Cryptocurrency Key Backup and Recovery Services: What options are available to investors and enthusiasts?
By: Roger A. Hallman
1 Introduction
The cryptocurrency ecosystem relies on trust and security [16], and key management is a perennial challenge for investors and enthusiasts alike. Key mismanagement exposes private cryptocurrency keys to potential attacks and unauthorized access, which poses a sever threat to billions of dollars’ worth of digital assets [6]. Compromised keys leads to stolen cryptocurrency often [1], and it is estimated that around 20% of existing Bitcoin are unrecoverable due to lost keys [17]. These losses have significant financial implications, and erode trust in the cryptocurrency economy [8, 10].
This blog article covers cryptocurrency key backup and recovery (KBR) options available to cryptocurrency users. There is a maxim among cryptocurrency enthusiasts, “not your keys, not your crypto.” It has traditionally been the user’s responsibility to protect their keys and other artifacts (e.g., wallet seed phrases) which could expose them to theft or loss. KBR products and services can offer investors peace of mind, in that they have an option to protect their keys beyond their own rudimentary efforts. There are KBR solutions available at various price points and levels of effort on the user’s part.
The remainder of this article is organized as follows: Section 2 gives the reader sufficient background on cryptocurrency keys, as well as a survey of KBR solutions. In Section 3, we will discuss CAT Labs’ work on a KBR service which has the potential to bring a level of assurance that was previously only available to elite investors to the broader marketplace. Concluding remarks will be given in Section 4.
2 Key Backup and Recovery: Background knowledge and a survey of current market solutions
A private key is a secret code that allows a user to access and control their cryptocurrency [11]. It is usually generated by a cryptocurrency wallet and is meant to be kept secret. A user’s private key is used to sign transactions, and it must be kept secure as anyone who has access to it can move or spend the associated cryptocurrency. On the other hand, a public key is a code that is derived from the private key and is used to receive cryptocurrency transactions. It is intended to be shared publicly, as it is used to generate the user’s cryptocurrency wallet address. The wallet address is a string of characters that identifies the user’s wallet on the blockchain network, allowing other users to send cryptocurrency to that wallet.
A cryptocurrency wallet address is a public key that is generated from the user’s private key [12]. When someone wants to send cryptocurrency to a user’s wallet, they use the wallet address, which is a hash of the user’s public key. The sender’s cryptocurrency is then transferred to that address on the blockchain network, and the user can access it using their private key.
Maintaining and securing a user’s keys is essential to holding and controlling crypto assets. Recounting the maxim above, whoever has access to a cryptocurrency account’s private keys has access to that cryptocurrency asset. Whether a private commercial holder, an institutional investor, or a government/law enforcement agency, the ability to securely store and recover private keys is critical.
There are a number of existing solutions to store and protect cryptocurrency keys [16], including:
Paper wallet: A paper wallet is a printed copy of your public and private keys. This is considered to be one of the safest options for storing your cryptocurrency keys. However, it’s important to keep the paper wallet in a secure location as anyone with access to the paper can potentially steal your funds. Furthermore, paper wallets are static and cannot be used to sign transactions.
Hardware wallet: A hardware wallet is a physical device that stores your cryptocurrency keys offline. Hardware wallets are generally considered to be one of the safest options for storing cryptocurrency keys, as they are not connected to the internet and therefore are less vulnerable to hacking.
Software wallet: A software wallet is a program that you can install on your computer or mobile device. Software wallets can be either hot wallets (connected to the internet) or cold wallets (offline). Cold wallets are generally considered to be safer than hot wallets.
Multisignature wallet: A multisignature wallet [2, 7] requires multiple parties to sign off on a transaction before it can be completed. This adds an extra layer of security as it prevents any single party from having complete control over the funds. Nevertheless, there are cases where private keys have been stolen during a brief window of vulnerability once the requisite parties have signed off on a transaction [4].
