Recovery for Ethereum wallets
Have you ever left your credit card at a restaurant or bar? No problem! You can typically call up the business the next day and retrieve your card from them. Even in the case of a completely lost card, you can call up the issuing company, ask them to close out the lost card, and mail you a new one — easy!
Ever lost your Ethereum wallet? Different story, right?
At this point in time, if you lose your Ethereum wallet, you’re effectively out of luck. This is due to the fact that there is no ‘continuity of identity’ in the blockchain space. What this means, effectively, is that once you lose something, it’s gone… forever. And this is the nature of decentralization, individuals are 100% responsible and accountable for their own security without any sort of insurance or safety net.
Naturally, a lot of coins / tokens have been taken out of circulation as a result of this. In fact, out of the 21 million bitcoins that will ever exist, between 2.8–4 million (14–20% of the total supply) have already been lost. And with the recent spike in price last year, we have seen more and more stories of people accidentally throwing away their Bitcoin wallets surfacing.
We can do better. Here, I’ll be describing some of the cryptographically sound methods for wallet recovery in the cryptosphere. But before I get into that, I want to provide a bit of background on what exactly an Ethereum wallet is.
Warning — this section contains a bit of technical jargon.
Public Key Cryptography
Under the hood, Ethereum relies on public-key cryptography for the security guarantees it provides to its users. This is a system that relies on a pair of keys (referred to as a private and public key) that can be likened to a username (public key) and password (private key). The public key is derived from the private key through some function specified by each protocol. In terms of a basic equation, we can think of it as the following.
pk = f(sk)
Where pk is the public key, sk is the private key (secret key), and f is some function.
Private Keys
In Ethereum, private keys are simply 64 hexadecimal characters (64 characters of 0–9 and A-F, in a row). This means that there are 16⁶⁴ private keys that we can create — or roughly just as many private keys are there are atoms in the entire universe.
So, when you pick one at random, you can be pretty confident that nobody (even with all the computing power we have today) else is going to be able to guess it without seeing it. In fact, here’s some simple math to give you an idea of how long it would take the entire bitcoin network (with a recent peak hash rate of 50 trillion sha256 hashes per second).
16⁶⁴ / 5e13 / 3600 / 24 / 365.25 = 7.3384598e55 years
Which is well beyond the life of the entire universe — so that should provide some good assurance that your private key will be hard to reproduce!
Public Keys
In order to derive the public key, Ethereum uses what is known as Elliptic-curve cryptography — which allows someone to graph a special kind of function and then get a point along it (this is typically carried out through the multiplication of the private key by a set generator point). Let’s take a simple example:
Imagine you have the function:
f(x) = x + 3
Let’s pick some random point g (our generator point) on that function that we will multiply with our private key:
g = 2.5432
We can use the equation from the private keys section to derive our public key. We’ll take a private key (sk) equal to 2 (preceded by 63 0's) and use this to arrive at our public key:
sk = 00000000…000000000000000000000000000000002
pk = f(g * sk)
pk = 2 * 2.5432 + 3
pk = 8.0864
Note: This it not 100% accurate and is meant chiefly to demonstrate the idea. For more information on Elliptic-curve cryptography, please check out this article.
Ethereum Wallets
The function f that we presented above would typically be represented by an elliptic curve. There are many kinds of elliptic curves that are named and known to the world — the one which was used by Bitcoin (and subsequently Ethereum) is known by the name of Secp256k1. This is the function that allows us to derive public keys from private keys.
Now, in Ethereum, there is a bit of extra work to be done after generating the private key as well as some rules that need to be followed — I won’t get too much into all of that, but the main thing here is that your private key must not begin with ‘00’ to become a valid Ethereum wallet. In terms of the additional math used to get from a public key to an Ethereum ‘address’, the following steps occur:
- A hashing function known as Keccack-256 is applied to the public key
- The last 20 bytes of that hash are taken and then prepended with ‘0x’
For more information on how these Ethereum wallets addressed are generated, take a look at this StackExchange post.
Now that we have a firm understanding of what a wallet is, let’s get back to handling the case of a lost or compromised wallet.
