Wallet Security Explained 🛡
How we tackle security and secure access to a user’s wallet?
While building Arkane Network and adding new features we always keep a few questions in our mind:
- Are we increasing the usability for our users?
- Does this add value for developers?
- Will this enrich the eco-system?
- Are we implementing it in a secure way?
These questions help us to focus on the things that matter. In this article, we explain how we tackle security and secure access to a user’s wallet.
First layer, core blockchain characteristics.
Every user’s assets live on the corresponding blockchain, and thus inherit all the underlying blockchain’s security benefits.
Second layer, securing the private key of a user’s wallet.
The first part is encrypting the private key with a keystore and a password, an extremely long password, this is done via AES 128-bit encryption. Next, we take the password and split it into 3 parts using the Shamir Secret Sharing algorithm. The part that belongs to the user is then encrypted for the 2nd time using AES 128, using the user's pin code. Once that is done all three parts are stored in a vault where they are encrypted for a 3rd or 2nd time. Access control policies provide strict control over who can access the vaults and what part of the key and which permission they have. On top of those policies, we’ve also added additional ACLs (Access Control Lists) to control access on the application and infrastructure level.
Shamir’s Secret Sharing is used to secure a secret in a distributed way, most often to secure other encryption keys
Third layer, abstracting the use of a user’s private key.
On top of the layer 2 encryption we add the need of a pin code, if an attacker would be able to bypass all our different levels of security and is able to decrypt and assemble the different parts of the private key, he would still need to know the users pin code to gain access to the user’s assets. Additionally, we allow users to set a different pin code for each wallet they own, making it even harder for an attacker to get away with all the user’s valuables.
Tip: Split your crypto assets over multiple wallets and have a custom pin for each.
Fourth layer, breakers.
By implementing “breakers” we can offer our users an extra level of security. To explain with an example: Assume you are using your Arkane wallet with MyCrypto, and MyCrypto gets hacked, then we switch on the breaker for MyCrypto, blocking all access coming from MyCrypto towards our network, and so protecting uninformed users.