Key splitting: Key splitting involves breaking up your private key into multiple pieces [15] and storing them in different locations. This makes it more difficult for anyone to steal your funds as they would need to access all of the different locations where the key fragments are stored. This includes wallets which use Multi-Party Computation (MPC) schemes [5]. However, there are known key extraction schemes that can be leveraged against MPC wallets with as little as a single signature [14].
Cryptocurrency insurance: While not a key storage solution, some companies offer insurance policies that cover the loss of cryptocurrency due to theft or other events [13]. This can provide additional peace of mind for cryptocurrency holders. However, it is worth noting that companies offering these policies may require policy holders to utilize a KBR service.
Whether you are a retail crypto enthusiast or an elite cryptocurrency investor, there are practices and KBR services available to you. First and foremost, investors should write down their wallet’s mnemonic seed phrase, which can be thought of as a private master key that gives access to all the associated private and public cryptocurrency keys within that wallet. Specifically, investors are given instructions to write their seed phrase down in an analog, rather than digital, medium such as a piece of paper which is stored in a safe. The advice to avoid using digital mediums comes from the fact files on a computer may be exfiltrated by hackers. Nevertheless, users may act against this advice and store a picture of their seed phrase on their phone, or they may record seed phrases in a cloud-based document. Users doing this should at least password protect these files, though many fail to implement even this most rudimentary security practice.
At higher price points, the current commercially available KBR solutions available to more elite investors include solutions based on storing private keys in securely held physical storage. Examples include storing private keys on air-gapped computer hardware that are stored in Cold War-era bunkers in the Swiss Alps; sharding private keys via a secret sharing protocol and storing those shards in air-gapped computer hardware in separate secure locations. Maintaining secure physical storage facilities is unnecessarily expensive, and recovery processes can take as long as 48 hours. However, at least one prominent hardware wallet has partnered with a KBR service to make sharding-based KBR services more accessible to cryptocurrency investors. Moreover, many services which utilize threshold signature or key splitting schemes may be vulnerable to key composition or extraction attacks, where keys are exposed after recomposition or decryption.
3 How CAT Labs is Charting a Course to the Future of Key Backup and Recovery Services
CAT Labs recently received a Small Business Innovation Research grant from the National Science Foundation to develop a KBR capability, which we believe will provide the level of security that only elite institutional investors could afford at a much lower price point. Specifically, we are utilizing recent developments in cryptography, including quantum-resistant lattice cryptography, to protect private keys. Our method will obviate the need for physically secure storage facilities and allow KBR services to utilize a broader range of infrastructure, possibly including commercial cloud service providers.
We are using Threshold Fully Homomorphic Encryption (FHE) [3], along with other protocols, to securely store, shard, and distribute cryptocurrency keys among multiple data centers or cloud providers, with a reconstruction and recovery process that will seem almost instantaneous compared to KBR solutions available in today’s marketplace. Our use of FHE may be curious at first blush, but it allows us to shard, distribute, and reconstruct private keys with high confidence. Beyond basic KBR, there is exciting research on homomorphically encrypted elliptic curve digital signature algorithms [18]—including threshold signatures [9]—which will reduce the risk that private keys could be exposed as users sign transactions.
4 Conclusion
Security and trust are important for continued cryptocurrency adoption. Key mismanagement is a root cause for many instances of stolen funds and unrecoverable assets. Key backup and recovery services offer a bulwark against losses due to key mismanagement by recording and storing private keys that will allow investors to recover their wallets in the event of a catastrophic loss (for instance, a smart phone with a wallet getting dropped into water).
In this article, we discussed the marketplace for cryptocurrency key backup and recovery services at different price points and levels of effort for the user. These KBR practices and services range from the investor recording and storing private keys on their own, to more sophisticated options that include sharding and distributing keys to physically secure storage locations under armed guard. Finally, we discussed CAT Labs’ efforts to develop a KBR service which utilizes several cryptographic protocols, including quantum-resistant lattice cryptography, which shows promise at making sophisticated KBR capabilities accessible to more cryptocurrency investors. We are also incorporating recent breakthroughs in FHE and digital signatures to further protect private keys during transactions.
