Introducing Transaction Permissions

Secure, Programmable Transacting powered by Distributed MPC 🔑

Today, we're excited to share a new feature for Capsule that has been a part of our vision since day 1, and one that I've been excited about for a very long time. We're excited to share that Transaction Permissions are now in Early Access!

First, a bit about why this feature is so critical to - and made uniquely possible by - Capsule's architecture and vision:

At Capsule, we often talk about the difference between authentication (proof of ownership of a wallet identity) and authorization (authority to transact from a wallet). In auth-based Wallet-as-a-Service systems, this difference can be very subtle.

In most Shamir Secret Sharing or secure enclave managed systems, authentication often implies authorization, meaning any application users sign into with an embedded wallet is given complete access to your wallet! This property is a direct derivative of key management setups.

This is especially apparent in cross-application or global wallet setups. Simply put: Portable identity is highly desirable, but giving every app access to spend from a wallet is not. Security aside, it may also be desirable for a user to have different levels of access for different types of transactions. A few examples:

1. Playing a game and signing messages/transactions may be fine to do in the background, but pop-ups are desirable for an in-game purchase so the user knows what they're buying
2. Users may want to prove ownership of an NFT for a social network without granting authority to access the NFT itself. Users may want to be able to sign posts to the app without any prompts
3. Authorizing a DeFi app with a limit order to be executed when conditions are met, or authorizing a monthly portfolio rebalancing of earnings
4. Dollar cost averaging into an application
5. Preventing an AI agent from interacting with certain contracts (or the converse, creating a list of permitted actions)

Transaction Permissions

Transaction Permissions make all of this possible. With permissions, a user can log in to any application, and allow the app to only take actions the user approves of - requiring explicit transaction approvals otherwise. These permissions can be changed on any subsequent login.

As mentioned earlier, the key consideration in shared-access systems like this is security. Because Capsule uses Distributed MPC, no single party except the user ever has access to the full key. This means that in all the above cases, an app can initiate a transaction, but does not have the full authority to sign, which is gated by permissions.

Key resharing is also a unique property of MPC that adds additional security to the system. Before a user logs into an application, key resharing occurs – meaning that signing shares and the resulting permissions are cryptographically isolated to that application and session. The Capsule system takes several steps forward on the status quo, and we're excited to see what this enables for secure, global transacting- more to come on this topic.

We’re excited about building these use cases in tandem with our customers and users. If you're excited about accessing Transaction Permissions in your app, we’d love to chat and get you set up!