Mnemonic phrase free — Finding Mass Adoption Wallet Solutions
Intro
To maximize the penetration of Web 3 and cryptotechnologies into everyday life, it is necessary to achieve the same simplicity and convenience in registering and working with wallets obtainable within the web 2 sector. The solution for professionals may not be custodial mobile hot wallets with support for hardware tokens (cold wallets), for example, such as Ledger (a common bundle may be Metamask + Ledger, for example). This bundle is as secure as possible since the key does not leave the hardware token, but at the same time there are all the amenities of mobile or desktop applications, but this solution cannot be scalable due to the cost of hardware tokens. A free alternative (for users) may be non-custodial mobile wallets, but here comes the question of safe storage of a mnemonic phrase or a private key.
Centralized systems have the advantage of password reset, and people are used to reset and recover passwords. But centralized systems carry a huge risk. Annoying incidents, such as the collapse of the FTP exchange and the takeover of Mt. Gox, emphasize the importance of not trusting your keys to centralized services.
In the case of a private key or a mnemonic phrase, there is no way to reset it. The chain analysis believe that between 17 and 23% of the Bitcoin that have been minded today have been lost. In terms of actual BTC, these figures represent between 2.78 and 3.79 million or 71.7 billion USD. Such a huge amount and only in bitcoins, what other amount is lost access to on Eth and other networks…
The task that we decided to set for ourselves is the development of a non-custodial wallet, with the possibility of restoration. A series of articles will be devoted to solving this task.
So, where should you store your digital assets securely, free from hacking risks and the potential for forgetting your key phrase?
Basic technologies
Let's start by delving into the foundational technologies that can address the given task at hand. Firstly, it is imperative to embark on an exploration of the mathematical framework that underlies solutions.
Shamir’s secret sharing (SSS) (Lagrange Interpolation Polynomial Scheme)
The Lagrange interpolation polynomial scheme, also known as Shamir’s secret separation scheme or Shamir’s scheme, offers a systematic method of dividing a secret into multiple parts such that the secret can only be restored by collecting a specified number of parts (k ≤ n), with k or more being required. Importantly, possessing k-1 or fewer parts is insufficient for secret restoration. These individual parts can be distributed among various parties, allowing for secure storage in different locations, for instance. As a basic approach, the key can be divided into three parts, with only two parts necessary for key restoration. The underlying algorithm for splitting and restoring the secret operates through polynomial interpolation.
Original image — Vlsergey from Wikipedia
To ensure that the secret can only be restored by possessing a specific number of parts (k ≤ n), we employ a method whereby the secret is concealed within a polynomial formula of degree k — 1. Both the polynomial and the original secret can only be reconstructed when provided with k distinct points. Notably, there is no limit to the number of unique points that can be derived from the polynomial.
This algorithm is one of the basic ones in threshold cryptography.
Features
The advantages of this secret separation scheme include:
- Optimality: There is no redundancy present as each of the secret dependencies is precisely the same size as the original secret.
- Scalability: Within the scheme’s parameters (k, n), the number of owners possessing parts of the secret (n) can be expanded to an additional value § equal to the size of the calculation field. However, the required number of parts (k) needed to reconstruct the secret remains unchanged.
- Dynamism: Is possible to periodically modify the employed polynomial and recalculate the parts while keeping the secret (free term) unaltered. This enhances security by reducing the likelihood of compromising the protection through leaked parts since the secret requires k parts obtained using a specific version of the polynomial.
- Flexibility: In situations where the involved parties possess differing roles or privileges, the scheme accommodates this by allowing multiple parts to be issued to a single party simultaneously.
Disadvantages:
- Unreliability of distribution: by default, the scheme assumes that the one who generates and distributes parts is reliable, which is not always true. The same is true for vulnerabilities, the main point of compromise is the point of collecting and distributing parts of the secret, since at this moment it is complete.
- There is no verification of the correctness of the shadows of the sides: the party participating in the separation cannot say with certainty that its shadow is genuine — when substituting into the original polynomial, the correct equality is obtained.
The algorithm has many implementations, if it is interesting to study it, you can use Web Demo
The algorithm has a continuation of the development of VSS — Verifiable secret sharing. There are two different schemes of this algorithm — the Feldman Scheme, and the Benalo Scheme. Both of these schemes are developments on the SSS algorithm. VSS allows group members to verify that their shares are joint (consistent), that is, recreating the same secret. In other words, this scheme guarantees the existence of a secret that participants can later restore, even if the distribution has been changed — intentionally or not.
MPC
MPC — secure multi-party computation — this is a cryptographic protocol (a set of algorithms) that allows the parties to jointly calculate (receive values) these functions without disclosing their input data from each of the participants to anyone. The task of confidential computing is closely related to the task of secret sharing, so we can say we are increasing the complexity step by step.
The material description of these streams is quite extensive and is not required for a general understanding, it is only important to understand that in MPC, participants calculating any values do not share their secrets with each other.
Especially for cryptocurrency wallets, MPC allows you to create a secure key management system without a single point of compromise, as in the case of secret sharing. MPC allows several parties, for example, a server and a mobile application, to calculate the values of cryptographic functions (transaction signing, key generation, etc.).
Critically important — is the fact that in MPC, a private key is never generated or restored. Instead, specialized MPC functions, such as signatures, take center stage. This key feature distinguishes MPC from classic algorithms, making it impossible to steal a private key that does not exist in the first place.
To exemplify the practical implementation of MPC in the cryptocurrency space, we can look at the successful application of this protocol by two notable companies: Fireblocks and ZenGo.
Links
- Git ZenGo
- Library with a good example
- Introducing Multi-Party ECDSA
- Audit
- Wallet Example
- MPC Signal
- Github
- TSS Start
- TSS
- IngBank
- List of implementations TSS
- DKG TORUS
Smart Contract Wallets (CSM)
A very interesting set of solutions where the crypt is actually stored on smart contracts and a user or a group of users manages this smart contract. Such a solution allows you to implement multi-factor input, recovery, and all the other chips of such solutions. The issue consists in the fact that the money is not stored on wallets, but on smart contracts and in fact — not yours. (not your private key — not your money). Because of this, such solutions have to undergo many audits for user trust. But if we exclude errors in the smart contract code (malicious or accidental) and the gas problem, then such wallets are safer and more flexible than classic wallets. Since they can flexibly increase the security level.
And they also often move to Layer 2, to control the cost of gas and for greater flexibility of solutions, including for the implementation of AA — account abstraction.
I will tell you more about the Social recovery crypto wallet in the next article, but for now, a basic overview of what is worth getting acquainted with.
Argent — a wallet based on a smart contract without a recovery phrase. In fact, the money is stored on a smart contract, and the user only has access to management. The private key is stored encrypted on the phone. The possibility of recovery through splitting the key into “Guardians” and distribution — including hardware wallets and the transfer of parts/rights to other users. There is also its own Oracle for the possibility of restoration. (additional info)
Authereum — the most confused guys have passed many audits (by Cure53, by Quantstamp, by g0 Group). They try to work on Layer 2, but it seems they could not and stopped the project. We can say that they are victims of the gas fee.
Safe Ecosystem Gnosis — multisig security is primarily focused on security and access fragmentation. Also, on the basis of Gnosis, you can build whole communities, a very interesting project who does not know about it, I recommend studying it.
Written by VorobevSA