The Private Key to failure – Spatium
Any journey to the world of cryptocurrencies starts with the study of what is private and public keys. The use of a private key as the only authentication factor to access an address on blockchain is one of the basic and oldest concepts in the crypto industry. It was a simple and elegant solution at the moment of the Bitcoin’s whitepaper release. But what was meeting requirements of cypherpunks community in the time of the first experiments with the digital cash, will not meet them in the era, when crypto industry receives millions of dollars in investments and the number of users grows each day.
Most technological approaches in the blockchain industry have completely changed in the last decade: for example, the concept of a Crypto Wallet has evolved from a single «wallet.dat» file in the distributive of the Bitcoin’s client to a complex Web3-browsers like Trust Wallet or hardware security modules (HSM), integrated into smartphones. But the concept of the private key as the only authentication factor to access an address on a blockchain hasn’t changed since Satoshi. The difficulties related to the management of such private data have already caused a lot of problems in the crypto industry.
In our first article, we will discuss those problems and why it is time to take steps to more secure and flexible solutions.
In a fast-changing IT-driven society the convenience of physical and software UX of the product is one of the leading factors to use it. And this is one of the main problems of the private key on the way to mass adoption — for most users as well as the business it is a too complex method to interact with a blockchain. Let’s explore:
- Falls from usual web experience. Users are accustomed to a combination of login and password as a way to access their apps every day. The private key, which comes with a set of rules of how to manage it, instantly discourages most people when they start learning how to use it;
- Hard to remember. The private key is a long alphanumerical set of characters, which is almost impossible to remember. Can you please remember this for me: E9873D79C6D87DC0FB6A5778633389F4453213303DA61F20BD67FC233AA33262?
- Complex backup. As it is really hard to remember, everyone (even if they have remembered it) will make a copy and will try to keep the private key somewhere online or offline in a safe place. But the problem is that people can lose their backups, forget where they left them. Those copies could be accidentally or willfully destroyed. And this is without mentioning how important it is to provide the highest level of security to every backup you make. Because once someone gets access to your private key — he has access to your funds.
- Inheritance transfer. If the private key holder gets in a coma, becomes disabled, disappears or dies before telling the relatives where he keeps his digital assets and where the private key is, they will have a hard time trying to access those funds. In most cases, such funds will be lost forever.
- Full access only. There is no option to set terms on which access to funds will be granted. For example, it can’t be set how much can be spent from a specific wallet, in a day and to what addresses. Once someone gets a private key — he has full control over the funds.
- Malicious employees. In traditional systems, security access can be differentiated between parties: each employee can get access only to the place or information he was permitted. In case of the private key anyone that have it — receives full control.
- Fear of responsibility. The majority of potential users (masses and businesses) are not ready to be self-responsible for the security of their funds. For them, it is easier to delegate the responsibility for funds management to a third-party like a bank. Also, if something goes wrong (their bank is robbed or hacked), they will get a refund from assurance.
There are projects that do solve some of the mentioned problems in their product, but none of them solves the whole list, because the concept of a private key is in the heart of their system. While inconvenience and inflexibility is a part of this concept, it won’t fit in a fast-changing world and will only slow down the mass adoption of the crypto industry.
The decentralization requires a self-responsibility (and it doesn’t matter is it about a funds management or a content posting). Most of the people are not ready to take this responsibility, and that is a reason why they prefer to stay or return to services with a centralized architecture. Then, for what was all this movement on a revolutionary road of decentralization? Is this inconvenience worth the fall back to the beginning?
One of the fundamental principles of secure systems development is not to create one point of failure in them. Private key violates this principle. And today, all the existing blockchain projects are using the private keys to provide users access to their funds. Thus all of them have this vulnerability.
Even top exchanges with a professional team and the highest level of incorporated security cannot guarantee a 100% safety of user’s funds. Since the beginning of the crypto industry, hackers stole more than $ 4B in cryptocurrencies. Here are only a few examples of the biggest hacks, which took place just in recent years: Coincheck — $ 530M, Bitgrail — $195M; Nicahash — $62M.
To prevent malicious parties from access to private keys, their holders use various security approaches:
- Hot Wallets. Every service that claims to securely store private keys online on their servers falls in this category. In many cases users don’t have access to them making this solution convenient. They don’t need to think about proper keys management — they just enjoy the service. Plus in most cases it’s free. But at the same time, users don’t have any control over their funds and they must trust a service that can be hacked or whose employees can perform malicious activities from their side. So this is the least secure option.
- HSM / Secure Enclave. This solution includes hardware wallets, Industrial HSMs and any other products that use a secure enclave technology to store and manage private keys. The convenience can grade from low to mid-level compared to previous approaches and it is expensive. Moreover, the users must trust a proprietary firmware of the hardware provider.
- Deep Cold Storage (air gaps). This is the most secure option: private keys are generated using community audited code in offline air-gapped computers (they were never been and will never be online or connected to any network and ). The signing process is also performed offline. Every OS is wiped clean after every production run, with the destruction of all data. The room where key management takes place is free from mobile and recording devices. All this is happening in the custody with 24/7 security guard. With that said, it is the most inconvenient and expensive though very secure option.
Mentioned above security approaches, implemented to secure digital assets, in most cases share much in common. With the defence strategy of Mordor — monumental bastions with the whole army around them are put in place to prevent any kind of a weapon attack — to all of these in one moment become useless when the one critical and irremovable vulnerability, the One Ring, is executed. When it is destroyed, the whole system falls. From that perspective height of Barad-dûr’s walls and towers doesn’t matter at all as any sensible adversary will never try to storm the front door.
And that is where we meet another side of the Mordor security problem: all employed guards, who must prevent the potential intruders from accessing Orodruin and destroying the One Ring, are unable to detect two little hobbits, who use the trivial number security system expolits:
- The thoroughly hidden vulnerability in the underlying system (cave in the mountains), patching of which is entrusted to a non-qualified low-paid employee (Shelob);
- The malicious party that has access to confidential information about vulnerabilities in the security system (Gollum);
- Unscrupulous employees and a human factor (Cirith Ungol Orcs);
- The parallel DDOS attack, which drags the attention of security system to itself (the attack of Men of the West on the Black Gates).
It is important to notice that most of these problems appear in any system from time to time, but with a proper security architecture, they won’t cause the crash of it. All existing blockchain projects are based on the private keys and it’s a single point of failure that cannot be fixed.
The private key as a sole authentication factor to access a blockchain is more than a 10-year-old security concept, which faced a lot of troubles in its history. With all the problems that impede the adoption of the crypto industry, the private key should leave us to the digital lands of happiness. Though we will remember it for all the fun it gave to us and for the knowledge it provided in fields of security and cryptography.
In the next article, we are going to explore the innovative security approach of the Spatium protocol in detail and why it will continue the good deeds of private key.