Klaytn Usability Improvement Series #1: Separating Keys and Addresses
Improving the usability of our blockchain platform has been one of Klaytn’s priorities. In this series, we would like to show you some of the features that can contribute to improved usability.
- Separating Key and Address
- Introducing Multisig on the Platform-Level
- Fee Delegation
- Supporting Role-Based Keys on the Platform-Level
- Implementing Explicit Types for Accounts and Transactions
In this post, we will demonstrate how we can improve usability through separating keys from addresses. Klaytn uses the secp256k1 curve, just like Bitcoin and Ethereum. Account addresses are derived from private keys in existing blockchains. The problem with this approach is that the account becomes unusable if the private key becomes exposed.
If there is a chance that someone knows your private key, you are advised to get a new one and migrate all your assets into a new account. Or else, you may lose everything you had in your old account. But setting up a new account and migrating all your assets is definitely easier said than done. You have to notify those around you of your changed address before they send anything to your old account.
Things get more complicated if you were using a BApp (Blockchain Application). Since it is integrated with the old account, you also have to move all the assets from the BApp to your new account. But if the BApp does not support that function, migrating assets may be impossible all together. It could also result in fragmentation of your transaction records.
And what if your private key gets exposed again? You would have to go through the entire process one more time! What a catastrophe, right? Of course, it would be most ideal if you could take good care of your private keys and protect them from exposure, but it is still advisable to be prepared for all eventualities.
This is different from what you would expect from other kinds of services, say, the bank. You could think of the blockchain account address as the bank account number, and the private key as the password. What should you do if your password gets exposed? The most common response would be to simply change the password. You wouldn’t open up a new bank account just for having your password exposed.
People resist changes to their accustomed user experience, especially when that change entails a lot of inconveniences. That being said, it would make sense to maintain the user experience on blockchain indistinguishable from the old experience. That is why Klaytn separated the account address from the key. You can no longer derive your account address using your private key. That way, even if your private key gets compromised, you can set up a new private key to your account and continue using it. The asset migration described above would not be necessary. In short, it’s basically just like using a bank.
To make this possible, Klaytn accounts create a separate field called key. You can store the public key in the key field, and sign the transaction with the corresponding private key. If you want to change your private key, you can set up a corresponding public key via AccountUpdate Transaction. Any transaction occurring henceforth will only be considered valid when it’s signed with the new private key. For more information regarding Klaytn account, please refer to KlaytnDocs/Accounts.
But it seems a little inefficient to keep this key field just for the sake of public keys, doesn’t it? That is why Klaytn allowed additional key types. In our next post, we will look at some different types of keys. Stay tuned!