Before the internet brought us dog videos and your grandmother’s Facebook updates, losing money was a traumatic experience. Dropping $20 meant you’d probably never see it again – all you’d have left is that unmistakable sensation of feeling stupid.
At least in the fiat world, it’s become a little bit harder to lose money. Centralised institutions mean you can recover usernames and passwords in a jiffy – answering a few security questions or showing your ID to regain access. Help is even available if you burn thousands of dollars in a fire, thanks to a specialist department that pieces them back together and exchanges them for shiny new notes.
Unfortunately, this is one hurdle that the crypto industry has been struggling to overcome – and in some cases, the consequences have been eye-wateringly costly.
Ownership of cryptocurrency is determined by who holds the private keys to these assets. Because of this, they are far more important than a password could ever be. Storing these codes on the cloud can be calamitous in case you get hacked, while holding them on your phone can be devastating if the device is lost, stolen or damaged. Crypto enthusiasts have heeded advice from experts by getting clever and recording them offline – using a USB stick or even an old-fashioned piece of paper – only to forget where they put it or throw it away without realizing its significance.
Horror stories like this are well documented. Here’s looking at you, Welshman who threw away a hard drive which held 7,500 Bitcoin (worth about $47 million at today’s rates.) And let’s not forget you, anonymous Australian who fears his wife will go ballistic after a cheaply made USB stick storing thousands of Bitcoins corrupted, along with his dreams of infinite riches.
Most of the time, nothing can be done when private keys are lost. It’s perhaps no surprise then that, last year, a digital forensics firm estimated that four million Bitcoins are gone forever. But although it might be a little bit too late for those who have already lost a fortune, new technology designed to help people recover their private keys is starting to emerge (and hopefully it’ll be a little bit more effective than relying on hypnosis).
Saving private keys
Some blockchain platforms believe “zero-knowledge proofs” – a relatively new concept in the cryptographic world which emerged in the 1980s – could transform attitudes to private keys, enabling them to be recovered without compromising security.
The concept can be explained like this: being able to prove to somebody that you know something without actually revealing what you know.
One well-known example is known as “Two Balls And The Colorblind Friend.” Let’s imagine you have a green and a red ball – identical in every way apart from color – and a friend who can’t tell the difference between them. Nonetheless, you want to prove they are different colors.
Your colorblind companion would put the balls behind their back – and would reveal one of them. He would then put the balls behind his back again, bring one out and ask: “Did I switch the ball?”
Given the difference in colors, it would be easy for you to say whether or not a switch has happened, but impossible for him to tell. Repeating this process over and over would help your friend realize they are different colors, because you’d always get the answer right. Crucially, you’ll never have revealed which ball is green and which is red.
SovereignWallet uses zero-knowledge encryption to enable its users to recover their private keys by downloading the app on another smartphone should the device they normally use end up lost or broken. This is achievable because the key is encrypted with their password and PIN – and stored securely on the network’s server. As an alternative, they also have the option to retrieve private keys by relaying the mnemonic words which are generated at the time these codes are created.
The platform, which enables crypto to be transferred in a messenger-style format and aims to create a happy medium between banking-grade security and usability, believes blockchain technology could help drive down the cost of remittances, where foreign workers send money across borders back home to their loved ones.
Of course, the concern for cryptocurrency holders is that any mechanism which enables them to recover their private keys – however desirable – could put their funds at risk of being stolen by bad actors. This is why the zero-knowledge element of such measures is crucial.
Returning to the example of the colorblind friend, imagine the red and the green ball represent passwords, and you’re the only person in the world who can see their color. This would mean a fraudster who tried to conduct the same experiment to convince your colorblind friend would end up making too many mistakes during the switching experiment – and fail to convince them – because they don’t know either.
SovereignWallet also uses machine learning security in its infrastructure, technology that’s also relied upon by the likes of Palantir, the Silicon Valley tech giant founded by Peter Thiel.
Instead of solely relying on a usernames and password, the crypto wallet monitors a user’s usage patterns and kicks into action whenever there is an anomaly. Additional authentication is needed whenever a user logs in on a new device, and successfully passing these extra measures result in them being automatically logged out of the smartphones they have used in the past. SovereignWallet says it strives to be a “smart application that can think and not be deceived easily” through a range of other features, too, such as technology which stops the app being used on PC-based emulator programs instead of a real smartphone.