What if we stored private keys on the blockchain itself? \ stacker news ~bitcoin

What if we stored private keys on the blockchain itself?

71 sats \ 2 comments \ @skreep_ 28 May 2023 bitcoin

The whole Ledger Recover thing has had me thinking a little bit lately and yes maybe this is a crazy idea, but hear me out and help me think this through.

what if we stored our private keys on the blockchain?

With ordinals and inscriptions, we now have folks imprinting files onto the blockchain permanently and it has got me thinking about different ways we might secure or pass on our keys or be able to recover them in the event of total loss. Whether we want to pretend we're all totally prepared for every scenario, some people's home, along with their hardware wallet and backup steel plate, just get swept away in a hurricane or tornado, whatever. Police can bust in with a warrant and find your steel plate and if you don't have a passphrase set up then gg.

What is more permanent and secure than the blockchain itself right? What if we can secure our keys there somehow?

If I placed a plain text file of my 24 seed words, along with 3-10 fake seed words in alphabetical order in the blockchain, is my bitcoin at risk?

So that is a factorial of 36! which is a total of 3.716 × 10^41 possible combinations of the 36 different words. A trillion people doing a trillion guesses per second for 10 times the amount of time since the big bang wouldn't be able to check all possible combinations to specifically find my 24 private keys in a row.

So I can put my private keys on the blockchain in a plain text file like this, and I can write down the 3-10 fake words in one place, and the order in which the remaining 24 words appear in another (18, 5, 12, 10, 22, 1, 8, 19, 16, 24, 14, 2, 23, 9, 21, 7, 4, 11, 6, 20, 13, 3, 17, 15). maybe we assign the first word alphabetically as A, the next as B, and we store the order as letters, (J Q U B X R H C D K F G M S L A W N O E T I V P)

Piecing this information together, I can recover my keys. I have to remember less words (maybe you only inject 3 fake words and all you have to remember is a three word phrase "DIZZY LEOPARD DOCTOR" instead of remembering 12 or 24 words somehow) and all your left with when travelling is a totally meaningless string of numbers or letters.

Obviously, I've barely thought this through, but I imagine some scenario where we can imprint a file that is decipherable by only us through some open source protocol that helps us safely secure our key information on the blockchain without the use of any third party service.

You would never have to expose your keys online hopefully because if you were inputting them into anything, you'd be submitting them out of order with fakes included, so your keys get to stay on paper or steel where they belong.

I bet it sounds like I'm opening up all sorts of points of failure for this to go wrong, but maybe through encryption, an open source protocol and a bit of the communities imagination, maybe we can come up with a secure way to store each of these encoded fragments of information into the blockchain so that there isn't just any one point of failure.

I'm curious if anyone else can foresee some open source protocol coming along to help us trustlessly secure our private keys within the blockchain or would you see something like this as a major security risk? I think given the right design, we could easily achieve this.

Thanks for reading, this idea has been kicking in my head a while so I'm looking forward to hearing opinions.

view all related items

100 sats \ 1 reply \ @OriginalSize 28 May 2023

The basic idea with a seed phrase or any kind of secret passphrase is that it requires a certain amount of brute force computation to find it. What you're doing sounds like the same thing but making it easier by introducing a bit of obscurity.

Since the early days, people have been running software against the blockchain to find money that is weakly protected and I can only assume that they're also looking for schemes like this. Now, there is a computational cost to matching every bit of data against any other with an algorithm like yours but if it's cheaper to do that then to brute force a key, then it just makes your money less safe.

To the problem you wish to solve, which is resiliency against natural disaster or coercion, there's already multisig which can be extended with as many keys as you like, each stored in separate places which are secure against these various adverse events.

It's better to distribute multisig keys to each of these places than depend on placing everything in plain sight except what is essentially another password that is vulnerable to those same initial concerns.

0 sats \ 0 replies \ @skreep_ OP 29 May 2023

Your suggestion is that the safest solution we have as Bitcoiners to secure our keys is by using multisig? I can't accept that as the final answer to this problem. No chance.

The idea of distributing my keys among friends (and giving them veto power over my Bitcoin in a democratic process), or relying on a third party to host partial keys, is not a solution I agree with. Multisig wouldn't even help in this hypothetical act of God situation anyway, considering the likelihood of my friends being in the same disaster zone. It would probably only exacerbate the issue. And relying on a trusted third party service goes against the principles of Bitcoin, period, so that's a no-go as far as I'm concerned.

My goal is not just to solve the problem of losing both my hardware device and steel plate in a natural disaster. I want to address the issue of having to store keys on a physical medium altogether.

I'm wondering if there's a way to fragment, encrypt, inscribe, and eventually recall and decrypt the data in such a manner that we can feel secure in our ability to recover access to our accounts while rendering brute force attacks on the publicly stored info moot. This could enable the average person to feel more comfortable storing their wealth in a decentralized, trustless, non-state-affiliated digital protocol like Bitcoin, instead of relying on centralized banks and fiat currencies.

Key storage is obviously a hindrance to adoption. This is a digital currency, a "digital revolution", and here we are engraving words into fireproof steel like blacksmiths in medieval times, and if/when we lose it or someone finds it, it's game over. You could multisig but the more keys you have, the more keys you need, the more keys you need to store.

I came across https://www.borderwallets.com/docs/the-problem, which explores some new innovative ways to secure keys without relying solely on word memorization.

While multisig serves specific use cases, I still believe we are in the infancy period of key storage and "account" recovery, despite us going on almost 15 years of block discoveries. We need to push forward and continue exploring new possibilities to make key management, storage, recovery more user-friendly for the masses and even just more aligned with the digital nature of Bitcoin itself.