For the mass adoption of Web 3 and crypto technologies into everyday life, it is necessary to achieve the same ease of creation and use of crypto wallets available in Web 2. For professionals, custodial* mobile wallets with support for hardware tokens (cold wallets), such as Ledger, are suitable. In conjunction with it, Metamask can be used, for example. It is the most secure option since the keys are stored on a hardware token, but at the same time, all the conveniences of mobile and desktop applications are available. However, such a solution does not scale due to the high cost of hardware tokens. A possible free alternative for ordinary users could be non-custodial mobile wallets. But the question arises of securely storing a mnemonic phrase (password) or private key.
*A custodial wallet is an application for storing and transferring cryptocurrencies. Its operator (custodian) manages user addresses or has access to their private keys. In addition, custodian clients must undergo an identity verification procedure (KYC).
The advantage of centralized systems is the ability to reset and recover passwords. It is convenient for users, and they are accustomed to the fact that such options exist. But centralized systems carry enormous risks. Unfortunate incidents such as the collapse of the FTP exchange and the takeover of Mt. Gox emphasize the importance of storing keys outside of centralized services.
When storing a private key or mnemonic phrase in decentralized systems, there is no way to reset or recover it. A Chainalysis study found that between 17 and 23% of Bitcoin wallets were lost due to loss of access to them. In terms of BTC coins, this is approximately 2.78 – 3.79 million or 71.7 billion US dollars. And this is only in bitcoins, and how many more funds have been lost in ETH and other cryptocurrencies… So, where is the best place to store digital assets to prevent hacking of the wallet and the possibility of losing the key phrase?
Haqq project specialists have started to develop non-custodial cold crypto wallets with a restoring ability. This text is the first article in a series devoted to the problem. Let’s start by studying the fundamental technologies and mathematical methods that will help solve the task.
Shamir secret sharing scheme (Lagrange interpolation)
The Lagrange interpolation polynomial scheme, also known as Shamir’s Secret Sharing scheme is an algorithm that allows splitting a secret into multiple parts, which can then be used to recover the original secret. According to this method, the secret is split so that we can only recover it by collecting a given number of parts (k ≤ n). k or more parts are required to recover the secret. It is important to note that having k-1 or fewer parts is insufficient for recovery. Parts of the secret are shared between multiple parties, allowing them to be stored securely in different places. In the base case, the private key is split into three parts, with only two parts needed to recover it. We use polynomial interpolation to divide and recover the secret.
K points are required to interpolate a polynomial of degree k-1. For example, two points are enough to define a straight line, three points sufficiently specify a parabola, and so on. Interpolation is not possible if fewer points are known. If we want to share a secret between n people so that only k people can recover it, we “hide” it in a polynomial formula of degree k-1. This polynomial and the original secret we can only restore by k points. There is no limit to the number of unique points we can obtain from a polynomial. This algorithm is one of the basic ones in threshold cryptography.
Pros and cons of Shamir’s schemeThe advantages of the Shamir scheme include:
- Optimality. There is no redundancy because each component of the secret (part or shadow) is exactly the same size as the original secret.
- Scalability. Within the parameters of the scheme (k, n), the number of parties owning parts of the secret (n) can be expanded to a value p equal to the size of the numeric field in which the calculations are carried out. However, the number of parts (k) required to restore the secretion will remain unchanged.
- Dynamism. You can periodically change the polynomial used and recalculate the parts while keeping the secret (the free term) unchanged. This reduces the likelihood of a security breach due to leaked parts since recovering the secret requires k parts obtained using a specific version of the polynomial.
- Flexibility. In situations where the parties involved have different roles or privileges, the scheme takes this into account by allowing multiple parts to be issued to one party.
- Unreliability of the distributor. By default, the scheme assumes that whoever generates and distributes parts of the secret is reliable, which is not always true. Scheme vulnerabilities can also be considered points of collection and distribution of parts of the secret since the secret is completely collected at them.
- Lack of verification of the correctness of the parties’ shadows: the party involved in the division cannot say with certainty that its shadow is genuine – when substituted into the original polynomial, the correct equality is obtained.
This method has many versions. You can see their work on the demo page.
An advanced version of this method is VSS (Verifiable Secret Sharing). There are two variants: Feldman’s scheme and Benaloh’s scheme. Both of them are improved versions of the SSS algorithm. VSS allows group members to check whether their shared resources are shared (consistent), that is, whether they recreate the same secret. In other words, the algorithm guarantees the existence of a secret that participants can later recover, even if the distribution of secret parts was changed intentionally or accidentally.
