Solving Key Management: A Conversation with Cubist CEO Riad Wahby
Brave New Coin spoke with Riad Wahby, the CEO and co-founder at Cubist, a new company focused on key management solutions for Web3. The company was started by Riad, his co-founder, former fintech COO, and fraud prevention expert Ann Stefan, and two other Computer Science and Engineering professors from Carnegie Mellon and UC San Diego.
Introduction and background
Hi Riad. Great to meet you, what’s your background, what have you been doing in the lead-up to co-founding Cubist?
“It starts with electrical engineering. A long time ago, I realized I like to get into the guts of things. And so I ended up as an integrated circuit designer and spent ten years designing chips. I was friends with a computer science professor. And he told me about these new things called zero-knowledge proofs. I ended up quitting my job to go to grad school and work on ZK proofs, then U ended up at Stanford, did my PhD there, and worked on all sorts of interesting cryptographic protocols that had to do eventually with Web3. So this was at the start kind of before people cared about ZK proofs, before people thought about using roll ups and all these sort of amazing technologies that really seem now inseparable from Web3. But at the time it wasn’t like that. Anyhow, then at the end of grad school, I was applying for academic jobs. I was fortunate enough to end up as a professor at Carnegie Mellon, so I get to teach and do research on cryptography, ZK proof stuff like that.
And then at the same time, some of the folks that I knew from grad school that I’d been doing research with for a while, we talked about oh, geez, we’ve done some interesting research here, and it seems like it would be great to kind of put it together and put together a product, and Web3 seemed like the right place to do that. And so my co-founders, Fraser and Deian, were both like me, we’re PhD students at Stanford, and then we ended up starting Cubist, thinking about the cool technology that we could build. But at some point we realized, well, we’re three nerds, we don’t know how to build a business. And so our co-founder, Anne, was kind enough to join us. She’s a fintech veteran, she was a COO of a company for a long time.”
Identifying the problem
And so when you started Cubist, what were some of the problems that you identified and what were some of the solutions that you thought Cubist could provide for the Web3 industry?
“We started with a developer centric vision, a developer’s viewpoint that was like, well, what can we do to make life easier for developers? And we had all these crazy ideas that we thought could make the programming so much better for building smart contracts and DeFi applications. And as we kind of dug into this, really encouraged by Anne who as I said, kind of is the one who knows how to run a business, she said you’ve got to talk to customers, you’ve got to make sure you’re not just imagining this problem.
And so we did. And we heard over and over again the same thing as you talk to people in Web3. I think it’s an open secret that the actual problem that people have in almost all cases is what do you do about the keys? So this is an interesting question because why are we focused on keys in the first place? Well, to me, one of the primary distinctions between Web2 and Web3 is the fact that everything you do in Web3 is mediated by cryptography, right? If I want to post a transaction, if I want to interact in any way with a blockchain, I’m generating a signature on some message and I’m sending that message. Right? So every identity is really a cryptographic key. Every message is really a signature on a message.
And so your keys are your interface to the world. And what we found was that people were having real trouble with that interface. So we talked to companies that had one laptop with all the keys on them and one person in charge of that laptop. And if that person was out on Thursdays, then nobody got anything done. Or we talked to other companies where it was like, well, we can’t afford to have a bottleneck, so everyone’s just going to have copies of the keys and we better pray that they don’t somehow get hacked. And it seemed like this was kind of a stark example of this trade off between security on the one hand, and convenience or usability on the other. And I think as we looked deeper and deeper, we saw this everywhere.
So if you look at the way that people think about wallets today, you have people who are very much on the sort of extreme security end of the spectrum, where they’re like, well, I’m going to have my ledger. My hardware wallet. I’m going to write down my seed phrase on some metal plates and bury it in my backyard. And I’m going to interact with my ledger only on a computer that never connects to the Internet. Okay? All these sorts of measures, right? And the result is that if you want to do anything, it takes you 30 minutes to get something done. And then on the other end of the spectrum, you have folks who are like, look, I just need to get stuff done. Whatever technology will get me there the fastest, that’s what I’m going to do.
And unfortunately, that technology that gets you there the fastest until this point really has been a total sacrifice in terms of security. And I think, unfortunately, most people are making that sacrifice. Most people are choosing convenience because frankly, you just can’t ask people. You can’t say to somebody, look, this is a brand new space. This is an amazing set of technologies, and it’s so advanced that the user experience sucks. That’s not a convincing story, right? You can’t tell somebody that they just have to suffer because of how advanced the technology is, because that’s just a terrible message and it doesn’t fly, right? So I think instead what you have is people just sort of giving up on security.
And that, to me, is a disaster because the space can’t evolve until we can have a good user experience and at the same time, good performance and good security.”
The CubeSigner solution
That’s extremely well articulated, Riad. So you’ve laid out the current state of the crypto user experience and the various trade offs that people have to make between ease of use and security. And the reality is, a lot of people in the crypto ecosystem, it’s hard not to have that nagging feeling at the back of your head sometimes. Are my assets as safe as they could be?
So you guys have just released a new wallet-as-a-service product called CubeSigner to help with this right?
