Skip to content

Welcome to Security Lab's documentation

Quickstart

Our SDK is currently organized in two main libraries: The base functionality in our Base SDK library and specific front-end components for React in our React SDK library.

For code integration with our Base SDK, you can start by looking at our guides:

For a specific guide about our front-end react SDK, look at our

For explanation of our technology, see here. Or have an even deeper look with our whitepaper.

What's Security Labs? A little bit of history...

TL;DR for those in a hurry
  1. Security Labs abstracts private key management with a permission-less peer-to-peer network, allowing users to use private keys across several devices and dApps.
  2. Solving the private-key management problem (in a non-custodial way) is an unavoidable obstacle to Web3 widespread adoption: An expected, but still non-trivial, infrastructure revolution we are leading.
  3. We have over a year of research on distributed secure storage for sensitive data and have developed our own general framework, SCAS (State-change authentication schemes), for authentication methods compatible with our protocol, which include all usual authentication pipelines which don't require users to remember a password or seedphrase (biometrics, hardware-based, behavior-based authentications).
  4. Token Bound Accounts (TBAs), which are NFTs which are also smart contract accounts, has allowed us to study wallet-usage pain points further, as well as showing an even bigger need for better private key management, since they present a large and rich set of use cases as "portable digital profiles", making losing private keys even a bigger issue for the future of on-chain identity and NFT ecosystems.
  5. Security Labs is leader on the TBA market, representing more than 60% of the deployed and used TBAs on Polygon mainnet, with more than 160k TBA wallets.

Security Labs (sLabs) protocol is a permission-less peer-to-peer network for cryptographic tokens (more on our concepts overview), which is a really specific way of saying: We protect and retrieve private keys without having them, by using a decentralized network. This not only allows users to mitigate wallet-loss and theft risk, but also provide a seamless dApp experience across devices and platforms without even knowing what a private key is.

A simplified version of how we do it can be summarized as:

MPC-based multisig without the burden of finding where store the shards, by storing them distributively on a permission-less and trust-less network whose security scales as it becomes more decentralized, by leveraging unpredictable traffic mixing with ephemeral time-based mix networks with entropy injection.

Further details can be explored on our whitepaper, which gives the theoretical foundations of our research to create a general enough authentication framework with decentralization-driven security as a core property; that is one of the results of our first year of research about the topic.

Our initial interest in tackling the private key retrieval problem stems from experiencing (a little too much...) the classic and obvious web3 infrastructure problem:

Usability (not only onboarding) suffers from complex message signing and high risk to lose your assets if not mindful enough.

Both of these problems originate from expecting the user to know "basic" key management practices (or accepting a custodial solution...), limiting in the process Web3 ecosystem's capacity to scale to widespread adoption. Even what could be considered basic knowledge on Web3 ecosystems, should not be a requirement for the general audience to know before using a Web3-based product and being burdened by it only shows how Web3 still is in its infancy; albeit not for much longer.

Technology infrastructure revolutions have almost always come in the form of improving ease-of-use for some underlying powerful but complex technology by abstracting it to not require specialized expertise (web browsers, DNS servers, cloud storage syncing, etc.). Web3 is not exception. Key management abstraction is a natural cornerstone to achieve usability in dApps, and it MUST be permission-less and trust-less for it to be usable and general enough for any future dApp and still preserve decentralization benefits (autonomy of data, privacy, etc.)

To study the impact and market demand for our product, as well as to test hypotheses after our initial research, we embarked into the newest emerging technologies in the space, and found a perfect fit for one of our core objects we have been researching: On-chain identity/personality, through Token Bound Accounts (TBAs).

TBAs have deep expressivity capabilities, as briefly discussed on our concepts' page, and additionally, represent on-chain personalities (smart profiles, as we named them) which would be great to link with an intuitive decentralized identity, ideally managed with "web2-like" authentication. This is exactly what we do.

After entering the TBAs market, we have already captured more than 60% market share on Polygon Mainnet, with more than 160k TBA wallets within just 6 weeks, proving not only the massive interest of the ecosystem around TBAs' capabilities, but also their interest in our project.

Today, Security Labs still is innovating and building to lead the infrastructure revolution we all need to make Web3 truly usable, accessible and scalable.