We have ‘forgot password’ with internet websites, so why can’t we have this with wallets? Well, that’s because when you reset your password on some website, you are asking some company to modify your account for you —which shows that they have complete control over your account. But that can’t be applied to blockchain wallets, because the users are left to manage their own security, leaving them with no safety net. So, what can we do to provide similar functionality?
Recovery Keys
Let’s take a modern day example of something that allows users to bail themselves out if they are every in trouble — backup verification codes. If you’ve ever used two-factor authentication with your gmail account, you may be familiar with these. If you lose your phones or otherwise can’t get codes via text, voice call, or Google Authenticator, you can use your backup codes to sign in.
We can accomplish the same sort of functionality with what is known as a ‘proxy wallet’ — this is a smart contract that acts as a multisig wallet (a contract that holds funds but requires sign-off from one or multiple parties to deploy them). In our case, this multisig wallet will have only one account, but will have a recovery account specified at creation.
Note: We’ll be referring to wallet addresses as ‘accounts’ for familiarity purposes
When the first account is lost or compromised, the second account can call a function on the multisig with a new recovery account specified where the first account will be discarded, the second account will become the new signer of the multisig, and the new recovery account will be used in place of the old recovery account. This would something like the following:
At this point, Alice can use the sendEth function to send Ether from her multisig wallet. So, she uses this contract to send Ether until one day she loses her account… but it’s okay! Alice just goes back to that recovery account she specified and calls the recoverAccount function where she specifies a new recovery account.
This will update her wallet contract to discard the old primary account and make her recovery account the new primary account. A new recovery account will also be specified by Alice when she calls this function.
In sum, recovery keys allow users to recover from a lost or compromised Ethereum wallet without having to depend on some company or trusted third party.
Social Recovery
Now, if you don’t trust yourself to be able to keep your recovery information in a safe place, you can source the information from your friends, family, or anyone you trust. A popular method for doing this in the community is known as Shamir’s Secret Sharing.
When you are creating a recovery account, you can effectively split the account into a bunch of pieces and hand those pieces out to a bunch of people. When you need to recover, you go to a specified threshold of those people (Ex: 3 / 10) and can then combine those pieces to recover your original wallet.
So, what exactly does it mean to get a threshold of pieces from your friends to recreate your recovery account? This is actually hard to describe accurately without the math to back it, but we’ll try it with colors. The reason I choose colors is that the process of mixing colors closely resembles the properties of a one-way function. This means that I can mix red and yellow to get orange, but I can’t start with orange and separate it out to get red and yellow — hence, the process is one-way.
Imagine your recovery account is thus represented by the color orange and that you know that this orange is exactly 50% red and 50% yellow (and you’re 100% sure of this because you made the recovery account — requiring these colors in the process). With these red and yellow, you keep the yellow, and hand out red to three friends. Now, if you ever wanted to remember what your recovery account was, you just need to get red from one of your friends and voila — you have your orange recovery account!
For those wanting to learn about and understand the process of doing this mathematically and with code, I urge you to read about Shamir’s Secret Sharing.
To date, a lot of cryptocurrency has fallen out of circulation due to the loss or compromising of cryptocurrency wallets. By leveraging what are known as ‘proxy wallets’, we provide a recovery mechanism for lost Ethereum accounts. These wallets serve as a wallet with a primary account and a recovery account that is specified upon creation. When the primary account is compromised or lost, the recovery account can be used as the new primary account (invalidating the old one) and to specify a new recovery account (in round-robin fashion).
Recovery accounts can either be kept by the user or spread out in multiple pieces amongst a group of individuals that they trust. Companies creating products which follow this sort of precedent will be providing an enhanced user experience to their customers by helping to prevent additional Ether from being locked in accounts where the credentials cannot be recovered.
If you have any projects leveraging proxy wallets, I’d love to see your implementation and how you’re approaching things. And if there’s something about this that I can improve, please don’t hesitate to let me know in the comments section, here. Lastly, if you’ve gained something from this article, I am but a social media noob and would greatly appreciate you sharing this to your network.