KeySplit — Tackling the hard parts of being your own bank
Winners of the 2018 ETHDenver Hackathon
Losing the key to the bank vault
Almost 4 million bitcoins are estimated to be lost forever, according to a late 2017 analysis by Chainalysis. That includes 2.5 million coins lost by ‘hodlers’ who forgot where they put their private key or accidentally threw away their hard drive. Then another 1 million owned by Satoshi are assumed out of circulation due to his infallible desire to change the world without getting rich. (But let’s be honest, he just lost his private key.)
Coins valued in the hundreds of millions of dollars have been stolen on numerous occasions from various cryptocurrency exchanges, because people choose to keep their crypto on the exchange rather than in a private wallet.
A great promise of cryptocurrency is the ability of every individual to fully own their money. No more fractional reserve banking, no more inflationary central banking policies, and no more guilt about having 40 euros in your wallet for 6 months because you don’t want to take time to go to the bank and exchange it back to dollars. (The last one may be a personal example.)
With crypto there’s no banks necessary — you have your private keys, you use them to verify all transactions you make. Suddenly, you are literally your own bank.
But have we stopped to think about if the average person is ready to be their own bank? Most people don’t even know what a password manager is; how do we expect them to secure a private key or seed phrase that is the sole source of access to all of their money? With crypto, you can’t call up Chase Bank and tell them you forgot your password, or ask them to reverse a transaction you “didn’t approve”.
Private key security and user experience is a serious barrier to mass adoption and use of cryptocurrency.
While the cool problems everyone talks about like blockchain scaling are also major barriers to everyday use, private key UX is one that has been largely overlooked by crypto early adopters. I hereby burst your bubble — not everyone wants to hammer their seed phrase into metal and bury it in discreet places all over the world.
A two-sided solution
The problem: People aren’t ready for the responsibilities of being their own bank.
The solution: Education and tools. They are two sides to the same bitcoin (ba-dum 😉).
User education is crucial in the high stakes world of cryptocurrency. There’s actually tons of great educational material out there about private key security, but it’s not accessible to the average user. Unfortunately most people aren’t going to take the time to read through Jameson Lopp’s excellent crypto resources page — they are just going to buy some BTC or ETH on Coinbase. It’s critical that the education meets people where they are, and the best way to do that is when they’re using the product.
We must also build the tools that allow people to be secure with their money. These tools must be easy to use and seem simple, even if they are complex behind the curtain. People won’t use an app they can’t immediately understand.
A good end-user application will bake education into the product experience. This means explaining in a concise and interesting way why a user is doing something while she is doing it, and building the product so it’s very hard for the user to do something unsafe.
This is the thesis from which KeySplit, my ETHDenver hackathon project, was born.
ETHDenver 2018
I won’t go into many details on ETHDenver here — for that you can check out my summary post going up soon. As quick background, my team (none of whom had met in person before the hackathon) went in with the goal of improving seed phrase/private key UX for the average person. We came up with KeySplit, made a half-working prototype in 36 hours, and somehow were chosen as one of the 7 winning teams for the hackathon. It was a great weekend, I met a ton of new people, and we all worked really hard to build cool stuff for the Ethereum & larger crypto ecosystem. Major props to the hackathon organizers for all the work they put in to pull off the weekend.
Enough with the dramatic intro — what’s KeySplit?
What’s the best advice we’ve got currently to secure your crypto wallet seed phrase?
“Write it down on a few pieces of paper and hide it in your house, bank deposit box, and your parent’s house.”
What is this, 1970??
KeySplit allows you to securely and digitally store your seed phrase with people you trust.
Seed phrase: A mnemonic phrase, mnemonic recovery phrase or mnemonic seed is a list of words which store all the information needed to recover a cryptocurrency wallet. Wallet software will typically generate a mnemonic back up phrase and instruct the user to write it down on paper. If the user’s computer breaks or their hard drive becomes corrupted, they can download the same wallet software again and use the paper backup to get their cryptocurrency back.
We use a well-tested cryptographic algorithm called “Shamir’s Secret Sharing” to encrypt, then split your seed phrase into five “shards”. You then send each shard to a different person (a “Guardian” in our fancy marketing terminology), and they keep it for you in their KeySplit app.
Each of the shards is a mumbo-jumbo of letters and numbers, and one shard by itself can’t do anything. However, if you ever lose your seed phrase, you can collect any three of the five shards and use them to recreate your original seed phrase. This takes a single point of failure — your piece of paper with a seed phrase stuffed in your desk drawer — and spreads it out among people you trust by giving them a small part of the responsibility to keep your money safe.
“But can’t your Guardians collude to combine the shards and steal your money?”
That’s why it’s important not to tell each Guardian who the others are, and why we also suggest picking people that don’t even know each other (e.g. one family member, one friend from college, one work friend, etc). But as a precaution in case your Guardians do guess each other’s identity and want to screw you over, we’ve added another layer of security in the form of a password you enter when you first split your key. In order to recreate your original seed phrase, you’ll need this password plus three of the shards.
The good news is, the password doesn’t have to be crazy strong. Due to the low likelihood of properly chosen Guardians colluding, all you need is a password that is slightly better than “Password123!” Or you could create something stronger and keep it in a password manager — even if a hacker gets hold of your password, they would have to trick three of your Guardians into sending them your shard. We have some ideas around ensuring that you and your Guardians remember your password, which I’ll likely share at a later date.
Bringing trust to a trustless ecosystem
We’ve built KeySplit to be safe even if your Guardians want to steal your cryptocurrency. But we also truly believe that most people’s Guardians won’t want to do that. Humans are hardwired to form bonds with other humans — we want to trust others. When we’ve known someone for a long time and have built trust with them, that bond is strong; the internal and social ramifications of breaking that trusted bond are in most cases stronger than the desire for profit. KeySplit uses those strong bonds of trust to help people feel comfortable that their money is safe — that it won’t disappear with a lost password.
What’s next?
The KeySplit team is working hard to get the app from hackathon quality to real-product quality. Once we release v1 of the app, we’ve got some other ideas up our sleeve that will continue to improve wallet security for the average person.
You can check out our website and sign up to participate in beta testing at keysplit.io. If you’re interested in helping out or getting in touch, feel free to email us (hello[at]keysplit.io). And if you have questions, ask them here or hit me up on Twitter (@nneuman).
Remember: “Save trees (and all your money and sanity); don’t print your seed phrase on paper.”
P.S. Satoshi is going to be totally pissed when he reads this post.
“Why didn’t they make this 8 years ago?!?” — Satoshi Nakamoto
