blog header image
Can you solve this optimisation problem?

Can you solve this optimisation problem?

Back to /blog/news


Georg C. F. Greve

Georg C. F. Greve

Mon Feb 25 2019

Pick any number between zero and infinity… Bzzzt. Wrong answer. If you think this was a silly game, you are right. But it is the game all users of Bitcoin and other radically decentralised systems are being asked to play by the designers of these systems. As Joshua, the computer in the 80s movie WarGames concluded: “A strange game. The only winning move is not to play.” Because some questions do not have a right answer and you are better off asking yourself whether you have asked the right question.

In this case, I am talking about wallets. They are best known from Bitcoin and other so-called cryptocurrencies. But the concept exists across all radically decentralised systems and many systems attempting to implement end-to-end encryption. At their core always lies the same question: How do I know this person interacting with the system now is the same person creating this account or wallet before? Virtually all such systems seek the answer in cryptography, creating a secret that only this first person knows because it was created by and for them.

Some systems allow their users to choose those secrets. So the secret is a password. Which means it is broken by design. On the upside we no longer need to talk about the security of these systems, because their problems are widely known. Spoiler alert: They fare better than lucky charms do for movie heroes, but not a whole lot. A far superior approach is to randomly generate the secret. We will ignore that generating true randomness is a surprisingly hard challenge. Because whatever the computer generates is going to be better than what a random person will come up with. So from a technical perspective, that is a sound choice.

This computer generated secret is typically in the form of a so-called private key to be used in public key cryptography. Without wanting to cause mass narcolepsy amongst readers: This kind of cryptography allows anyone in possession of the public key to encrypt something so that only the person in possession of the private key can decrypt it. And of course you can encrypt anything to yourself, as well. In Bitcoin, those public keys are used as the target addresses for transfers, and only the person in possession of the private key can access those funds. Or you could encrypt your personal data in this way, ensuring only you have access to it in future.

The private key is a big deal. It is literally the key to the kingdom of whatever is secured with it. And like anything in your computer it is just a very specific number of 1s and 0s in a certain order. So it is a little bit like a super long, very complicated password. And if you lose it, you lose all your Bitcoin, all access to your data. That might make you nervous if this key only lives on your mobile phone. Because phones get lost, break and sometimes even stolen.

To solve this problem, people have come up with recovery codes. These are typically either QR codes or words out of a dictionary to make key recovery more human friendly. These recovery codes are typically printed on a piece of paper so that when the original key gets lost it can be re-created from the backup. You can be certain that all those people who lost access to their Bitcoin wallets worth millions of dollars wish they had made enough copies of these recovery codes to still have a copy when they lost the key. From this perspective, you would wish for an infinite number of copies to ensure you always have one around when you need it.

But the recovery codes can be used by anyone. The system is not designed to verify identity. It is only designed to verify someone has the key. Anyone who has the key is considered equal to the original person opening this account or wallet. So anyone who gets their hand on such a recovery code can access, and transfer all the funds in your Bitcoin wallet. The only way to prevent that is to make sure no-one ever gets a copy of the secret key. Viewed from this angle, you wish there were no copies, whatsoever.

Which is why this is an optimisation problem for a number between zero and infinity. And there is no right answer. Because if you find out the answer was wrong, there is nothing short of a very specific Delorian that can save you. There is ample evidence that a substantial number of computer specialists chose poorly and lost access. Even organisations like QuadrigaCX reportedly got this wrong and lost access to $190 million when the only person in possession of those secret keys passed away. The very specialists that built these systems evidently cannot solve this optimisation problem. So how can anyone?

A far better and far more humane approach to this is social recovery. The private key gets encrypted for trusted third parties, ideally even split, so that several of these parties have to act together to restore the private key. Those key fragments or keys can be protected in hardware security modules, making it nearly impossible for an adversary to gain access. And the system should record when the recovery procedure has been used, and by whom. Whenever keys or devices get added or removed, any time the recovery procedure is used, the system should record this in a black box.

That way humans can choose whom to trust. And if their trust is violated, they will know, and have ways to reclaim their assets and identity. There is transparency, redundancy and security in this system. Which is why Vereign is building this into its true digital self.