Understanding Cryptocurrency Security
Cryptocurrency, with its promise of decentralization and financial sovereignty, has brought with it a lot of security challenges. Among these, how to securely store and manage cryptographic keys has remained paramount. In this article, we explore three key management methods: Conventional Seed Phrase Storage, Multi-Party Computation (MPC), and our innovative Splitcoin solution.
Conventional Seed Phrase Storage: The Baseline
At its core, a seed phrase is a mnemonic representation of a wallet’s private key, typically composed of 12 to 24 human-readable words. These words, when inputted in the correct sequence, grant the user access to their cryptocurrency funds.
This approach has become the industry standard for a reason: it's simple. Instead of having to remember a complex series of numbers and letters, users can record a set of words. This is often done on paper or metal. However, this simplicity comes at a cost. The seed phrase, if lost or stolen, becomes a single point of failure. Anyone with knowledge of this seed phrase can access the funds linked to it, which, needless to say, is a glaring vulnerability.
Multi-Party Computation (MPC): A Leap to Collective Custody
Emerging as a novel solution to mitigate the risks associated with seed phrases, MPC is about collective key management. Instead of one entity holding the key, the responsibility is spread across multiple parties. These parties compute functions collectively while maintaining the privacy of their individual inputs, creating a shared secret.
On the surface, MPC is a robust system that eliminates the single point of failure. If one party is compromised, the secret remains intact unless a majority (or a defined number, depending on the implementation) collude or fall into the wrong hands.
However, this advanced solution isn't without its complexities. Coordination among the parties can be intricate, demanding seamless communication and trust. Moreover, the more complex a system is, the more potential points of vulnerability it introduces. For the everyday user, understanding the intricacies of MPC can be daunting, making it less accessible for general adoption.
Splitcoin: Enhancing the Traditional, Simplifying the Advanced
Enter Splitcoin, a system that isn't trying to reinvent the wheel by replacing the widely accepted seed phrases. Instead, it aims to fortify them. At its essence, Splitcoin adds an encryption layer to traditional seed phrases, creating what is known as an encrypted seed phrase or a seed vault.
With Splitcoin, users manually encrypt their seed phrases using uniquely generated codebooks derived from a secret key. This encrypted version doesn't give away any direct information about the actual seed phrase. Even if an adversary stumbles upon it, without the corresponding codebook and user password, it's rendered useless. The seed vault just looks like a decoy seed phrase!
This encryption process might sound complex, but Splitcoin has been designed with user-friendliness in mind. Unlike MPC, where understanding the underlying mechanisms can be overwhelming, Splitcoin is straightforward with its mobile application. The user is guided through the manual encryption process step-by-step, ensuring both security and ease of use with its world-class UX.
What sets Splitcoin apart is its approach to security. While the encrypted seed phrase is not a vulnerability, the real strength lies in the combination of components required to decrypt it: the Splitcoin codebook (unlocked by the key stored across physical coins or QR codes), and the user password. In this way, Splitcoin skillfully sidesteps the single point of failure, a vulnerability that has long haunted traditional seed phrase systems.
Single Point of Failure vs. Single Point of Loss
Single Point of Failure: This refers to a vulnerability that, if compromised or malfunctioning, can lead to the complete failure of a system. In traditional seed phrases, if someone gains access to your phrase, they can steal your assets. For Splitcoin, someone would have to obtain all your coins and the associated password to decrypt the seed phrase and access your assets. The risk is dispersed further if you distribute your coins and password across multiple locations or guardians. If a physical electronic coin gets damaged, then you should have backup sets with other coins or QR codes in place!
Single Point of Loss: This is more about the risk of losing access rather than unauthorized access. For Splitcoin, if you forget the password and don't have it recorded, then even if you have the coins, you lose access to the assets. It's akin to losing the key to a physical safe. A secure password manager can be used to store your password. It is also very important to use Splitcoin Tools in the mobile application to easily make backups of your coins!
