Part 1: Holochain, Holo Accounts, and Cryptographic Key Management

Technical Deep Dive with David Braden

Holochain Design
Feb 21 · 7 min read

Highlights

  1. Holochain/Holo Accounts and Keys
    1.1 What Are We Talking About?
  2. “Account” Keys and Libsodium
    2.1 Holochain Key Derivation
    2.2 Holo Browser “Account” Keys
    2.3 Hardware Wallets and Holochain

Details

Holochain/Holo Accounts and Keys

In our Leadership & Org post last week, we talked about Holo Accounts. We thought it would be a good idea to go into more depth on the specific technologies and strategies underlying Holochain, Holo Accounts, and cryptographic key management from a developer’s perspective.

Cryptographic key management

The security models for Holochain and Holo have been designed (we hope!) to limit the barriers and complexities of entry as much as possible, without closing the doors to really solid, even paranoid, security models should a user elect them.

This means that, you should get solid security on par with, or better than, the industry standards of the classic, centralized web when running a Holochain application, setting up a HoloPort to host for others, or logging onto a Holo-enabled app from a browser. If you want to take things further and generate your keys on an air-gapped device in a Faraday cage two miles underground and then print them with a dot-matrix printer — go for it!

1.1 — What Are We Talking About?

It’s difficult to even know what we are talking about when we say our “Account.” You’ve got Holochain, Holo hosting, core apps like DeepKey (our key management app), and apps built on top of Holochain, such as our HoloFuel currency app. So to be clear, we think of an account in terms of an individual DeepKey keyset.

2 — “Account” Keys and LibSodium

Holochain (and Holo) care about two main cryptographic operations — signatures and encryption. Signatures are used for chain validity; in other words “did person X really create this entry?” Encryption is used both at rest, to secure persisted information on the disk, and in transit, to secure communications between parties.

Encryption signatures are used for chain validity

A user will be able to backup a single seed value and reproduce all the keys generated from it, as well as make use of passwords and passphrases in a manner that is resistant to brute-force attacks.

2.1 — Holochain Key Derivation

Key derivation

Each device you want to hook together under your keyset gets a different subset of keys that can be individually revoked, giving security isolation.

If a device is destroyed, and you are fairly certain the keys on it are not compromised, you could use your root seed and a backup of your private chain to rebuild your account on a new device — though you may want to go ahead and revoke the keys to be thorough.

2.2 — Holo Browser “Account” Keys

Password derivation that is resistant to brute-force attacks (i.e. throwing a dictionary at it to see what works) depends upon two things. Firstly, that the hashing or derivation algorithm uses a high amount of memory and CPU, making it slow to try a bunch of different options. Secondly, on what is called salt, which is random, non-secret entropy mixed in with the password so we cannot easily make a reverse lookup table of hashes to passwords.

We want Holo end-users to be able to log into an application from any computer, without having to memorize 24 mnemonic words, or give up control of their private keys to anyone, including the Holo organization or the HoloPort hosts who run their app.

We need a tiny bit of centralization to make this happen. An end-user needs a password and a salt. So if they move to another computer/browser, they would still know their password, but how do they know their salt? The Holo organization is going to host a salt registration service, associating an email address with this salt. We’re looking into using Cloudflare Workers, so even though one company is hosting the service, there will be ~over 160 decentralized points of presence from which to obtain your salt. : )

CloudFlare Workers

2.3 — Hardware Wallets and Holochain

Hardware wallets

First off, Holochain uses cryptography for both signing and encryption. Bitcoin, as an example, uses it exclusively for signatures. It may be possible to write a hardware wallet app to do encryption as well (hardware RSA keys can), or we could keep doing the encryption in software and only move signing to the device.

Secondly, Holochain does a lot of signing — constantly. Every time a node interacts with another node, every time a bit of DHT info is gossiped, every time a query is made, Holochain signs the communication. Can you imagine sitting there with your hardware key, clicking approve each time someone else in the network published a social media post?

Holochain

Holochain enables a distributed web with user autonomy built directly into its architecture and protocols. Data is about remembering our lived and shared experiences. Distributing the storage and processing of that data can change how we coordinate and interact. www.holochain.org

Holochain Design

Written by

Creating an ecosystem of decentralized applications with distributed, user-controlled storage. Cheaper, faster, better than #Blockchain @metacurrency @H_O_L_O_

Holochain

Holochain

Holochain enables a distributed web with user autonomy built directly into its architecture and protocols. Data is about remembering our lived and shared experiences. Distributing the storage and processing of that data can change how we coordinate and interact. www.holochain.org