Zulu Republic 101: Trustlessness and Private Key Management
This is the fifth installment in a series of posts explaining the fundamental concepts and objectives behind Zulu Republic’s products and services. Read other articles in the series here.
One concept you’ll find mentioned repeatedly in discussions about Bitcoin and blockchain technology is the idea of trustlessness (or trust-minimization). But what does the term trustless actually mean? And isn’t trust usually considered a good thing?
Trustlessness and Trust Minimization
The idea of trustlessness, or trust-minimization in general, has largely been championed by cryptocurrency pioneer Nick Szabo, whose ideas helped shape the development of Bitcoin. Trust-minimization is when we remove the need to place our trust in strangers to act in moral or ethical ways. As Szabo describes it, this is actually the fundamental idea behind security.
Consider one of the oldest and simplest applications of security: locks. If you didn’t have locks on the door to your home, for example, you’d have to trust people not to come in and steal your stuff. By putting locks on your doors, you remove or minimize (thieves can always find other ways of breaking in) the need to trust people, and you also have the option of extending trust to specific people by giving them a key.
Trustless Currency
Bitcoin essentially took the idea of trust-minimization and applied it to money. The current financial system requires you to place trust in other people and institutions for your money to be valid (governments), for it to resist inflation (monetary authorities), and for you to be able to access it (banks). Indeed, the entire financial system is based on trusted third parties and intermediaries.
In this system, trust is minimized by safeguards like governmental insurance on deposits (i.e. the FDIC in the United States), which give banking customers the confidence that their money will be available when they choose to withdraw it. However, you only have to look at the multitude of failed governments, failed economies, and hyper-inflated currencies throughout history to see why even more trust-minimization is necessary.
Bitcoin’s decentralized nature and lack of intermediaries removes the need to place trust in any single actor within the system for it to function (apart from the highly-improbable 51% attack scenario). But Bitcoin doesn’t completely eliminate the need for trust, it decentralizes it, and points of trust still exist, such as developers, market makers, and operators of exchanges and wallets.
Trustless Wallets
When it comes to cryptocurrency wallets, trust comes into the equation when you consider how your private keys are managed. Since your wallet’s private key is how you sign a transaction and make it valid, it makes sense that you’d want it to be as trust-minimized as possible. You wouldn’t give a stranger a key to your door, so why would you want them to be able to access the key to your wallet?
While the highest level of trust-minimization may come from managing your private keys by yourself, for example with a paper wallet, this comes with a number of tradeoffs. Your private keys are only as secure as how you store them. If they’re printed on paper they’re vulnerable to theft, fire, water damage, etc. If they’re saved on your computer or mobile device or in the cloud, they’re vulnerable to hackers, malware, and thieves. Managing your own private keys is also inconvenient when it comes to making and signing transactions.
Many popular cryptocurrency wallet operators will take over key management for you, which means they’ll store you keys either in cold (offline) form or on their servers. Of course, in this case, you have to trust the wallet operator to store your keys securely and to not be able to access your funds, and many times they don’t even give you direct access to your own keys. Of course, if you don’t own your own private keys, you don’t really own your cryptocurrency.
Hardware wallets are a secure option, but they’re not very convenient for regular use, and even they are sometimes capable of being hacked.
Zulu Republic’s Trustless Infrastructure
At Zulu Republic, a main component of our mission is the development of trustless blockchain infrastructure, which includes both our wallet and digital identity products.
With all of the wallets we offer, including the Zulu Wallet and Lite.IM, we use advanced encryption to protect your keys from any third party, including us. Your keys are encrypted with your password, which we will also never store or ask for. This means that you are the only one who will ever have access to your funds (as long as you don’t share your private key or password with anyone else, of course).
With both Zulu and Lite.IM wallets, you own your own keys, and can export them at any time. Since we don’t have access to your password, and your private keys are only stored in encrypted form, your funds are safe even if our servers are hacked. You don’t have to trust us, or anyone else, when it comes to accessing your wallet.
Of course, trustlessness comes with some extra responsibility on your part. Since we don’t have access to your private key or password, if you lose them that means you will lose your funds. For this reason, it’s important that you back up your private key in a secure form in case you forget your password, otherwise you won’t be able to access your wallet.
We believe this trustless method of key management provides the ultimate balance of security and convenience, and moving forward, we aim to build all of our solutions with the highest possible level of trust-minimization.
You can read more about trust minimization and watch our interview on the subject with Nick Szabo here.
To learn more about Zulu Republic and create your free account, visit our site. For regular updates on what we’re building, follow us on Twitter.
To try out Lite.IM, our full-featured BTC, ZTX, LTC, and ETH wallet for social media and messaging apps, just send any message on the platform of your choice: Facebook Messenger, Telegram, or SMS (US/CAN only: 760–548–3460).
