Sean Li, CEO
Powered by its decentralized architecture, blockchain is unlocking new opportunities for “transactions” at business and consumer levels with greater transparency, enhanced security, and easier traceability. Notably, the invention of Ethereum has opened up a new era of functional blockchain that fosters the decentralized application (DApps) ecosystem. With the ability to do things that regular apps can’t, DApps, built on Ethereum, are pegged as the new wave of applications.
Today, with a goal to unlatch the potential of blockchain and accelerate the dawn of Web3.0 era, many enthusiastic developers and researchers are increasingly developing DApps. However, these applications are facing numerous barriers to adoption, which stems from technical hurdles to a general setback in user experience compared to any Web2.0 applications.
Sean Li, the CEO of Magic (formerly Fortmatic), had the opportunity to realize these challenges early on in his career as a developer. “The core issue of DApps adoption stems from key management,” says Li. In fact, key management is a crucial and integral trait of blockchain-based applications, involving a public-private key pair that essentially guarantees transparency and information integrity. “However, it can be daunting for typical consumers to get their heads around the ideas of key management and wallets,” Li adds. With this in mind, he established Magic in 2018 to provide a smooth and delightful experience for developers and users in a way that democratizes DApps by making key management, a seamless task.
As Li mentions, traditionally, Chrome extension or MetaMask were the only options for users to interact with DApps. Subsequently, the need to download an additional file kept people away from dwelling more into the world of DApps. Although these tools provide a sense of trust and security amongst users by protecting private keys in a non-custodial way, they are prone to many management and operational complications and errors. For example, people will have to either download hardware wallets like Ledger and Trezor or memorize their private keys. This has limited the reach of DApps to just tech-savvy people, keeping a huge sect of the population away from experiencing the benefits of blockchain.
Magic’s SDK is built to overcome these challenges. The SDK allows developers to integrate their applications with the Ethereum blockchain easily. With Magic SDK integrated into DApps, users can sign up and log in to the blockchain applications by using regular Web2.0 authentication methods such as email or phone number verification. This removes a major barrier in the onboarding process, enabling more users to interact with DApps.
The team at Magic has also strengthened its solution with a delegated key management architecture. “Our patented key management approach uses a trusted third-party service—Amazon Web Services’ (AWS) Key Management Service (KMS) and Cognito—to manage user keys,” says Li. With this, people can use hardware wallets, such as Trezor or Ledger in the cloud, secured by AWS’s data centers. It provides them with easy access to DApps from anywhere, without forcing them to peddle with browser extensions.
Our patented key management approach uses a trusted third-party service—Amazon Web Services’ (AWS) Key Management Service (KMS) and Cognito—to manage user keys
In turn, it opens up a new set of opportunities for developers while democratizing DApps.
The Stride to Enhanced User Experience
Magic’s next-generation key management architecture allows users to directly interact with AWS’ KMS on the client-side, completely bypassing the Magic backend, for encryption and decryption operations. According to Li, this non-custodial architecture boosts trust as it doesn’t allow even Magic to access users’ private keys.
To achieve this, Magic uses Hardware Security Module (HSM) provided by AWS’s KMS and ensures that the entire encryption and decryption operations happen inside the hardware. Users can access their HSMs by successfully authenticating with the Magic relayer to receive a time-bound access token, which is traded for scoped credentials. They can then call the AWS to access their master keys that are stored on the HSM for encryption and decryption.
When a user signs up, a public-and-private key-pair is generated for the user on the client-side inside an iframe. Once generated, the private key is sent directly to the AWS’ KMS, using a service called Amazon Cognito. The delegated key management solution then encrypts the private key. After encryption of the keys with the HSM, the encrypted key is then stored on the client-side iframe. It is also uploaded to the Magic relayer for redundancy, in case the encrypted key on the client-side is wiped out. When users authenticate again, the encrypted key gets downloaded to the client, which allows them to decrypt the private key directly with AWS with all Web 3.0 primitives being done on the client-side.
