Vault, a Private Key Backup System for the Parameta Framework
Greetings from the PARAMETA Team,
Private Keys and Public Keys
Blockchains use a PKI (Public Key Infrastructure) to identify users. PKI is a technology that generates a private key and a public key in pairs and uses them for encryption and electronic signature. It is characterized by the fact that encryption with a private key can only be decrypted with the corresponding public key, and encryption with a public key can only be decrypted with the corresponding private key. In this case, the public key is open to anyone, and anyone can decrypt (sign) what is encrypted with the private key with the public key (signature verification) to verify who signed and executed a specific transaction (TX). Based on these characteristics, PKI is being used as a method of user identification on blockchains.
When you sign a transaction with your private key, the blockchain validates it with a paired public key, which gives you the right to change the balance of the wallet address you created from the public key. In other words, if you own the private key, you can manage the assets of that wallet address.
PKI (Public Key Infrastructure) and Blockchain
Another characteristic of a PKI is that while it is possible to generate a public key from a private key, it is not possible to generate or deduce a private key from a public key. This means that even if the public key is made public, the private key is not known, allowing for secure cryptographic communication or signature verification.
The fact that the private key cannot be regenerated or restored in any way except at the time of initial generation is both a very favorable security feature and a huge disadvantage. It’s unrealistic to expect to never lose anything in your life, so a backup and recovery system for the loss of a private key is very important.
The most famous application of PKI technology, which has been around since before blockchain, is co-certificates (formerly known as public certificates). A public certificate is a certificate that contains a public key, and it has been recommended that the private key corresponding to that public key be kept on a separate, secure storage device, such as a USB memory or external hard drive. While the PKI technology itself is secure, it requires the installation of security solutions such as virtual keyboards, antivirus, and forgery detection to secure private key storage, and we have all experienced the hassle of having to install multiple programs to use a public certificate. Storing and later restoring private keys is not a simple task.
It doesn’t make sense to have a separate trusted authority to manage the private keys of a PKI, especially in a blockchain where the ultimate goal is to eliminate third-party trusted authorities. You want to make sure that individuals are in control of their private keys in some way, and that they are always available. Typically, blockchains put the management of private keys in the hands of the individual, and recommend writing down the private key or *Mnemonic on a piece of paper or USB memory, or using a HSM (Hardware Security Module), a dedicated hardware module for securely storing cryptographic keys. However, even these methods are subject to loss, such as paper or HSMs, and are not always available. The best option would be to store your private keys securely in the cloud, but even the cloud is always at risk of being hacked.
* Mnemonic : A string of 12 words that represents a hard-to-remember private key in human-recognizable terms for wallet recovery in the event of a lost private key. Since the private key can be generated from those 12 words, the mnemonic must be as secure as the private key.
*Secret Sharing Technology
* Reference : https://en.wikipedia.org/wiki/Secret_sharing
So why not use the cloud, but break the private key into multiple pieces and store them in different places? For example, in the real world, if we break a single key into multiple pieces and put each of them in different bank vaults, it would be a bit more secure because even if a thief steals a piece of the key from a few bank vaults, he or she would not be able to restore the entire key. In this case, the individual who is the owner of the key can find all the pieces of the key in each bank vault, so he or she can restore the key as long as the bank does not close. However, the downside of this method is that if the bank closes, the key will be unrecoverable forever. Therefore, we need to think about how we can restore the key even if some banks close.
This is where the idea of Secret Sharing Technology comes from. Secret Sharing Technology is basically a technology that allows secret information (private keys) to be divided into multiple pieces, and when the collected pieces exceed a threshold, the secret information can be recovered. The reason why this is possible is that instead of simply breaking the key into pieces, it creates multiple shared clues that can be used to recreate the shape of the key, such as ‘The key is 3 cm long’, ‘The key has 4 grooves’, etc.
Secret Sharing Algorithms
Fortunately, the secret information we need to store distributedly is digital, which means that we can generalize the generation of these clues into a formula, since computers can perform a variety of operations on it. First, we create an arbitrary t(Threshold) order equation containing the secret information (S), and generate n values (Sn) and store them in different repositories. Since it is a t-order equation, if we can get the t values (Sn) from the repositories, we can get the solution of the equation, which allows us to calculate the secret information (S).
To explain in more detail, the secret information (S) is divided into n pieces (=n clues) and stored in n repositories, and the secret information (S) can be restored when t pieces are obtained. Since the secret information is divided into multiple repositories, the difficulty of hacking increases. In addition, since the n pieces are not physical fragments of the secret information (S), but values (clues) that enable the calculation of the t-order equation, it is impossible to infer the secret information (S) from a few pieces instead of t. This means that even if some cloud storage is hacked or fails, the secret information (S) can be restored if the t pieces are working normally. This ensures high security and availability at the same time.
Vault for the Parameta Framework
The Parameta Framework provides Vault, a private key backup system using Secret Sharing Technology. Vault consists of Vault Manager, which is responsible for user authentication, Encryption Key (Recovery Key) management, and storage registration and management, Storages, which store secret information pieces, and Smart Contract, which shares Vault Manager and Storage information, and provides SDK (Software Development Kit) for clients to utilize it well. Each repository is operated by a different entity and can introduce individual user authentication methods. Therefore, the more repositories and different authentication methods, the higher the security.
Vault Structure of the Parameta Framework
The Secret Sharing Technology that generates clues for the vault secret information is provided through the SDK. This is a function that uses secret sharing technology to divide secret information into n clues and, conversely, restore secret information from t clues. The secret information and the clues for it are not sent to an external server at once. The client of the vault (e.g., a blockchain wallet) delivers the generated clues to each repository for storage after user authentication.
Issues with Existing Secret Sharing Technologies
Vault recommends encrypting the n-division clues and storing them in a repository, because the moment the n-division clues are sent to the repository server, they can be leaked on the network, and there is a possibility that the repositories collude. The encryption key used in this case is also secret information that needs to be backed up separately, and should be subject to management. In Vault, the encryption key is stored in Vault Manager, but to prepare for the failure of Vault Manager, Vault also applies Secret Sharing Technology to the encryption key so that it is stored distributedly in each repository.
Vault is based on the n-t Threshold Secret Sharing algorithm, which stores the private key divided into n pieces and enables the private key to be restored if t of them are obtained. It is highly available because even if a few repositories fail, the private key can be restored as long as t or more repositories are in operation, and it is highly secure because the private key can only be stolen by hacking into t or more repositories and obtaining clues. In addition, since the clues stored in the repositories are stored in the form of encryption keys, it is virtually impossible to restore the private key even if all repositories collude.
Although there is a possibility that the centralization of the Vault Manager, which manages the encryption keys, may raise issues, the Vault Manager cannot restore the private key by itself because it only handles the encryption keys and not the secret information. The encryption keys are also distributed and stored in each repository, so it is possible to respond even if the Vault Manager fails.