Private Key Recovery — Decentralize user’s responsibility

Do you know someone who lost their private key and could no longer access their crypto funds? Have you, yourself, been scared to lose the 12 magic words you took when signing up on a wallet? I have been. Hence our tentative to find a new, more satisfactory, solution necessary for mass-adoption.

We intended to describe how the private key recovery could work in the future. This project is not ready for tomorrow and we need all the talents to contribute in the next years.

If you think you or your project could be a great addition to our future efforts, please send us a message: hello@iov.one

This article describes a simple system to enable private key recovery

The ability to retrieve a lost private key in order to execute a new transaction on blockchain is a complicated issue. Even Crypto-Exchanges failed to manage securely private key for their users. Too few wallets are trying to find a solution which could improve significantly user experience since users are already used to retrieve passwords if forgotten. Any UX designer would include a “Forget Password” link in a sign in page.

Somehow, Bitcoin has introduced a new paradigm which gives back freedom to users thanks to cryptography: only the user is responsible for his actions when conducting a transaction.

Before detailing the solution let’s reemphasize on one of the most essential functionality of blockchain: non-reversibility. This essential property is key to ensure transaction safety on exchanges. It is also extremely upsetting when you want to reverse mistakes, hacks and key losses since non-reversibility indirectly implies loss of funds.

We could then imagine a solution which would question non-reversibility. Nonetheless, we observe that even in the banking industry, non-reversibility applies: you can only cancel a transaction by entering in a new one.

Therefore, with or without blockchain, non-reversibility is the key technical property ensuring trust which is a necessary condition to build a financial system.

Once non-reversibility is accepted as a necessary condition, the need to find a seamless solution to enable users to manage their private key, as they manage their bank account access, still remains.

Despite the above irreconcilability, this article suggests a simple solution and enables the user to have an alternative how to administer his account safety.

Current Status

In one scenario, a third party knows the private key enabling the user to generate a traditional password so its loss would not be problematic. The security is opaque, the user doesn’t know how the third party manages his private key.

In the other scenario, only the user is responsible for safekeeping his private key taking the risk of memory loss, hardware failure, hacks which could prevent him to cash out his coins. Security is simple, the user is the only one responsible for his security.

These two paradigms seem irreconcilably opposed. Most of crypto wallets ask their users to memorize 12 words while most of internet websites have default button to retrieve passwords.

In order to remove ourselves from this binary paradigm we need to introduce a major cryptographic property: Threshold Signature.

Threshold signature: a new paradigm

This cryptographic innovation requires multiple parties to sign a transaction. Threshold signature is similar to multisig except for two major differences:

• Opposed to Multisig, Threshold signature process is done OFF-chain and for the blockchain, it looks like a simple signature
• It is blockchain agnostic and can be implemented on most current blockchains.

These two properties are very interesting. The first one enables the user to outsource the transaction signature to a chosen list of custodians. The second one enables to use a threshold signature on all current blockchains and even on blockchains which do not have smart contract capability.

Concretely, when the user decides to use Threshold signature, there isn’t anymore one classic private key but several “sliced” private keys held by the custodians. Threshold signature can work even if one component of the private key is missing (such as multi-sig). Even if a “sliced” private key is lost by one custodian it is still possible for users to access their funds.

By “slicing” the private key, threshold signature presents several benefits for the users:

• avoid any blocking situation should a custodian go bankrupt for instance.
• avoid loss of funds should part of the private key be made public.

For more information about Threshold Signature, you can check this great article.

The CHECKPOINT blockchain: an additional blockchain dedicated to custodians and wallet users

Steps from signing-up to sending a first transaction from the user perspective:

1. After installing the wallet app, the user will sign up by choosing his KYC service providers and custodians from a list provided by the wallet app.
2. While this process is being validated, a device-based private key is being embedded within the app. This device-based private key remains invisible at all times.
3. In order to initiate a transaction, the user specifies the amount, the ticker and the blockchain ID he wants to make a transaction on.
4. The device-based private key associated with his device is then used to sign a transaction on a new blockchain called CHECKPOINT. The wallet no longer sends its transactions directly on the blockchain where his cryto-currency is registered.
5. Once the user has sent a transaction on CHECKPOINT blockchain, the custodians monitor confirmed transactions on CHECKPOINT blockchain and generate the requested transaction on the blockchain where his crypto-currency should be transferred.

Custodians are service providers. Therefore it is highly unlikely that we witness collusion between trusted parties.

User’s benefits: retrieving access to their funds if his device is lost

Before this solution, user had to give away its security by trusting only one third party or needed to manage its own security. This solution gives a better security model where each custodians need to keep only a ”sliced” private key. Therefore, security is no longer centralized since custodians can’t individually sign a transaction. This process can be audited.

To conclude, if the user has lost his device-based private key through the loss of his device, he can reset it by restarting the sign-up process. Once KYC process is finalized, a new device-based private key will be associated back with his new device.

Threshold signature is a very flexible tool to enable Private Key Recovery and trigger mass adoption

Collateral. With the new CHECKPOINT blockchain, custodians can be cryptographed in collateral if the user sends his transaction on CHECKPOINT blockchain and the custodians fail to complete final transaction.

No need for smart contract. There is no need for smart contract and it can work on all blockchains: custodians can apply very complex rules based on the amount of the original transaction. Security should not be the same if the user wants to send 0.001 Bitcoins or 1000 Bitcoins.

Universal tool. One nice property of this system is that any wallet can use this system interacting with the CHECKPOINT blockchain because the threshold signature is being generated only by the custodians. So the wallet doesn’t have to implement the cryptography threshold signature.

IBC/COSMOS material. It is a little far ahead because the threshold signature involves many “sliced” private keys however IBC could be used once the threshold signature is built directly from the CHECKPOINT blockchain to send a message to the appropriate blockchain so everything is on chain.

Special Thanks to Riccardo from Commercio.network, Ouriel from ZenGo, Emin Gün Sirer and Nicolas Lemaitre from Ava Labs and Clarisse from IOV for the great and inspiring conversation during the Berlin Blockchain Week!