“Yes, that’s right. So CubeSigner is designed to smash this trade off. You shouldn’t have to choose between security and performance and convenience. So our approach here is a combination of things. So, first of all, our team are security focused people, industry and academic veterans. So we’ve been thinking about problems like this for a long time. And because of that, we’ve seen a lot of systems that make the wrong trade offs. And I think once you’ve seen enough counterexamples, that helps you to find the good way to go.
And so in this case, one of the things that we decided early on was the state of the ecosystem right now is such that the right way to go is to build on top of secure hardware. So that means using the same sort of underlying technologies that power banks, that power ecommerce, that secure the entire web2 ecosystem and building on that technology but leveraging it for web3. And so what that means is you get great performance and you get really fine grained control over who can do what. So what our system does is it lets us offer to the customer the ability to generate tons of wallets very quickly, to set policies on those wallets, to say, this wallet can only be used to pay to interact with these five smart contracts.
Or if you try to send a payment above a certain amount, you need multi factor authentication or policies like that, policies that kind of make sense, right. The kinds of things that you expect to see on, say, a credit card. This looks like a fraudulent transaction. Maybe we’re going to push pause and wait until somebody can sort of confirm it, a human being can confirm it, and that sort of thing, which is natural in the credit card ecosystem and in the web2 ecosystem more generally, but not something that we tend to see in web3. I would say that combination of security professionals, and then Anne, our COO, who’s got a background in fraud prevention, and putting those things together.
We were able to come up with a system that gives you something that looks much more like a Web2 experience. Okay, so now that you have that, what does that mean? Well, what it means is that you can do things like build end user wallets that give you a normal Web2 workflow. Like, I log in with Google, maybe I do some kind of multifactor authentication, whether it’s Google Authenticator or a UB key or whatever it might be. And now I’ve got access to my wallet, right, and there’s no seed phrases. So that means you log in, there’s no waiting 10 seconds for the login screen to go away. It happens very quickly.
So by bringing those natural workflows in the web2 space, by bringing those to web3, I think what you’re going to see is that more and more users who are frankly turned off by the kind of bleeding edge kind of state of web3 right now, will come into the ecosystem. To me, that’s the way we have to evolve. We have to evolve towards more users who aren’t just there for the fact that it’s a bleeding edge who aren’t just there for speculation, but they’re there for real functionality.
They’re there to use something that they want to have on a day to day basis and we don’t have to get them to change their computing lifestyle in order to do it.”
What you’re talking about is a common theme at the moment across Web3. The idea that for the next adoption cycle, what is needed is that kind of classic Web2 user experience except on Web3 rails. So I suppose the simplified way of explaining that is you’re abstracting away some of the cryptographic functions as much as possible with a clear focus on making the experience as simple and seamless as possible. Do you think that is going to be the characterising feature of the next wave of Web3?
“Absolutely. I think that’s probably the single most important thing. I think one thing that’s easy to forget, especially for folks who have been in Web3 for a while, is it’s pretty easy to forget just how hard it was for those first couple of weeks that you were using Web3 technologies, right? You’re going to whatever it is, you’re finding a medium post or you’re digging through forums to figure out some esoteric command to make the thing work, right? And I think a lot of people had that experience and then somehow there’s this amnesia effect where you just forget. And part of that is just that. I think most of the folks who are in Web3 now are fundamentally kind of bleeding edge early adopters, right?
And so I think it’s hard for a lot of us to look at folks who are not early adopters and to understand their perspective. And I think fundamentally this is about getting over the hump of getting from sort of an ecosystem that really is focused almost exclusively on early adopter type folks and moving into an ecosystem that’s focused on kind of everyone else. Right? And I think we’ve seen a lot of this happen in the past, right? I don’t know, the first time I had an internet connection was sometime in the early 90s. And it was an interesting experience, right? It was tough.
Culturally we’ve now evolved to the point where everyone kind of has this common knowledge, everyone basically knows, and you’re just not an early adopter anymore if you’re using the web, you’re just like a normal human being. Right. But we’re not at that point yet in Web3. And I think fundamentally the most important part of that is getting to the point where you don’t have to know a bunch of weird technical jargon to get anything done.
So I think getting to the point where you don’t have to throw jargon at people in order to get them onboarded, that’s a huge thing. And then I think the other thing, and this is going to go hand in hand, is we’re going to see more and more applications that are actually about day to day experiences and not about speculation.
So whether that’s using an NFT to get into a sporting event or getting an NFT as an adjunct to my physical movie ticket, and then maybe that unlocks some collectibles or whatever it might be, this is an experience that everyone actually has that people use on a day to day basis. And if we can get to the point where it’s totally natural to do these sorts of things, and the fact that it’s powered by Web3 is not front and centre. It just happens to be the technology that’s when we’re going to be successful again. If I tell my dad, well, when you go to YouTube, you’re using this protocol called Quick, he says to me, Well, I don’t care. I just want to watch some videos on YouTube.
So getting those people to be able to build great experiences for their customers by giving them an API that’s performant by default and convenient by default, and most of all, secure by default, that’s the driving motivation for our product.
To learn more about Cubist and CubeSigner
—
Planning your 2024 crypto-media spend? Brave New Coin’s combined website, podcast, newsletters and YouTube channel deliver over 500,000 brand impressions a month to engaged crypto fans worldwide.
Don’t miss out – Find out more today
