Wallets are a core web3 infrastructure piece that allow transactions to take place and determine the ownership of digital assets. A cryptocurrency wallet interacts with the blockchain of the asset that it is securing and manages a user’s public and private keys. These keys serve as a means of communication between wallets, and also as stamps of ownership which prove which digital assets belong to whom. So, the term ‘wallet’ is actually somewhat of a misnomer as crypto wallets don’t really store cryptocurrency in the same way physical wallets hold cash. Instead, A crypto wallet grants access to the assets secured by the wallet available on the respective blockchain.
Demystifying wallet keys
Whenever you create a blockchain wallet, you are provided a private key and a public key that is associated with your wallet. But what’s the difference? Let’s illustrate this with an example of email. You must provide someone with your email address if you wish to receive emails from them. However, sharing your email address does not grant anyone the right to send emails from your account. To achieve it, someone would need to know your email account’s password. Similar steps are used by blockchain wallets, which pair a public key and a private key. Like your email address, anyone can have access to a public key. However, the private key has to be kept a secret as it grants complete control to whatever assets are secured within the wallet. Passwords in the case of emails can be custom set and even memorized by the user although the same is not possible in the case of private keys.
Private keys can ultimately be displayed in a wide variety of ways. In its bare form, a private key is extremely difficult to write, copy and communicate, making it prone to mistakes. Originally, the most typical format to represent a private key is a lengthy string of arbitrary numbers and characters, which often creates errors while typing, or otherwise communicating it. Because of this, a more effective method of displaying them—in the form of a seed phrase—was gradually established. A seed phrase is commonly referred to as a secret phrase, seed recovery phrase, backup seed phrase, mnemonic seed or a mnemonic phrase. The idea of having a simpler method of communicating the seed phrase was introduced with BIP 39. If you’ve ever used a wallet, you’ve probably been asked to jot down 12–24 odd words such as these:
“absent wrestle absorb dinner abstract zoo absurd below wreck upgrade uphold upon”
The above-mentioned words are part of a BIP39 standard phrase that are used by a user to secure the private keys of the wallet. These 12 or 24 words are what you get when you translate from binary (the language computers use, consisting of 1’s and 0’s) into the language that you can understand and recognize. BIP39 is a standardized set of words which comprises 2048 carefully chosen phrases which are designed to achieve high levels of entropy. In simpler words, it offers an incredibly high level of protection against being guessed. As per the BIP39 wordlist, a string of 12 words has 128 bits of security while a 24 word BIP seed phrase has 256 bits of security. In its most general sense, bit security represents the order of magnitude of the amount of resources needed to break its security. For example, in the case of a 24-word BIP39 seed phrase, an adversary trying to decrypt it will need to do roughly 2²⁵⁶ computation (operations) in order to recover the seed phrase.
If you are curious as to how difficult it is to hack your BIP39 seed phrase, here is an interesting illustration - If your PC can try 240 keys per day, it would take you about 847,904,136,496,835,804,725,427 (848 sextillion) years in the worst case, to get the said seed phrase. We expect the sun to run out of hydrogen and collapse into a white dwarf in only about 5 billion years. Additionally, for someone to successfully guess your recovery phrase, they would need to not only be required to guess all the words but they would also need to put them in the right order.
Current issues with Seed Phrases
As explained above, seed phrases are exceptionally difficult to brute force, but if acquired, grant you complete control over the assets associated with the wallet. Therefore, securely managing seed phrases becomes of prime importance. Even though users are knowledgeable about the need to securely store seed phrases, crypto loss due to seed phrases is surprisingly common. According to the cryptocurrency data firm Chainalysis, of the existing 18.5 million Bitcoin, around 20 percent — currently worth around $89 billion — appear to be in lost or otherwise stranded wallets. This astounding number demonstrates how challenging it is for both novice and experienced cryptocurrency users to secure their funds. If crypto is to become mainstream, seed phrase management should be much simpler. At present, users usually write down their seed phrases in pieces of paper, or on a metal sheet which can be privy to loss, theft and damage. Moreover, they may end up spelling their seed phrases incorrectly or get the order of their words wrong. Afterall, “to err is human”. For the most part, storing seed phrases or creating a backup is a tricky task. While it is almost impossible to know the number of seedphrases generated till date. But top three private wallets that are Blockchain.com, Ledger and Metamask combined have generated 120M+ wallets since their inception. That is 120M+ seedphrases hidden in user’s cupboards, almirahs, bank lockers, hard drives and cloud computers waiting to be stolen or lost.
