[Investment] Torus: Gateway to Frictionless Login & Authentication on Web3 Applications
1. Abstract
Torus provides an open-source, non-custodial, and blockchain-agnostic private key management for Web3 applications. By splitting each private key into multiple “shares” which are securely distributed and stored across its dedicated network, Torus enables seamless login and private key recovery, serving as 2FA for non-custodial wallets. Ultimately, Torus aims to make digital ownership and identity human-centric and accessible to everyone.
2. Value Proposition
Interacting with Web3 applications (decentralized applications, dapps), or even simply storing cryptocurrencies in non-custodial blockchain wallets often comes as a stressful experience to a majority of users. On the contrary, signing into Web2 applications such as Gmail, Medium, or PayPal is as simple as entering the username and the password set by the users themselves. Another key advantage of Web2 credentials is that they’re recoverable. Simply put, losing your PayPal password doesn’t mean that the assets on your PayPal account are lost forever. As long as you can prove your identity, you can retrieve or reset your credentials.
Unfortunately, that has not been the case for non-custodial blockchain wallets that are used to sign into Web3 applications, as convenience has been sacrificed in return for decentralization. Users who create an account on a blockchain wallet to interact with dapps are responsible for each storing a “private key”, which acts as an unrecoverable password to a virtual vault that holds your assets on the blockchain. Not only are private keys unrecoverable, they are unchangeable, meaning that a hacker would have as much control over your wallet and your assets as you do once running into a file or a network packet that contains your private key.
The explosive growth of the crypto ecosystem in terms of total market capitalization has resulted in remarkable growth in the number of unique blockchain addresses. As of January 2022, over 180,000,000 addresses exist on the Ethereum network. The rise of DeFi applications and NFTs has had a significant influence on the increase of demand for non-custodial wallets. Setting up a non-custodial wallet is a simple process, as no personal information is required. However, keeping it secure can be a rather complicated task. The above-mentioned private key or the backup phrase (a set of human-readable words that can be interpreted into your private key) is required when signing in to your wallet from a new device. Contrary to Web2 credentials, both the private key and the backup phrase are randomly generated, causing them to be near-impossible to memorize. This forces owners to physically write them down on a piece of paper or save them on electronic devices. Both options are rather unfavorable, as they’re vulnerable to exposures that could result in loss of funds.
We at Terabyte believe that the inflection point of mass adoption of blockchain is imminent, and the secure private key management solution along with the seamless user authentication infrastructure that Torus is building will be a game-changer for Web3 application providers and users.
3. Torus — Passwordless auth meets private key management
Torus is a passwordless authentication and private key management platform that provides the most simple and secure one-click login experience for Web3 application providers and users. Its product, the Torus Stack, is divided into 4 different components: Torus Key Infrastructure, CustomAuth, Torus Wallet, and OpenLogin.
Torus is powered by the Torus Key Infrastructure, an open-source, globally distributed network of nodes that is maintained by some of the largest players in the blockchain ecosystem including Binance, Polygon, Etherscan, and Tendermint. The Torus Key Infrastructure leverages state-of-the-art distributed key generation (DKG) technology to ensure that data stays private and secure, and completely non-custodial while optimizing user experience. As briefly covered in the abstract, Torus splits a user’s private key and stores it in its network as “shares”. Once a private key is split into multiple shares, a user may recover it if he has access to more than half of the total shares.
The distributed key generation tech of Torus leverages the Asynchronous Verifiable Secret Sharing (AVSS), a variant of Shamir’s Secret Sharing. Shamir’s Secret Sharing is a concept commonly used by most DKGs. The following is a high-level overview of how Shamir’s Secret Sharing works:
Suppose that there’s a line on a graph in which the y-intercept holds the secret (in our case, the private key), and the A, B, C coordinates on the line each represent a share. Now, let’s assume that the line has been erased and you’re trying to reconstruct the line to locate the y-intercept to retrieve your secret. As long as you have access to 2 out of 3 coordinates, you can reproduce the line safely locate the y-intercept. The same logic can be applied to higher powers of x to add additional layers of security to your secret by producing more shares.
