VESwallet — Have your Friends Help You Recover Your Lost Digital Wallet
VESwallet is the union of the VESvault APIs with the open source code from MyEtherWallet/MyCrypto. VESwallet dramatically improves and expands the applicability of the Keystore option by giving users a means to safely and reliably recover their wallets if they lose the wallet password.
With the legacy Keystore option, storing the wallet password was left to the user and was usually written down on paper or electronically stored on the user’s computer. Since the password encrypts and decrypts the private key, which is also usually stored on the computer, this creates two serious problems.
First, if the password is lost the wallet is lost forever. It cannot be recovered.
Second, it essentially creates a single point vulnerability through co-location. Both the password and the private key that it encrypts are usually stored in the same location. If a hacker gains access to the computer, the hacker will often have access to both the password and the encrypted private key, and hence access to the wallet.
By storing the password in VES, both problems are solved. The password is indirectly end-to-end encrypted by the user’s VESkey and stored in the cloud. By being both encrypted and stored separately from the private key, there is no longer a singe point vulnerability.
Even if a hacker were to gain access to the password and decrypt it, it is useless without the private key, which is stored locally. Conversely, if the hacker gained possession of the encrypted private key, it is useless without the password, which is safely encrypted in the cloud. This enables the user to safely create multiple, inexpensive electronic copies (USB drives) of the encrypted private key and store them in various locations to ensure that one copy will always survive fires, floods, theft and loss.
If the user forgets the password, he or she can always retrieve it with his or her VESkey. Or, he or she can simply use their VESkey to retrieve the password and never have a need to remember the password itself.
If the user forgets his or her VESkey, the password can be recovered through VES Recovery. The user simply creates a new VESkey and an automatic alert is sent to pre-selected friends who can enter their own VESkeys to assist the user in recovering the lost password. The friends never have access to the user’s password.
VES is similar to a concept called Shamir’s Secret Sharing, but improves upon two shortcomings of past implementations of Shamir’s that kept them from being practical for mainstream use: the collusion problem and the reliability problem.
The collusion problem pertains to the use of multiple Tokens that are essentially scrambled versions of a backup encryption key. It takes multiple Tokens to unscramble and reform the key so any single Token by itself is unusable. With past implementations of Shamir’s, if multiple friends collude, they can reform the key and gain access to the user’s private information.
VES solves the collusion problem through the use of a distinct and separate Shadow vault. If the friends collude, they would have a copy of the Shadow vault key, not the user’s VESvault key. Being unused for any purpose other than VES Recovery, the Shadow vault has additional levels of access control over the primary VESvault. Breaching this access control is as difficult as breaching the major sites that use standard access control measures without encryption. And, unlike these major unencrypted sites, with VES the access control firewall is limited to this hypothetical small unit of nefarious colluding friends. To everyone else, encryption is the main barrier for VES, and encryption is safer than access control.
The reliability problem is that even if a recovery solution is 99.99999% reliable, it still isn’t good enough. Who wants to be the 1 in 10 million that loses a wallet? Through a VES viral network, the odds of losing content due to key loss can quickly and vastly exceed 1 in 1 billion¹. Go to https://www.vesvault.com/fun-math to use the VES Recovery reliability calculator.
VES solves the reliability through the viral network of friends. If the user’s friends all lose their VESkeys, upon completing their own VES recovery they can in turn assist the user, and so on. There’s no limit to the depth or breadth of a user’s VES network.
Since each person must manually enter their VESkey to decrypt their data, which includes the Token for each friend they can assist, each person is essentially a human firewall against a chain reaction hack. In simplistic terms, if one of your friends gets hacked, the vulnerability is limited to your friend’s content. Your content is still just as safe, provided you chose that more than 1 friend is required to assist you in your Recovery so that multiple Tokens are needed to recreate your Shadow vault key.
Some wallet users claim the superiority of cold wallets over the Keystore option because they better address phishing and malware attacks. However, these two vulnerabilities can also be addressed with the Keystore option by running VESwallet offline, or by using the home-brewed cold wallet version of running it offline on an isolated operating system such as Tails. These use-cases make the Keystore option essentially as secure as a hardware cold wallet and safer from loss with more redundancies for the password and private key. It also eliminates the single point vulnerability of the Seed backup associated with most hardware cold wallets.
Overall, the integration of VES APIs dramatically improves the safety from wallet loss and the security from attacks. It makes the Keystore option — whether used online, offline or offline on an isolated operating system — a viable choice compared to the legacy Keystore option, a Browser extension option and the cold wallet option, respectively.
For more information on VESwallet and VES, check out the Product Overview link in the header of wallet.VES.world or the FAQ in the footer. For even more technical information there’s a white paper on VESvault.com at https://www.vesvault.com/articles/VES-Whitepaper-Abstract. Feedback can be submitted through the Contact or Follow us link in the footer at VESvault.com.
¹ Based on a 2 level VES network of 5 friends who each have 5 friends, 2 out of 5 friends being required for assistance and a 25% chance any single user loses their VESkey— go to https://www.vesvault.com/fun-math to use an interactive probability calculator for VES Recovery. Reliability is completely dependent upon the quality of the user’s VES network — the depth and the breadth. VESvault Corp cannot assist in setting up a user’s VES network or recover any encrypted content. The individual user’s VES network is the only means of recovering a lost VESkey through VES.