A Sock Drawer Full of Secrets
The most unhelpful phrase in all of computing is ‘Keep your password somewhere safe’.
My favourite method of thinking about cryptographic keys is the drawer and pirate analogy. It’s very simple, but it works very well for intro-to-Bitcoin purposes.
A private key is simply a random number between one and eleventy-bazillion, so all you have to do is imagine there’s a big public vault somewhere in hyperspace consisting of eleventy-bazillion drawers. To keep your precious coins safe all you need to do is walk up to the vault, select a drawer at random and toss them in. They’ll be safe for all eternity.
The drawer doesn’t need a lock. There are so many drawers that all you need to do is remember which drawer you picked. There are so many of them that if a would-be pirate could get himself and his would-be pirate friends to search millions of drawers a day, they won’t find yours or anyone else’s treasure until some time well after the heat death of the universe.
We are very reliant on our big hyperspace vault, because we have built many impressively impregnable cryptographic systems based on it. Pirates are well aware that no matter how many millions of drawers they can open a day, the numbers are so astronomical that trying is a waste of their precious pirating time.
But they also know they don’t need to. They know to how to restrict their search to a set of drawers that are almost guaranteed to yield something of value within minutes of searching. Like your sock drawer, for instance.
There are maybe 40 drawers in my house, and a group of pirates with the capability of opening a million drawers a day could rifle through their contents in 0.086 seconds. Even if they’d come up empty on their eternity at the hyperspace-vault, they can console themselves with comparatively simple access to the meat-space drawer in which I think I’ve cleverly hidden the location of my particular hyperspace-drawer.
And we generally think this is fine.
In my work on Grin and, more particularly Grin’s Wallet, It’s always felt a little strange that, despite security audits and having hundreds of qualified eyes looking at the code over many years, nobody has once blinked at this:
When we create a brand-new wallet, the wallet selects a drawer in the hyperspace vault and records its location as our key. This is done using state-of-the art algorithms backed by a secure random number generator carefully extruded from the finest minds in computing over the past 40 years.
Then it turns it into a bunch of words, tells you to write them down ‘somewhere safe’, and calls it a day.
So your wallet has just handed you two things: a highly valuable and highly-secure crypto wallet seed, and a massive unsolved problem. What are you supposed to do with these handwritten words on a slip of paper?
You know you want to keep them secure; that much is certain. Since your sock drawer fails to meet several security criteria most would consider important, it’s clear a better strategy is needed.
You could make a copy of the words and send them to your cousin. But then you’ve given your cousin access to your coins and doubled the chances a pirate will find the key.
You could split it up into two pieces and send one piece to your cousin. But if you or your cousin loses a piece, your coins are gone along with your already fragile relationship with your cousin.
You could go lock the words in a safe somewhere. One copy at home, one in the vault for disaster recovery. But what guarantees your access to the vault? Can the vault employees access it? Has your security team accurately vetted how secure the vault really is?
What if something happens to you? Do your loved ones know where to find this thing? What if a nearby pirate learns you have it?
Actually, this paper is a bit flimsy, maybe you should etch these words into fire-resistant metal somehow.
Did you mention this isn’t your only crypto wallet? You actually have two hardware crypto wallets and 10 paper ones… can you afford to purchase your body-weight in fire-resistant metals?
You know what, this is starting to get time-consuming. Maybe go with your instinct to put the thing in your sock drawer until you think of the perfect solution.
Cryptocurrency is just one illustration of this problem.
Do you use a password manager? (If not, use a password manager.) But even if you do, you’re going to have a master password for the password manager that needs to go somewhere. Services like Lastpass are justifiably adamant that you and you alone are responsible for keeping your master password safe. So where is yours? In your head? Written down somewhere safe?
Ever worked in a department somewhere with a spreadsheet full of passwords locked with a master password that only the boss has full access to? What’s their disaster recovery strategy? Is there one?
We are extremely good at developing hyper-secure systems that can absolutely, positively ensure that anything locked by a key can never be accessed by anyone without that key.
We are hilariously bad at knowing what to do with all of these stupid keys.
No matter how securely you lock something, its security is only as good as the security of its key. If you want to keep your key secure, then you need a secure place to put your key. But then you need a key for the secure place in which you put your keys, and then you need a secure place to put your key for the secure place to put your key in which you’ve stored your original key.
It’s turtles all the way down.
I think there is plenty of scope to improve how we deal with the ever-worsening fundamental key problem. I wouldn’t count on any magical discoveries eliminating it entirely, but I do believe that a mix of existing technologies can be smartly employed to provide a much more compelling alternative to the sock drawer or any home-grown solutions that may be out there.
Sharehold is a new project I’m involved in that is going to find that mix.
I’ll leave details of Sharehold’s technological ingredients for later postings, but an important one is the use of Shamir Secret Sharing. This is a ‘threshold sharing’ scheme that creates ‘shares’ out of an original master secret. So for instance, you can split a secret into 5 ‘shares’ but only need to recombine 3 of them to recreate the original secret.
But if you split a secret into 5 parts, do you now need 5 sock drawers? This just a single component that on its own that doesn’t address issues such as:
- Where do you store these shares?
- How do you secure them?
- How do you distribute them?
- Who do you distribute them to?
- How easy is it to recall them?
- How do I recreate the scheme if too many pieces are lost?
- How do I even know if the pieces are lost?
Sharehold is an honest attempt to address questions to which I think the answers are long overdue. With some thinking and experimentation, I think the project has the potential to change how the world thinks about account recovery.
But I also know that solutions aren’t going to appear in a vacuum. We’re starting with what we think are viable approaches to all of the open questions above, but as anyone who’s ever worked in a related space knows, this stuff is hard. The only way to achieve security is by having your assumptions continually challenged. We want to ensure that everything we do is reviewed, thought about, argued over, and smashed to pieces by as many people as possible.
So I want to ask for your help. If you’ve ever thought about this problem or are interested in a better way of managing your secrets, then we want to hear from you.
I’ll be posting more details about Sharehold in the coming months, as well as any adventures or experiences we have bringing it to life. I don’t want to start producing a series of thinly-veiled advertisements, but I think the particulars of what we’re doing naturally produce concepts interesting enough to talk about in their own right.
And for now, if you’d like to keep track of Sharehold’s development, you can sign up for our upcoming beta release. We promise to be respectful and non-spammy with our communications, and your voice will be instrumental in helping us during our early-stage efforts to tackle the account recovery problem.
Until then… keep that sock drawer safe… somehow.