Distributing your Splitcoins doesn't compromise your seed phrase's security, whereas splitting a standard seed phrase weakens it. For instance, if you split your seed phrase into three 4-word portions, obtaining two of them reduces security to 2^44. Every Splitcoin stores an encrypted 640-bit key that is used in a secret splitting scheme and required for unlocking the codebook that is used to manually decrypt the seed phrase.
MPC disperses the "knowledge" of the private key across multiple parties. No single party knows the complete key. For someone to gain unauthorized access, they'd typically have to compromise multiple parties, which makes theft more difficult. But, if the required parties or shares become unavailable, this can halt access or operations, potentially creating a "loss" scenario, similar to Splitcoin but for different reasons.
Backups and Recovery
Splitcoin: Backing up both the coins and the password certainly provides a safety net. Distributing these backups (e.g., keeping the password backup in a bank safety deposit box and giving some coins to trusted guardians) adds layers of security and redundancy, making both theft and loss scenarios less likely.
MPC: In certain MPC setups, you can reconstruct a lost share without ever revealing the full key. It provides a backup mechanism, but the intricacies depend on the specific implementation.
Both Splitcoin and MPC have mechanisms to counteract single points of failure and they each have unique risks and backup strategies. Splitcoin’s risk can be framed as a "single point of loss" if you lose the password or a coin without a backup set in place. MPC's main challenge is around complexity, communication, and potential loss scenarios if enough parties or shares are inaccessible. Neither system is inherently flawless, but their vulnerabilities are different, and the choice between them often hinges on the user's preferences and understanding.
Benefits of MPC over Splitcoin
Inherent Decentralization: MPC operates on the principle of decentralized key management. Multiple participants ensure that no single entity ever has access to the entire key, shielding against targeted attacks.
Collaborative Computations: Through MPC, participants can undertake joint cryptographic tasks without revealing their individual portions of data or key, catering to operations that require multi-party confirmations.
Versatility for Advanced Applications: MPC's foundational principles can be adjusted for a range of complex cryptographic endeavors, not just limited to key management.
Potential for Real-time Responses: The distributed nature of MPC can allow for real-time responses and decisions in multi-party scenarios, without the need to collate data centrally first.
Enhanced Resilience: Since the full key is never formed in any single place, it reduces the vulnerability of exposure of the private key.
Benefits of Splitcoin over MPC
Simplicity and Independence: Splitcoin offers an intuitive, offline approach for users to safeguard their seed phrases. Users don’t need a deep understanding of cryptographic computations to utilize it. Optionally, exporting their codebook to a PDF would mean the user would never even need to use the Splitcoin app again.
Optional Decentralization: Splitcoin provides flexibility in key management. Users can decentralize by sharing coins with guardians or choose a centralized approach.
Compatibility with Current Standards: Rather than replacing the prevalent seed phrase system, Splitcoin introduces an encryption layer, combining improved security with a familiar process.
Reduced Complexity Risks: Splitcoin, without the intricate cryptographic interactions of MPC, presents fewer risks associated with computational errors or potential vulnerabilities. There aren't any threshold schemes to worry about.
Manual Encryption: Drawing inspiration from classical cryptography, Splitcoin still uses modern-day cryptography to stay resilient against brute-force attacks. Also, the Splitcoin app will never know or ask for a user's seed phrase.
Navigating the Landscape of Cryptocurrency Security
In the ever-evolving world of cryptocurrency, security is not just about keeping assets safe; it's about ensuring that users can interact with their assets confidently and intuitively. Traditional seed phrases provided the foundational step, making cryptographic keys more user-friendly. MPC, with its promise of distributed responsibility, introduced a higher level of security at the expense of complexity. Splitcoin, however, strikes a balance. By enhancing the traditional seed phrase system and circumventing the complexities of MPC, it provides a solution that is both simple for the user and robust in its security.
For users navigating the sometimes intimidating realm of cryptocurrency management, Splitcoin serves as a beacon, indicating that security and simplicity can, in fact, coexist. As the crypto community continues to grow and diversify, tools like Splitcoin will be invaluable in making advanced security accessible to all.