One of the biggest hurdle in crypto reaching to mass audience is the importance of private key management and how the loss of private key can lead you to losing your crypto wealth.
Private Key Management
Why is private key management tough?
Cyber security is mentally taxing. Though physical security is also mentally taxing, that’s why we have locks, frisking, etc , but we have learned to accept them and they are part of our day to day lives.
- Fingerprint based office entry solutions
- Frisking by guards before entering
- Security guards in apartments
We are just not used to threat in cyber realm and don’t want the pain to secure it. This is at odds with the current practice of increasing amount of value and wealth in cyber domain. Most of us spend large number of waking hours in the cyber space - working on laptops, talking on mobile, chatting, etc. Large part of our wealth currently is secured in banks/funds which we interact digitally using websites/apps. With the increasing adoption of crypto, we will now also be responsible for securing our wealth. Hence, learning about cyber security is fundamental for the times to come.
Also, as engineers and product designers we should strive to make this shift in need for cyber-security frictionless, so that more and more people can transition to this new paradigm.
Some projects which are working in the same space:
- Gnosis Safe
- WalletConnect - It’s an open-source project that enables desktop Dapps to interact with mobile Wallets.
- Shamir's Secret - Sharded private keys with friends which enables authentication only when n-out of-m keys are available
- Project at ETHBerlin - Using private key enabled Govt ID (Estonia Govt ID) for login?
- Proposal by Alex van de Sande - Login with ENS subdomains - Code
- Tenzorum - Key Management protocol for decentralised web
Identity/Biometric based mechanisms
What are the issues with tying private keys with Identity?
- Based on Identity contracts
- Biometric based using fuzzy extractor - Biometric based methods though suffer from privacy issues (biometrics can be extracted from public sources) and also are more amenable to rubber hose attack (using coercion to obtain biometrics)
- Using Iris scan to generate private key
- MyCrypto - Web and Desktop based wallet App
- Edge - Android/iOS based wallet
- Parity Signer - Still unreleased (Sept 11, 2018). App last updated on July 2017 |
Github Repo - In active development
- Paper wallets
- Crypto Steel
- Trezor/Ledger Nano
- Ethercards - Physical Ether gift cards
Can U2F keys be used as crypto private key hardware wallets? What are the security issues involved?
- Represents learning from different teams on UX adoption
- Summary - Keep it simple. Relevant. Give value before asking for email etc.
- Very similar to Internet in 1990s (only 2.7 mn people on Internet)
- Current dApp designs primarily for dev/geeks. Scares away normal people
- Users can't be expected to secure private keys/ mnemonic phases when they are going on with their lives. All these complexities need to be abstracted aways
- Design for experience and emotion - important if crypto is to get mass adoption