By default, Torus splits a user’s private key into 3 shares: a device-specific authentication (e.g. biometrics on your mobile device), a login service provider (e.g. sign in with Google, Facebook, or Twitch), and a recovery password. The nodes on the Torus Network enable you to securely reconstruct and retrieve your private key once you provide more than half of your total shares.
CustomAuth enables Web3 application providers to interact with the Torus Key Infrastructure with an SDK. As a blockchain-agnostic service that supports both web and mobile applications, users can seamlessly sign into dapps with the most commonly used social network accounts including Google, Facebook, and Discord. CustomAuth gives developers the ability to freely customize their authentication flow while fully leveraging the security and the convenience offered by the Torus Key Infrastructure. Torus offers a diverse set of SDKs for developers wanting to integrate CustomAuth into their applications.
Torus Wallet is the native wallet application of Torus. In a nutshell, Torus Wallet is a highly-improved MetaMask with social account and biometric login features. Torus Wallet enables users to connect with any EVM compatible blockchains, purchase crypto with fiat through third-party providers, and view NFT collections. Another unique feature of Torus Wallet is the Account Resolver. Instead of copying & pasting a long and complex blockchain address, Torus Wallet allows users to input Gmail addresses or social IDs in the recipient’s address when sending funds.
With its delicate UI/UX and a seamless integration process, Torus Wallet is becoming a popular option for Web3 applications. Torus goes above and beyond simply providing a wallet to offering a white-label solution for enterprises that wish to fully customize the front-end at a production level.
OpenLogin is an authentication suite that focuses on UI/UX improvement, security enhancement, and simplicity of implementation. Upon integrating OpenLogin, developers get full exposure to social account registration, user data encryption, and UI customization. Think of OpenLogin as an SDK to add an SSO option for application providers, freeing them from having to store the sensitive user data themselves. It’s also worth noting that no download is required on the user’s end.
4. Team
Founded in April of 2018 and based in Singapore, Torus Labs is made out of gifted individuals with professional experience from major tech companies including Visa, Google, Paypal, etc. Led by CEO Zen Yong, the team of 24 people is giving their best endeavors to achieve 3 missions:
1) Remove technical barriers and reduce the learning curve for digital ownership and identity for all users.
2) Provide simple and secure access to digital assets and identity across multiple platforms and applications.
3) A user-friendly and non-custodial approach to managing assets and identity.
5. Partners
300+ applications including wallets, exchanges, and dapp providers across DeFi, gaming, and marketplaces have partnered with Torus to provide a frictionless login experience to over 4 million users. Below is the list of notable partners:
- OpenSea: The world’s first and largest NFT marketplace
- Solana: The fastest blockchain in the world built to enable scalable, user-friendly apps
- Polygon: A protocol and a framework for building and connecting Ethereum-compatible blockchain networks
- Skyweaver: A TCG for owning and trading NFT cards
- Binance Extension: A leading crypto wallet for Binance Chain, Binance Smart Chain, and Ethereum
- Keplr: The first IBC-enabled wallet for the Cosmos ecosystem
- Kukai: A secure wallet for digital assets on the Tezos blockchain
- Starkware: Developer and provider of Starknet and StarkEx — secure, trustless, and scalable blockchain solutions
A full list of partners can be found here.
6. Investors
During the Seed Round in 2019, Torus raised $2 million from some of the highly renowned investors in the blockchain industry including Multicoin Capital, Binance Labs, Fenbushi Capital, and Coinbase Ventures.
We’re proud to announce that Terabyte Capital has invested in Torus Labs (now Web3Auth) during the recent Series A Round led by Sequoia Capital, with other huge stakeholders in the crypto space for a total of $13 million.
7. Conclusion
Despite the intense growth of the crypto space in terms of userbase, legal infrastructures, and market capitalization, the complexity and obscurity of creating and managing a non-custodial blockchain wallet had yet to be addressed. Torus is building the last puzzle to the mass adoption of blockchain that brings interoperability, security, and convenience to Web3 interaction.
By providing our resources and insight, Terabyte seeks to actively back Torus on their journey to revolutionize the status-quo of blockchain authentication by building the most simple, secure, and seamless login infrastructure.
Disclaimer
The content of this post is for informational purposes only. Nothing contained in this post should be construed as investment advice. Terabyte accepts no liability with the regard to the user’s reliance on this content. Investment involves risk.