What makes Magic a reliable partner for developers and users is that the company has removed its permissions to decrypt users’ private keys in order to ensure trust.
Providing New Opportunities for Developers with Infinite Benefits
Within a span of just two years, Magic has served more than 6000 clients in both Web 2.0 and Web 3.0 space, including notable companies such as Democracy Earth, Zerion, and Cent. With its groundbreaking innovation, the company has, in fact, made a significant shift in the way users approach a DApp. For example, traditionally, due to the complexities associated with legacy key management systems, 90 percent of users dropped off during the onboarding process. Collaboration with Magic has allowed developers to fundamentally change the way users interact with DApp, which resulted in an 84 percent user conversion compared to 10 percent with other traditional key management solutions.
Magic’s recent collaboration with TokenSets, an asset management company well exemplifies this value proposition. Being able to deliver intuitive user experience, Magic served as a channel of opportunities for TokenSets, increasing their user conversion, with users consistently logging in. This collaboration brought in overwhelmingly positive feedback from their users. “We have also helped some of our partners to reach out to mobile web users,” adds Li.
With its solution, Magic has also created an environment to bring in the most underserved demography—non-technical users—into the blockchain space. Li recalls a heart-warming story of a father from Indonesia who earned enough money to buy his daughter a bike by posting content on a blockchain-based social network, Cent that collaborated with Magic.
Empowering the Developer Community
At its core, Magic is a fast-paced startup that focuses primarily on building key management solution for developers. As an early-stage company with a developer-first approach, Magic aims at giving developers an increased control over user experience. To that end, the company has launched a new Magic SDK (magic.link), to help developers create DApps without having to manage users’ keys or implement cumbersome authentication logic for blockchain interactions. With a passwordless authentication model, users can log in to the DApps by clicking on the “Magic Link” sent to their email, similar to Slack or Medium. It also allows developers to serve their users without the Magic UI and build a relationship directly with their users.
"Key management is a crucial and integral trait of blockchain-based applications, involving a public-private key pair that essentially guarantees transparency and information integrity"
Magic SDK’s value proposition, to an extent, addresses the issue of DApp developers failing to acquire value, build defensibility, and raise capital. Li says that the wallets that exist between DApps and users suck-out user relationships, brand awareness and trust away from the application. And at the bottom of the application, there are smart contracts and ever-growing protocols that are continually getting enriched. Sandwiched between the wallet layer and the protocol layer, DApps become a thin layer of user interface, which hampers developers from acquiring value and build relationships with users. Magic SDK removes this and allows developers to have end-to-end control over the user experience.
Developers can now decide how to build their wallets and how much to compromise user experience for security, depending on the type of users. “We don’t want to force a one-size-fits-all solution. Instead, we want to provide developers with the necessary tools and flexibility to build the most optimal solution for their user base,” comments Li.
Ultimate Mission: Fostering the DApps Era
By reaching out to more DApp developers and expanding the use cases for key management, Magic takes pride in the fact that its technologies are sowing the seeds for an innovative tomorrow in the blockchain space. Moving along these lines, the company is aiming to extend its footprint beyond the Ethereum blockchain space to support other blockchains, including Bitcoin, Flow, Tezos, and Polkadot. Having a blockchain-agnostic key management solution will also help Magic to have a massive reach in the space by integrating with new blockchain channels and building strong relationships with enterprises. The company is also planning to extend its key management solution into platforms including iOS, Android, and the traditional Web2.0 space with its use of decentralized identity.
On a closing note, Li emphasizes that the biggest advantage of building applications on the blockchain is the ability to tap into the incredible network that it provides and the new business models. “With more developers brought into this ecosystem and provided with the right tools to build DApps, they can come up with several innovative business models that are only possible by leveraging blockchain technology. This is always on our roadmap,” concludes Li.