Crypto Wallet: Metamask

This article provides overview of different categories of crypto wallets available, account creation process of Metamask wallet and security/key features of the same.

Image Source: https://unsplash.com/photos/fDw4K26USxI

Introduction

With web2.0 world moving towards web3.0 which we can see from the statistics, about 2,970+ dApps are deployed on Ethereum with active users of around 71.72k, wallets are commonly used by these users to interact with dApps which are running on blockchain networks like Ethereum.

Digital Crypto Wallets

Digital wallet is similar to any traditional wallet but these crypto wallets store private keys which is used to sign, send/swap transactions. Every crypto wallet can have number of accounts with separate private key and balance associated with it. You can think of the crypto wallet as traditional physical leather wallet holding different cards like debit card, credit card which resembles accounts of crypto wallet with their own balance.

Crypto Wallet Types

There 2 major types of wallets:

1. Custodial Wallets: Is a crypto wallet in which custody of private key is held by 3rd party and users of these wallets will only have to provide permissions to send any transaction through that wallet account. Eg of these wallets are Coinbase, Kraken etc.
2. Non-Custodial Wallets: Is a crypto wallet in which custody of private key is with wallet user and user will have to manage the private keys. Eg. of these wallets are Metamask, Rainbow etc.

Cryptography

Before going through Metamask wallets account creation process we will go over some of the required cryptography concepts used in this process.

Private/Public keys: Public key cryptography uses these keys for encryption and signing of data, where private key allows user to prove the ownership of message/asset.

Secret recovery phrase: It is also known as seed or mnemonic. It is a list of 12 or 24 random words created using specification BIP39. BIP39 specification mentions use of this mnemonic to recover private key of an account incase of loss or compromise. Each word of mnemonic is associated with integer value which then used to create a integer form of mnemonic or seed phrase which is used to generate public/private keypair.

Metamask

Image Source: https://github.com/MetaMask/brand-resources

To use any decentralized applications wallet is required and Metamask is such a hot wallet which allows user to interact with these applications and hold private keys. Metamask is a non-custodial wallet and comes in form of browser extension or mobile app.

Hot wallets are wallets which are used from internet connected device i.e. basically stores your keys online.

Account Creation Process

When Metamask browser extension or mobile app is installed the following account creation process takes place:

1. User is provided with secret recovery phrase which must be stored securely. User will be asked to create a password.
2. This recovery phrase is converted to integer seed value.
3. Integer seed value is used with SHA256 hash function to create a private key of default account also known as root/master account.
4. Public key of this master account is created using ECDSA algorithm.
5. keccak256 hash is created from public key and last 20 bytes are selected and “0X” is prefixed to create a account address of master account.
6. Metamask will use password created in step1 and symmetrically encrypt the private key and stores in browser storage.
7. Metamask is a HD wallet which then uses this root/master account private key to create additional account’s public/private key and follows step5–6 to create account address and encrypt private key.

Metamask Features

Metamask provides all the features required to carry out crypto currency transactions.

1. Ease of use: User can create a wallet anonymously without going through KYC process.
2. Security: Each of the private keys are encrypted symmetrically using user provided password and stored in browser storage and never leaves this storage.
3. Backup/Restore: Secret recovery password is used to restore the wallets when user wants to switch between devices/browsers.
4. Buy/send/swap: These are the primary operations that user can initiate from their wallet. It allows buying of tokens with two payment gateways Wyre and Transak.

Conclusion

• Metamask must be used in separate browser and should be locked after sending the transactions from it, so as to keep keys secure.
• Recovery phrase and password should be stored securely. For holding larger amount of crypto currency, hardware wallet with Metamask should be preferred.
• Every Metamask wallet when installed comes with API key which is used in RPC URL for connecting to infura nodes and using these API keys one can deduce that all accounts belong to same user and same wallet. To avoid this one can try to use a different device or reinstall app before sending transaction from different account.