Programmable Custody: Key Management Gets Smart
Ideas on how to build better key management systems for humans
Crypto wallets are secure, but the private keys we use to access them can be very difficult to keep safe. How might we design ways to keep our private keys protected? In part two of this series, we explore the concept of programmable custody and how it could revolutionize how we manage our private keys. If you haven’t already, read part one.
The most commonly used cryptocurrency custody products and services are modeled after age-old banks and vaults — “Give us your assets and we’ll take care of them” — but this isn’t how it has to be. Because cryptocurrency or blockchain based assets are programmable, as opposed to cash, it’s possible to create new types of “programmable” custody models that give you the confidence of a full-service bank but full control of your private keys.
A smart custody system could leverage technologies such as multi-signature wallets (which require a subset of issued private keys to transact than than just one, such as needing three of five of your private keys to send your Bitcoin) and smart contracts.
What could this look like? Below are three key themes to design for in cryptocurrency ownership, to get you thinking about possible new products that enable people to manage their own private keys securely and confidently, without deep reliance on a third party.
1. Disaster recovery
Accidents and disasters happen, and if you lose your private key due to fire, or even writing it down incorrectly, you’re out of luck. Anyone that’s set up their own wallet knows the stress trying to ensure not only that you’ve copied down your key phrase properly but also that you’re storing it in a place that’s private and safe.
- Trust-ish Party: Can we leverage centralized services to hold a multi-signature private key that can be given to you in disaster incidents? That key, combined with the remaining keys in your possession, would re-enable you to spend your cryptocurrency, but the service provider would never have access to your digital assets.
- Hardware Multi-Signature: Can we do away altogether with remembering or writing down private keys by having many hardware wallets, say six, of which you only need three to be able to spend coins? If those hardware wallets were geographically spread out, it would mean you just need to remember locations instead of 24 word pneumonic backup phrases.
2. Preventing theft
Security is hard. Not a month goes by without crypto-currency being stolen from a compromised exchange or buggy wallet. There are also many different types of theft threats, for example someone hacking into your computer versus someone attacking you with a wrench.
- Delayed Withdrawal: Can we use smart-contracts to create 7-day delays from any withdrawal that can be voided by the holder of the private keys? Rather than an attacker instantly making away with digital assets from their exploit, could there by a smart-contract that delays transactions for several days with the possibility of cancelling the withdrawal, thereby making short, quick attacks less feasible?
- Multi-Sig Across Geographies: Can we spread out private keys over geography, making it hard for attackers to gather all the private keys needed to steal cryptocurrency? Spreading out private keys across different locations would diminish the possibility that if someone gained access to your private key they would be able to spend it. For example, a thief would have to break into three places, rather than one, to gather the necessary private keys to access your digital assets. That could be the difference between the attacker just breaking into your home, and breaking into your home, your office and parents’ house — which would be a lot more work.
3. End of life
What will happen to my bitcoin when I die? This is a question that many of us are happy to avoid, so as to not have to dwell on our own mortality. With self-controlled assets, unless stored in a third party service, like a bank, it’s challenging to pass on control in the future after you’ve passed away without potentially giving up control or introducing a security threat today.
- Timelocks: If the funds haven’t been moved with a certain amount of time, could they automatically be moved to another bitcoin address controlled by someone else? If you live in an unstable region of the world, it may be possible to not rely on banks and legal institutions to manage custody and pass on ownership of your digital assets. In cases like this, it could be useful to have assets that automatically transferred to the blockchain address of your next of kin using a smart contract that initiated after you don’t move your asset after a set period of time.
- Transaction Rails: What if there were smart-contract based guardrails for transactions sent from certain addresses? The transaction rails could allow larger transactions for approved addresses, and limit the rhythm and size of transactions to non-pre approved addresses. Having rails could mean the money is only approved to be sent to family members addresses, and if those have changed, then the funds can still be sent but over a much longer period of time in smaller transactions, just in case there are unauthorized withdrawals.
These are just some simple ideas that touch on different ways of thinking about cryptocurrency custody, and give more confidence and peace of mind to those of us that may need or desire to hold our own private keys in the future. It’s a new field, and the new design standards are still being developed on how to interact with cryptocurrencies.
There will be a large and varied continuum of different ways to manage ownership of digital assets, and I think staying in full control of your assets may come to be more important in the future, but it’ll only be possible if we can design support systems and products that help people manage the weight and responsibility of managing their own digital assets.
If you’re interested in continuing the conversation, please feel free to tweet me at @JamMontasser.