Private Keys – Curse or Blessing? Why private keys are the greatest problem of the blockchain
by Christopher Zapf (Managing Director at Tangany GmbH)
Introduction: What are Private Keys?
Blockchains use various encryption algorithms. A crucial part of the encryption is a so-called private key, which amongst other things is used to authenticate a specific user on a blockchain. Thus it is easier and more secure to validate a transaction. A private key is a long, random string of letters and numbers. This string can be more than 80 characters long, which means that the number of different private keys is higher than the number of atoms in the universe. Whoever wants to test this for himself can visit the following website and try to come up with a private key that already has been used by somebody: https://keys.lol/ethereum/2.
Private keys give us power
Whoever owns a private key is also the owner of the assets the respective key protects. For instance, my Bitcoin private key allows me to send Bitcoins from my wallet. Similarly, my Ethereum private key enables me to use Smart Contracts or dApps. This means that additional to my Ether, I can also control assets such as Cryptokitties. In the more traditional systems, power lies solely with a company or another centralized entity, which acts as a depository and thereby earns a fee. Hence with a private key, one can retain all power while other entities become irrelevant.
Is such a concept even desirable? Uncle Ben in Spiderman already knew that “with great power comes great responsibility”.
Data carrier: Availability vs. security
Where I save my private key is a fundamental question.
Should I use a hardware wallet such as Ledger or Treyor? They offer the highest degree of security for private keys. The private key can’t leave these modified USB sticks and the stick is simultaneously protected by a password. Without the password, nobody can use the private key. This sounds pretty good already but what are the counter arguments?
To answer this question, we must first think about the following: What happens if I lose my hardware wallet or if it breaks? A recovery function allows me to import my private key into a different wallet but this also means that my hardware wallet is only as secure as my recovery information.
Hardware wallets focus on providing a high degree of security. This goes hand in hand with a loss in comfort and functionality. A hardware wallet is normally not portable and has to be kept at home or stored in a safety deposit box. Therefore, hardware wallets do not promote mass use of blockchain applications because decentralized applications rely on the immediate availability of the private keys since users want to interact with the application at any time and any place (desktop/mobile). This is rather difficult with hardware wallets.
Risk: Responsibility of the users
What is the alternative to hardware wallet? A user can, for example, use a so-called hot wallet. Hot wallet stores a private key directly within the applications or provides a private key to the third party apps. Cryptokitties, for example, is an app where users can directly transfer their private keys. MetaMask – a Google Chrome plugin – offers the possibility to transfer private keys from MetaMask into an app. The same principle also applies to the Coinbase wallet (formerly called Toshi wallet).
No matter what the solution is, the risk is always created by the user. If he loses his private key, all assets and cryptocurrencies are lost forever. Not even an app developer can recover the data and return it back to the owner.
In my view, this is a key challenge for the user. Especially for those people who are new to the crypto world and are frequently comparing private keys to passwords. This may not be completely wrong but it’s not 100% right either. Users are accustomed to the idea that secret passwords can be restored, changed, and remembered. Private keys do not offer these features and therefore create a lot of complexities. Reversing these risks creates severe challenges which users are not willing to meet.
The past has shown that a dApp will only be successful if a lot of people are willing to overcome these challenges. Cryptokitties was very successful during the last big hype about cryptocurrencies because the target audience was convinced that they could make money with the game. Ultimately, users need a lot of passion to tackle the subject blockchain. This significantly reduces the target audience of the applications and makes them less competitive. I believe that different uses of applications require different solutions. Hence, I recommend hardware wallets to everybody who wants to save a high amount of assets without losing control. But what solutions exist for applications, which require a high availability of private keys?
Our company Tangany has developed a product for exactly this purpose. We save private keys in the cloud and simultaneously guarantee high security and availability. Using an API, the app developer can access user wallets and execute transactions. Blockchain is a database, which should run in the background of an application. Our product restores this kind of application that users expect. Neither the user nor the company behind the product needs any sort of expertise, which makes blockchain solutions as easy as creating a website online.
Article photo cover: copyright https://www.pexels.com/