Wallets, Wallets, and more Wallets
I’ll admit, I’m floating in the writer’s block abyss this cycle and the busier we get in Ethereum, the less time there is to focus on distributed network philosophies and impacts. This writing work is too important to simply hire out though and Joshua Hannan is going to start putting out great content along with me so be sure to check him out!
With that said, I received a request for some information this week about our wallet libraries and the wallets you can deploy with them. This led me to wonder how many people actually understand the concept of a wallet in the context of Ethereum. So in this post I’m going to discuss the basic concept of a wallet along with the different types, drawbacks, and benefits.
Distributed ledger systems such as Bitcoin and Ethereum are able to maintain the value of their cryptocurrencies specifically because of the ability to provide a verifiable record of, to the last digital bit, the exact supply and location of every token. When you request Ether on an exchange, request an account in My Ether Wallet, or open our soon to be announced application, you are issued a location within the ledger. This location in Ethereum is identified by a random series of 40 bytes with the public key, or label for others to identify, being the last 20 bytes. If you’ve ever seen a series of digits such as 0xe0b41671CC6374f1a564459B8298E87585a28A84 in your exchange account, this is the label that identifies your location and the location of your digital assets in the ledger. It’s what we call a mapping, or associative list, there’s perfect correlation between that address and the data contained there; this is what we refer to as a wallet.
The simplest form of a wallet, and the base setup for all wallets, is one with a public address, the one we just talked about, attached to a private key. The private key is generally stored and encrypted with a password somewhere on your system or the remote system providing you a service. When it comes time to sending a transaction, which is the same thing as moving the location of data, which is the same thing as sending Ether or any ERC-20 token, the private key holder will decrypt the key with a password and “sign” the transaction. The specific mechanisms that make this happen are handled within the system as long as you know the password to decrypt the private key. While simple, it has a downside in that anyone who is able to obtain the single private key has access to the wallet and everything in it. Phishing attacks such as MyEtherWallet clones are notorious for tricking users into submitting their private key and then quickly using it to access your location in the ledger and moving all of the data. (Congratulations, your level of understanding just moved up a notch because I didn’t have to say accessing your account and stealing your money.) Additionally, if there are multiple parties with an interest in the stored assets, then any process to release funds must be handled completely off-chain with the final authority still resting with a single private key. So the trade off here is simplicity and convenience at the expense of having a single layer of security; your encrypted private key.
A step above a simple public/private key pair stored on a computing device is a hardware wallet. Hardware wallets provide an additional layer of security by keeping the private key isolated inside of an encrypted peripheral device and allowing the owner to sign transactions and send them without exposing the private key to the outside world. It’s the same exact concept as a simple wallet with an additional layer of security. It becomes impossible to simply swipe the key off of a stored system and there’s no reason to ever expose the private key. All information in a proposed transaction that moves data can be ingested by the hardware wallet, which signs the transaction and sends it back out. This, however, still does not solve the multi-party problem nor the single point of failure should anyone obtain the private key in some way such as theft. This becomes a very real threat as popularity grows and criminals can start assuming everyone has a hardware wallet somewhere on them or in their home.
Multisig wallets on Ethereum are an attempt to solve both the multi-party problem and the single point of failure. They are smart contracts, or source code deployed at a specific address, with the purpose of providing a single storage location for assets but requiring multiple private keys to move them. This is enacted by assigning ownership of this coded wallet to multiple “simple wallet” addresses, each of which have their single private key. In order to move anything out of the multisig wallet, signed transactions approving the move need to be sent by the multiple owners. Majoolr’s wallet libraries provide a secure layer of source code which can be used to deploy multisig wallets with numerous configurations. These multisig wallets can require a specified number of private keys to send signed authorizations before the wallet sends transactions or moves any digital assets. This setup provides additional security beyond a single private key and allows multiple parties to authorize transactions on a single store, all on the blockchain. The downside to this is the added complexity and cost of signing and sending multiple transactions. With that said, outside of a cold wallet, which is an address whose private key is stored in a secure, completely offline location, a multisig wallet deployed using Majoolr’s libraries and connected to multiple hardware wallets can provide the best security available for digital assets.