@alymadhavjiAly Madhavji 穆亚霖
Managing Partner at Blockchain Founders Fund and LP at Loyal VC
There are many different methods to verify a user’s identification. Although the management of authentication and active sessions has come a long way, simple password authentication has not been able to provide sufficient security to support the rapid growth in data, advancements in mobile and cloud technologies, and increasing volumes of security breaches.
Exposure of session data is only one example of where this authentication method can fall short. After a user password is authenticated, the user is exposed to a brief period of vulnerability where session data can be copied or stolen.
Blockchain uses a public-key cryptosystem for identification rather than a traditional username and password process. Using a public-key cryptosystem for identification is not a new concept. RSA or Rivest-Shamir-Adleman was created and adopted in the 1970s by US government institutions.
RSA was made available to the public in 1997. RSA algorithm allows data to be encrypted by a private key and decrypted by a public key. A private key first encrypts data, then sends it to the receiver. The receiver decrypts the data using a public key.
This method protects private keys unless the user accidentally exposes their private key.
Blockchain systems with private-public key systems function the same way. When a transaction is initiated, the requestor’s identity needs to be verified using a digital signature.
Miners use the public key to decrypt the digital signature to view the hash output. Once identification is verified, the miners will validate the latest unspent amount.
Alternative blockchains systems are similar but operate under different consensus mechanisms to ensure that spending is legitimate. For this article, we will focus on authorization rather than consensus models.
Private Key plays a significant role in blockchain
The private key is the most crucial piece of information to identify a user’s action. People holding large amounts of cryptocurrency may have a fear of losing, misplacing, or unintentionally divulging their private keys.
The custodian key management system was created as a solution to this problem. This system uses a third party, or encryption key management provider to manage keys.
Hackers scavenging public data leaks and running mass malware programs scouring the internet and devices for private keys poses another threat.
The encryption key management provider incurs the responsibility of thwarting attacks, ensuring redundancy and availability, and making this experience seamless for customers.
The provider helps offset risk and takes on the responsibility of maintaining the integrity of its systems to ensure that malicious actors are not able to compromise or access user data.
Decentralized banking is a concept construed in the wake of cryptocurrency. Decentralized platforms should provide individuals the power and ability to store, spend, and account for their own finances without a third-party such as a bank or government.
How is an encryption key management provider different from a bank? Will the government interfere or suspend operations such as court orders?
What jurisdiction should the custodian provider operate under and standards and standards and regulations are needed to govern these entities? What are the implications for the customer?
The story of Quadriga is an extreme case where the custodian management system went wrong. Quadriga’s customers were prevented access to their own assets. January 2019, at the time when the Canadian exchange was under legal scrutiny, the CEO, Gerald Cotten, was pronounced dead.
At the time, Quadriga was managing keys that accessed $195 million in Bitcoin and other cryptocurrencies, all of which resided in a password encrypted cold wallet on Cotten’s personal laptop. Cotten was the only one who could have accessed the assets.
The company shut down because of a single point of failure. Quadriga is the third-largest mysterious loss in the history of cryptocurrency.
Governance and succession plans should aim to eliminate all single points of failure and consider internal controls and management processes for handling client assets.
Are there better solutions for public-private key management?
It starts with how a private key is generated. The generation of private keys is even more important than the actual key itself. If a private key is based on a random set of numbers, then the actual number itself can be difficult to memorize.
This is why a seed phrase is used to generate a pseudo-random number when a wallet is created.
A private key looks like:
body mystery artist mixture mother slow treat resource annual cat rebuild olympic
which is the seed that can be used to generate the private key.
What can be done to make transactions even more secure and keys safer?
Adi Shamir, the co-inventor of RSA, developed an algorithm, popularly known as Shamir’s Secret Sharing, to divide secrets into parts assigned to different users. This is known as multi-signatures, where a specified amount of keys are required to sign a single transaction.
Shamir’s secret sharing splits the private key into shards. The key can be recreated when the minimum number of shards are present. The least number of valid shards to recreate the secret or private key is called the threshold number.
If the shards are presented individually, then they are useless because no action will be taken or performed. No information can be accessed with the individual shards by itself.
To create an action, when the valid shards are greater than the threshold number, then there is an action to recreate the secret private key to initiate a response. Multi-signatures are a crucial component in creating a decentralized system where autonomous bodies own different permissions and delegations.
To demonstrate this, we shall split a random number into 7 shards and use at least 4 of those shards to regenerate the random number.
Given that most general blockchains use public-key cryptography to define their identity with random numbers, where random numbers are used
extensively to create key pairs and humans are inherently terrible at coming up with truly random numbers, then we can arrive at a random number by rolling dice with a haptic movement or by random sequences on a keyboard rather than conjuring up a number by thought which is likely predictable by someone else if it’s memorable in any way.
This underlying principle for asymmetric key cryptography is blockchain agnostic. Any blockchain using random numbers at its core to generate asymmetric key pairs can use Shamir’s secrets to mitigate risk and provide a better and safer experience for its users.