References
[1] Biggest crypto hacks & scams - defi rekt databas. https://de.fi/rekt-database, 2023. De.Fi.
[2] Bhushan, B., Sinha, P., Sagayam, K. M., and Andrew, J. Untangling blockchain technology: A survey on state of the art, security threats, privacy services, applications and future research directions. Computers & Electrical Engineering 90 (2021), 106897.
[3] Boneh, D., Gennaro, R., Goldfeder, S., Jain, A., Kim, S., Rasmussen, P. M., and Sahai, A. Threshold cryptosystems from threshold fully homomorphic encryption. In Advances in Cryptology–CRYPTO 2018: 38th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 19–23, 2018, Proceedings, Part I 38 (2018), Springer, pp. 565–596.
[4] Breidenbach, L., Daian, P., Juels, A., and Sirer, E. G. An in-depth look at the parity multisig bug. Hacking, Distributed (July 22, 2017). https://hackingdistributed.com/2017/07/22/deep-dive-parity-bug/.
[5] Cramer, R., Damg˚ard, I. B., et al. Secure multiparty computation. Cambridge University Press, 2015.
[6] Fr¨ohlich, M., Gutjahr, F., and Alt, F. Don’t lose your coin! investigating security practices of cryptocurrency users. In Proceedings of the 2020 ACM Designing Interactive Systems Conference (2020), pp. 1751–1763.
[7] Goel, A. K., Bisht, V. S., and Chaudhary, S. Multisignature crypto wallet paper. In 2023 8th International Conference on Communication and Electronics Systems (ICCES) (2023), IEEE, pp. 476–479.
[8] Grand View Research. Cryptocurrency market size, share & trends analysis report by component, by hardware, by software, by process (mining, transaction), by type, by end-use, by region, and segment forecasts, 2023 - 2030. https://www.grandviewresearch.com/industry-analysis/cryptocurrency-market-report, 2023.
[9] Gur, K. D., Katz, J., and Silde, T. Two-round threshold lattice-based signatures from threshold homomorphic encryption. In International Conference on Post-Quantum Cryptography (2024), Springer, pp. 266–300.
[10] Guri, M. Beatcoin: Leaking private keys from air-gapped cryptocurrency wallets. In 2018 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData) (2018), IEEE, pp. 1308–1316.
[11] Houy, S., Schmid, P., and Bartel, A. Security aspects of cryptocurrency wallets—a systematic literature review. ACM Computing Surveys 56, 1 (2023), 1–31.
[12] Karantias, K. Sok: A taxonomy of cryptocurrency wallets. Cryptology ePrint Archive (2020).
[13] Ko, H., Son, B., and Lee, J. Portfolio insurance strategy in the cryptocurrency market. Research in International Business and Finance (2023), 102135.
[14] Makriyannis, N., and Yomtov, O. Practical key-extraction attacks in leading mpc wallets. Cryptology ePrint Archive (2023).
[15] Selvi, S. S. D., Paul, A., Rangan, C. P., Dirisala, S., and Basu, S. Splitting and aggregating signatures in cryptocurrency protocols. In 2019 IEEE International Conference on Decentralized Applications and Infrastructures (DAPPCON) (2019), IEEE, pp. 100–108.
[16] Suratkar, S., Shirole, M., and Bhirud, S. Cryptocurrency wallet: A review. In 2020 4th international conference on computer, communication and signal processing (ICCCSP) (2020), IEEE, pp. 1–7.
[17] Voas, J., and Kshetri, N. Lost and never found. Computer 54, 07 (2021), 12–13.
[18] Zama AI. Tfhecdsa (tfhe ecdsa), September 25, 2023. https://github.com/zama-ai/bounty-ecdsa-signature.