Keeping Your Crypto Safe — Solving The Private Key Paradox

NGRAVE
NGRAVE
Nov 4, 2019 · 5 min read

How Your Private Key Is Both Unbreakable And Hackable. And What To Do About It.

Image for post
Image for post
Illustration of the difficulty of guessing a 256 bit private key (e.g. Bitcoin or Ethereum) versus a.o. winning the lottery and guessing Bill Gates’ bank account credentials.

Note: Intended for reader level: beginner — intermediate.

1. The Core Of A Blockchain Wallet

In a previous blog post, we wrote that:

“Every crypto wallet consists of two things: a private key and a public key. You can consider the public key as your “address” or “account” on the blockchain. When you request a payment to someone, they will send the funds to your public key. The private key on the other hand, is the secret cryptographic password that grants the party who knows the value of the key, complete ownership of any funds on the associated public key. So if you have crypto on one or more public keys, it is imperative that you protect the associated private keys as much as possible.”

But so why is that private key so important? And can we quantify it?

Image for post
Image for post
The public key is derived from the private key through a one way cryptographic hash function. Unlike with your (centralized) bank, there is nobody you can call for a new “PIN” code when you lose your private key.

2. The Private Key Paradox

At NGRAVE, we call the issue at hand the “Private Key Paradox”. The private key or secret cryptographic access key to your crypto wallet is the reason why your crypto is so secure: if I don’t know your private key, I can’t break it or brute force it with the existing computer power available. Therefore, I cannot steal the funds you have on your public key: the address on which you have your crypto. It’s interesting to know that the public key and thus your so to speak “account number” is actually cryptographically derived from your private key in the form of a one-way hash function. This basically means that while you can calculate your address from your private key, it is near impossible to do the reverse calculation, i.e. calculate your private key from your public key. So, yes, the private key is a crucial pillar in blockchain wallets. It’s also the Achilles Heel. If I can simply look over your shoulder (e.g. when you have your key stored somewhere online) and see your key, it’s game over. I can steal your funds. Also, if you lose your private key yourself, there is no way of getting access again to your crypto. The morale: above all, generate your private keys out of sight, and keep your private keys out of sight!

Let’s have a look at the numbers.

3. Quantifying The Difficulty Of Guessing Your Private Key

Image for post
Image for post
Illustration of the difficulty of guessing a 256 bit private key (e.g. Bitcoin or Ethereum) versus a.o. winning the lottery and guessing Bill Gates’ bank account credentials.

The first thing you see on this graph is that winning the Lottery suddenly doesn’t seem such a big feat. Obviously you know better. And it gives a great perspective on how difficult it actually is to guess my private key and get access to all 0.01BTC on my account. Whereas winning the Euro Millions is an odd of about 1: 1.39 x 10⁸(or 1 in a hundred and thirty nine million), it’s nothing compared to guessing one of the richest men one Earth’s bank account number, PIN code, and two factor authentication code, which stands at 1: 1.18 x 10^21, or over a trillion times more implausible than winning the Lottery. Next, I dare you to guess just ANY private key out there that has a balance greater than zero. The latter is of a difficulty of 1: 1.96 x 10⁶⁹, which is billions of billions of times harder to achieve. That finally brings us to you guessing the private key of my Bitcoin address, which is of an order of magnitude of 256 bits, basically equal to you trying to guess which atom I am thinking about right now, of all the atoms in the universe.

4. Implications

So…THAT’s why if you don’t know my private key, you cannot brute force it. The computational requirements simply don’t exist today. Now imagine that you generate your private key offline, and never need to expose it when signing transactions (or any other kind of wallet management for that matter). How can a remote attacker then possibly break into your account?

Now, here is where it becomes tricky. OK, your private key needs to be generated offline. But this generation process itself has to adhere to some crucial conditions. It has to be able to generate the whole range of 2^256 possible keys. For example, if it were to generate only one of two values all the time, you still would have a private key but it would be easy to guess it. So the generation process itself must ensure that it can generate a key that is statistically unique and unbreakable (the process needs to be able to generate a gigantic range of keys), it needs to be unpredictable (i.e. random, so that nobody could ever just implement the same process and calculate your key from it anyway), and of course it needs to be offline.

5. The Solution

And that’s exactly where NGRAVE comes in. We have developed a product suite that not only generates strong private keys 100% offline, but also keeps them unexposed at all times.

Find out more about NGRAVE’s most advanced key generation process available in the market, in this post!

#StayCold

Ruben (CEO of NGRAVE)

PS: Don’t forget to clap and follow!

NGRAVE

The first end-to-end solution for managing your crypto.

NGRAVE

Written by

NGRAVE

The World’s Most Secure Cryptocurrency Hardware Wallet | Start Truly Owning What Is Yours | #OwnYourAssets | #TheColdestWallet |

NGRAVE

NGRAVE

NGRAVE is a digital asset security company and the creator of the world’s most secure cryptocurrency wallet, NGRAVE ZERO. NGRAVE ZERO was developed in collaboration with a world-renowned team of cryptography and security experts. Please visit www.ngrave.io to learn more.

NGRAVE

Written by

NGRAVE

The World’s Most Secure Cryptocurrency Hardware Wallet | Start Truly Owning What Is Yours | #OwnYourAssets | #TheColdestWallet |

NGRAVE

NGRAVE

NGRAVE is a digital asset security company and the creator of the world’s most secure cryptocurrency wallet, NGRAVE ZERO. NGRAVE ZERO was developed in collaboration with a world-renowned team of cryptography and security experts. Please visit www.ngrave.io to learn more.

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch

Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore

Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store