on-device API keys. I think we can leverage long-lived keys in SecureStorage or IndexedDb for example
• "Progressive Multi-Signature Support" => this would have to be done with Root Quorum (each device can be modeled as a Root User with its own set of authenticators) or with the upcoming MFA primitives (we're working on it 🤫)
• "Power User Mode" => this just means exposing the Turnkey APIs more directly; should be easy!
• "AI and Third Party access" => also what Turnkey is built for. Easy to spin up a user, grant them granular permissions via policies, etc

One big part of a good wallet UX is tx construction and tx broadcast; I think we'd have to partner or build something here. Things like gas estimation, gas sponsorship, automated retries and nonce bumping (ETH-specific) or CPFP (BTC-specific) when this happens, ... the devil's in the details. But we can definitely start simple and have a killer basic UX for key management 🥇

rel: https://jumpcrypto.com/writing/custody-bft-policy-checking-threshold-signatures/