Tenets

Practical Decentralization

In EthSign 3.0, we strived for maximum decentralization by entirely relying on a decentralized tech stack, the most prominent example being statically hosting our web content on IPFS nodes. However, even though IPFS was released in 2015, its stability and accessibility still leaves much to be desired in a production environment. Sporadic outages and poor reachability in regions outside of North America and Europe caused us tremendous headaches and forced us to rethink our approach to decentralization. Although we champion the spirit of decentralization through and through, it's simply not ready for production use yet.

In our upcoming EthSign Signatures, we opted for a more practical approach to decentralization so we can maximize product usability while maintaining decentralization. On one hand, we actively host our web content on both IPFS and Arweave on their respective subdomains (ipfs.ethsign.xyz and ar.ethsign.xyz) to promote decentralization. On the other hand, we also host the same web content on AWS to boost accessibility in challenged regions on our primary domain (ethsign.xyz and www.ethsign.xyz).

Optimizing Intent and Consent Capture

What does signing a document mean, really? Usually, it means agreeing to a set of terms outlined in the document and leaving behind proof if disputes arise in the future. If we were to simplify it even more, the act of signing, fundamentally, is capturing intent and consent. Intent is captured by the signing document and consent is captured by the signer's electronic signature. To keep track of a valid signature, we only have to store identifying information regarding the document and a proof that proves the signature is indeed generated by the aforementioned signer.

Thus, in the context of a smart contract, two key pieces of information that we must store are the unique identifier that would point to the signing document and a cryptographically secure proof of signing. In previous versions of EthSign, we opted to place document hash, raw elliptic curve digital signature of signers, and the entire history record of document changes and past signatures directly in our smart contract storage. This, however, proved to be catastrophic in terms of gas consumption.

In EthSign Signatures, we aggressively optimized our approach to information storage to reduce gas consumption. Firstly, we no longer store raw ECDSA signatures inside the smart contract. We have, however, gated our record-keeping data structure so that it can only be modified if the signing action can be authenticated via EIP-712 compliant ECDSA, thus capturing consent via cryptographic verification. This not only greatly reduces storage used since we no longer store a string for each signature, but it also improves intent capture as EIP-712 provides much more context to the signature compared to our previous approach using personal_sign. Secondly, we no longer explicitly store past states of documents and signatures in smart contract storage. Instead, they are emitted as Solidity events as they consume much less gas compared to explicit data storage. They are then captured by our subgraph, powered by our partners at The Graph. We have also added support for signing order, which enables the uploader to specify a signing order between different signers. This added piece of information is stored with other relevant attributes and tightly packed into a single uint168 for maximum storage efficiency. Signing documents themselves are stored on Arweave via Bundlr, a permanent storage solution compared to IPFS supports paying for Arweave storage with other tokens such as MATIC. Last but not least, we are rolling out our Keyless Encryption feature on day 1, enabling native encryption and decryption using encryption keys derived from the user's private key*. This is a huge step towards usability and security, as documents are now locked to a signer's wallet instead of anyone who holds the AES key, which also naturally eliminates the need to memorize and communicate passwords (which generate the AES key).

All the above measures have resulted in a 9x reduction in gas consumption while having no negative impact on the integrity of the product and adding new features.

*Keyless encryption is available for supported wallets only. Currently, only MetaMask supports in-wallet encryption and decryption.

A Fresh, Streamlined Experience

To be frank, EthSign 3.0 was conceived without extensive research. It was more or less hacked together by an extremely small but talented team to build what we thought was important and useful. After its launch in June 2021, we continuously listened to user feedback throughout its lifecycle and conducted extensive market, competitor, and user research. We have come to understand the pain points and true needs of our users, and have been able to trim away much of the bloat that turned out to be irrelevant. EthSign Signatures has been designed with all of our feedback and research in mind to provide the most lightweight and streamlined signing experience on the market.

Technically, EthSign Signatures has also been rebuilt from the ground up. We decided to start over completely to build a product that was easily maintainable, upgradeable, and utilized the best programming practices to accommodate concurrent development between developers of an expanded tech team. Jumping from JavaScript to TypeScript and redefining our PR review process are just the tip of the iceberg regarding the complete revamp of our technical development process. The smart contract has also been rewritten from scratch and gone through various audits. You can find the audit reports here.