The Private Key to Failure

Spatium
Spatium
Nov 8, 2019 · 7 min read
Image for post
Image for post

Any journey to the world of cryptocurrencies starts with the study of what is private and public keys. The use of a private key as the only authentication factor to access an address on the blockchain is one of the basic and oldest concepts in the crypto industry. It was a simple and elegant solution at the moment of the Bitcoin’s whitepaper release. But what was meeting requirements of cypherpunks community in the time of the first experiments with the digital cash, will not meet them in the era, when the crypto industry receives millions of dollars in investments and the number of users grows each day.

Most technological approaches in the blockchain industry have completely changed in the last decade: for example, the concept of a Crypto Wallet has evolved from a single «wallet.dat» file in the distributive of the Bitcoin’s client to a complex Web3-browsers like Trust Wallet or hardware security modules (HSM), integrated into smartphones. But the concept of the private key as the only authentication factor to access an address on a blockchain hasn’t changed since Satoshi. The difficulties related to the management of such private data have already caused a lot of problems in the crypto industry.

In our first article, we will discuss those problems and why it is time to take steps to more secure and flexible solutions.

One key to rule them all

In a fast-changing IT-driven society the convenience of physical and software UX of the product is one of the leading factors to use it. And this is one of the main problems of the private key on the way to mass adoption — for most users as well as the business it is a too complex method to interact with a blockchain. Let’s explore:

  • Falls from usual web experience. Users are accustomed to a combination of login and password as a way to access their apps every day. The private key, which comes with a set of rules of how to manage it, instantly discourages most people when they start learning how to use it;

There are projects that do solve some of the mentioned problems in their product, but none of them solves the whole list, because the concept of a private key is in the heart of their system. While inconvenience and inflexibility is a part of this concept, it won’t fit in a fast-changing world and will only slow down the mass adoption of the crypto industry.

The decentralization requires a self-responsibility (and it doesn’t matter is it about a funds management or a content posting). Most of the people are not ready to take this responsibility, and that is a reason why they prefer to stay or return to services with a centralized architecture. Then, for what was all this movement on a revolutionary road of decentralization? Is this inconvenience worth the fall back to the beginning?

Mordor Fortress

One of the fundamental principles of secure systems development is not to create one point of failure in them. The private key violates this principle. And today, all the existing blockchain projects are using the private keys to provide users access to their funds. Thus all of them have this vulnerability.

Even top exchanges with a professional team and the highest level of incorporated security cannot guarantee a 100% safety of user’s funds. Since the beginning of the crypto industry, hackers stole more than $ 4B in cryptocurrencies. Here are only a few examples of the biggest hacks, which took place just in recent years: Coincheck — $ 530M, Bitgrail — $195M; Nicahash — $62M.

To prevent malicious parties from access to private keys, their holders use various security approaches:

  1. Hot Wallets. Every service that claims to securely store private keys online on their servers falls in this category. In many cases, users don’t have access to them making this solution convenient. They don’t need to think about proper keys management — they just enjoy the service. Plus in most cases it’s free. But at the same time, users don’t have any control over their funds and they must trust a service that can be hacked or whose employees can perform malicious activities from their side. So this is the least secure option.

Mentioned above security approaches, implemented to secure digital assets, in most cases share much in common. With the defense strategy of Mordor — monumental bastions with the whole army around them are put in place to prevent any kind of a weapon attack — to all of these in one moment become useless when the one critical and irremovable vulnerability, the One Ring, is executed. When it is destroyed, the whole system falls. From that perspective height of Barad-dûr’s walls and towers doesn’t matter at all as any sensible adversary will never try to storm the front door.

And that is where we meet another side of the Mordor security problem: all employed guards, who must prevent the potential intruders from accessing Orodruin and destroying the One Ring, are unable to detect two little hobbits, who use the trivial number security system exploits:

  1. The thoroughly hidden vulnerability in the underlying system (cave in the mountains), patching of which is entrusted to a non-qualified low-paid employee (Shelob);

It is important to notice that most of these problems appear in any system from time to time, but with proper security architecture, they won’t cause the crash of it. All existing blockchain projects are based on the private keys and it’s a single point of failure that cannot be fixed.

Letting the boat go

The private key as a sole authentication factor to access a blockchain is more than a 10-year-old security concept, which faced a lot of troubles in its history. With all the problems that impede the adoption of the crypto industry, the private key should leave us to the digital lands of happiness. Though we will remember it for all the fun it gave to us and for the knowledge, it provided in fields of security and cryptography.

In the next article, we are going to explore the innovative security approach of the Spatium protocol in detail and why it will continue the good deeds of the private keys.

#spatium_vision

Spatium develops solutions to store and manage digital assets powered by SMPC and biometry. In our technology, the private key is replaced with the encrypted set of secrets, stored on behalf of funds owner’s devices, individuals and institutions, chosen by him. Even if some of the parties are compromised — funds will stay safe. Such an approach dramatically decreases the risk of theft and provides a previously unavailable level of flexibility and unique benefits for everyone on the market: no single point of failure, easy recovery, no need in backups, blockchain agnostic, access levels differentiation, instant crypto/crypto and crypto/fiat exchange, fully compliant solution, support of dApps and DeFi services, etc.

Spatium Blog

Keyless & genuinely decentralized solution to manage…

Spatium

Written by

Spatium

Spatium — true, decentralized, keyless crypto storage solution, bringing complex cryptographic technologies from security experts to blockchain enthusiasts.

Spatium Blog

Keyless & genuinely decentralized solution to manage digital assets.

Spatium

Written by

Spatium

Spatium — true, decentralized, keyless crypto storage solution, bringing complex cryptographic technologies from security experts to blockchain enthusiasts.

Spatium Blog

Keyless & genuinely decentralized solution to manage digital assets.

Medium is an open platform where 170 million readers come to find insightful and dynamic thinking. Here, expert and undiscovered voices alike dive into the heart of any topic and bring new ideas to the surface. Learn more

Follow the writers, publications, and topics that matter to you, and you’ll see them on your homepage and in your inbox. Explore

If you have a story to tell, knowledge to share, or a perspective to offer — welcome home. It’s easy and free to post your thinking on any topic. Write on Medium

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store