In this example, we use Grempe’s secrets.js repository to test out Shamir’s secret mechanism. Key pairs can range anywhere between 128 to 4096 bits.
Generates a random number
const randomNumber = secrets.random(64); Returns: 223744e2c3c5b9c0
Split the random number into X shards: 7 with a threshold of 4
const shardArray = secrets.share(randomNumber, 7, 4); Returns: [ '801fb99c927eff4e03958103c8e2da9a84c', '802d07658f70fbf675819dd7f7a56d64dbe', '803a30f89313da55c760f2036c834466b69', '804239436380b8f66326c3acaec9b44b865', '805cf77af631025667e63fb147e7a1a1b2e', '806c7b1ae94a21397db104e64ca1ae4e9f9', '807a3b22f2e64574c8173558b8677467de9' ]
Recreate the randomNumber using the shards
const resurrect = secrets.combine([ 804239436380b8f66326c3acaec9b44b865', '805cf77af631025667e63fb147e7a1a1b2e', '806c7b1ae94a21397db104e64ca1ae4e9f9', '807a3b22f2e64574c8173558b8677467de9' ]); Returns: 223744e2c3c5b9c0
Multi-signatures are native to Bitcoin, Ethereum, and most existing public blockchains. Multi-signatures require all required parties to sign a transaction before a transaction is approved.
Blockchains require the signatures to be proven on-chain to the miners within the network. However, multi-signatures can also be validated off-chain.
Shamir secrets can be implemented at a product level, decoupled from the blockchain itself. This makes it significantly cheaper since the validation of user authorization is happening in two places – the custodian and the miners. More signatures imply that the transaction has a greater size.
Miners are incentivized to maximize fees thus fitting as many transactions as they can into a block. Given that block sizes are restricted in bitcoin, miners would likely optimize for smaller sized transactions with higher fees.
Shamir’s secrets can be used for recreating independent private keys that may or may not be private keys involved in signing a multi-signature transaction. Combining Shamir’s secrets, Hierarchical Deterministic (HD)
wallets, and multi-signature creates a hierarchical architecture where autonomous bodies own permissions and delegations.
One beautiful example of this implementation is in the Casa keys wallet. They implement 2/3 and 3/5 multi-signature wallets. This is in coordination with multiple hardware wallets and Casa holds a set of keys in case of emergencies.
People can store their keys in different places to minimize the risk of theft and loss. Casa is used by a lot of people that own bitcoin worth over $100K USD or more.
This minimizes the risk by a huge margin since people are less likely to be targeted, coerced, or phished. To unlock the funds, not only would one have to attack all points, but they would also have to unlock your hardware wallets that can be protected by pins or stored securely.
One would have to use a single set of keys and guard it with their lives. If at all they did use multi signatures, they’d have to rely on someone else to act with integrity else they’d be locked out of spending their own crypto. In extreme cases, they might even be victimized after relying on someone.
Now people have diverse options to store each of their keys. A common pattern is one at work, one at home, one on your laptop, one on your mobile and one with Casa.
If at all someone had to target and attack you, they’d have to get at least three of the five separately stored keys. This would make the whole process challenging for the perpetrator. Also, given that the hardware keys can be encrypted and set to erase after a failed number of attempts, the perpetrator is less likely to attack someone using another infrastructure.
In Casa’s wealth security design protocol, they store minimal data about the customer and support pseudo-anonymous addresses and names granting their customers a whole new level of privacy that cannot be summoned by governments and other legal agencies.
Casa’s intuitive process makes it effortless to swap out keys if some are lost or irrecoverable which reduces the number of attack vectors.
Encryption and security are vital in the ownership of cryptocurrencies. Traditional ways of identification such as usernames and passwords have proven to be high-risk and prone to hacks and loss. Therefore, it is imperative to utilize infrastructure and processes that provide decentralized and fragmented encryption. After all, your digital assets are
as safe as you keep them.
Aly Madhavji 穆亚霖 is the Managing Partner at Blockchain Founders Fund which invests in and venture builds top-tier startups. He is a Limited Partner on Loyal VC. Aly consults organizations on emerging technologies such as INSEAD and the UN on solutions to help alleviate poverty. He is a Senior Blockchain Fellow at INSEAD and was recognized as a “Blockchain 100” Global Leader by Lattice80.
Aly holds a Master of Global Affairs as a Schwarzman Scholar from Tsinghua University (清华大学), a Master of Business Administration from INSEAD (Singapore and France), and a Bachelor of Commerce with Distinction from the University of Toronto.
David Zhao is the Co-founder and CTO at InnoDT which delivers trading advantages for hedge funds and insights for financial institutions and regulators with its advanced blockchain analytics platform.
David has more than 20 years of experience in software development and manages a team of developers to create tools to analyze crypto assets including their movement, consolidation, and clustering among others.
Previously, David was a lead architect for Kantar where he led the global strategy of the business and the technical innovation vision. He was responsible for maintaining all aspects of the product’s technology infrastructure and managing a team of senior developers.