Types of wallet backup methods
Storing seed phrases on a piece of paper is the most common method that people resort to. But since paper is not very durable, it’s not the most reliable method of storing important information. It gets wet, torn and burned pretty easily with a risk of erosion due to environmental factors. There is also a greater risk of someone else discovering it and thus getting control of the funds associated with the wallet. Most commonly, paper has the tendency to get misplaced or lost, as was the case for Stefan Thomas, a programmer in San Francisco, who used an IronKey encrypted flash drive to store 7,002 BTC. The password to the flash drive was stored on a piece of paper, which he unfortunately lost.
Local drive / USB
Other methods commonly used to store seed phrases include the notepad application on the computer or saved as images on computers, mobile phones, tablets or USB drives. A hack or a malware attack carried out via one’s connection can easily target one’s device and gain access to the stored seed phrase. To illustrate the dangers of using this method, take the popular case of James Howells a man from UK, who accidentally threw away his laptop while he was cleaning his house. The only problem was that its hard drive stored the private keys of his 7,500 BTC which together would have been worth hundreds of millions today.
With a rampant increase in phishing attacks and privacy leaks, a seed phrase is not safe on Password managers and file-sharing services like Dropbox, MegaBox, OneDrive, Google Drive, iCloud etc either as they open you to third party risks. Such service providers are vulnerable to attacks and one small mistake from the service provider’s end could cost you all your funds. This was most recently seen in a recent incident, where a web-based cryptocurrency wallet, Slope was compromised with more than 8000 user wallets being drained of their cryptocurrency worth around $8 million. According to security company Otter, the hack was due to Slope sending user’s seed phrases in plaintext to a centralized server exposing it to a big security risk.
Some people prefer to store their seed phrases in their memory by using a method commonly called the chain story method. While memorization is a powerful security tool, it introduces a single point of failure: YOU. If you can’t remember even one word, or if you mess up the order of the words in your seed phrase, you will lose access to your funds. This isn’t the same as a password that can be reset upon request. Realistically speaking, you probably wouldn’t want to rely on your memory to back up your life savings. Our human brain’s ability to store information is limited, and we naturally tend to forget things. Humans are also susceptible to memory loss due to chronic health conditions. In an unfortunate situation of getting injured in a way that affects your memory, your funds will be lost with no recourse to recover them.
Seedless wallets: The way forward
At present, the current wallet infrastructure requires the generation of private and public keys, and with it the need to create a seed phrase. If crypto adoption is to become more widespread, friction in the management of seed phrases must become simpler. Therefore, seedless wallets are the way forward for the future of crypto security.
A seedless wallet uses a concept which can be termed as access distribution. It implies that while the assets would still be on the blockchain, there would be a threshold number of access points with respect to the associated private key needed to get to them. Consider this scenario - you have a lock whose key has been sharded into five components, and to unlock, you will require any two out of the five components together. What is important here is that no one component will be able to give you clues of how to create another component that could be used to unlock the lock.
Using this analogy for crypto wallets, the private key will need to be sharded into n components where a threshold of x/n components is required to recreate the private key, while maintaining the fact that no one component can rederive the entire private key. For utmost security, each component should be able to be stored in geographically separate locations, thereby completely eliminating any single point of failure.
Cypherock X1: The world’s first seedless hardware wallet
Cypherock X1 is the world’s first hardware wallet that does not require you to create a seed phrase backup.
Upon the initialization of the Cypherock X1 wallet, the private key is generated and then is split into 5 components. Cypherock uses an algorithm called Shamir Secret Sharing to split the private key which ensures that no one component can rederive the entire private key, and also enforce a threshold of ⅖ components required to access the private key.
Cypherock X1 uses Cryptographic threshold scheme to split the private keys into 1 Cypherock X1 wallet and 4 X1 Cards, such that user needs only the wallet and any 1 of the X1 Cards to make a transaction. Even if you lose any 3 out of these 5 components, your funds are still safe.
Here is a video on
How to create a wallet with a Cypherock X1
Considering that the private key has been decentralized, users never need to think about writing down their seed phrase on a piece of paper, or on a metal backup - making Cypherock the world’s first decentralized seedless wallet. Furthermore, users have the ability to geographically distribute each of their private key components, so as to not worry about having any single point of failure like in the case of the seed phrase.
Security is a major concern in web3, and Cypherock believes in building web3 infrastructure with security as its main pillar. If crypto adoption at scale is to become a reality, users must feel safe in experimenting with digital assets. With wallets being the first step to any crypto user’s journey, creating the best form of security around asset custody is of prime importance. If you’re interested in how Cypherock is building the world’s safest hardware wallet, head over to the wallet specifications page to learn more about Cypherock X1 and its capabilities.