Secure multi-party computation (MPC)
MPC is a cryptographic protocol (a set of algorithms) that allows multiple participants to perform a computation that depends on each of their secret input data so that no one participant can gain any information about anyone else’s inputs. The confidential computing protocol is closely related to the problem of secret sharing. By using it, we increase the complexity and reliability of the algorithm. A complete description of the cryptographic protocol is extensive. For now, we need to know that the participants in the MPC calculations do not share their input data with each other.
In our problem (restoring access to a cold crypto wallet), the MPC algorithm allows us to create a secure key management system without the disadvantages of a secret sharing scheme. That means several parties, for example, the server and the mobile application, calculate the values of cryptographic functions (transaction signature, key generation, etc.).
The critical fact is the private key in MPC is never generated or recovered. Instead, specialized MPC functions, such as signatures, are used. This main difference between MPC and classical algorithms eliminates the theft of a private key that does not exist in the first place.
The MPC was successfully implemented in cryptocurrency by two well-known companies: Fireblocks and ZenGo.
Smart contract crypto wallets
Smart Contract Crypto wallets are a curious set of solutions where crypto is actually stored in smart contracts managed by a user or group of users. The method allows us to implement multifactor input, recovery, and all the other features of similar solutions. The problem is the money is stored in smart contracts (not in wallets) and, in fact, is not yours (the private key is not yours, so the money is). It means such solutions are subject to many checks for user trust. But if we exclude errors in the smart contract code (malicious or accidental) and the problem with gas, then such wallets are safer and more flexible than classic ones since they have a higher level of protection. They also often switch to Layer 2 to control the cost of gas and for greater flexibility in solutions, including the implementation of AA – an account abstraction.
In the next article, we will tell more about crypto-social wallets or crypto wallets with a social recovery function. For now, we suggest you get acquainted with the basic concepts of this topic.
Argent is a smart contract-based wallet without a mnemonic recovery phrase. Money is stored on a smart contract, and the user can only manage it. The private key is kept on the phone in encrypted form. To recover it, one should divide the key into “guardians” and “distribution” parts, including hardware wallets, and transfer parts/rights to other users. There is an Oracle server for recovery.
Athereum are the most confused guys who have passed many tests (from Cure53, from Quantstamp, from g0 Group). They tried to work on Layer 2, but apparently, they couldn’t and stopped the project. You could say they were victims of gas fees.
Safe Ecosystem Gnosis uses multi-signature security, focusing primarily on security and access fragmentation. On the Gnosis, one can build entire communities. We suggest studying this project for those who do not yet know it.
Video review of the cold storage of mnemonic phrases for crypto wallets
Cold storage of mnemonic phrases is an excellent way to back up your password for further restoring access to your wallet if it is lost or stolen. The video shows how a cold wallet for storing mnemonic phrases works.
Cold storage contains:
- A complete set of words in BIP39 English wordlist format
- A coin with a top and a bottom screw rings
- Two tools for unscrewing rings and placing words
The coin for storing the mnemonic phrase is initially assembled. To place the words inside the coin, both rings must be unscrewed. The plate set contains a complete BIP39 English vocabulary. To extract the words from the plates, use a special tool provided.
To fit the word into the slot of the coin, use the special notch in the slot. Use the supplied tool to align the word in the notch and move it to the ring slot. It is extremely important to preserve the existing word order of the mnemonic phrase! Word order is the key to restoring access to the wallet!
This wallet is suitable not only for storing mnemonic phrases of the BTC wallet. It can also be used to save phrases of wallets created in the HAQQ blockchain. Very soon this wallet will be available for purchase by the members of the HCC and IslamicCoin communities. You will be able to pay part of the cost with HCC tokens and this is another great incentive to purchase the digital currency of the Halal Crypto Community.
For members of the HCC and Islamic Coin community, we offer this unique cold titanium crypto wallet on exclusive sale terms! The retail price is $350, and the price for holders of Islamic Coin and HCC is $320 dollars! $20 of this sum you can pay using Islamic Coin or HCC tokens at a cost of $0.5 cents per coin!
To place an order and become one of the first owners of the wallet, fill out this Google form – https://forms.gle/YtCVVHRq1vfC4HB89