Keyword: Best practice, NFC card, XOR encryption, Trusted Solution
For now, there are many kinds of method to storage private-keys, but none of them was perfect. Specially, few of these method can focus on data loss protection (private-key/seed loss). I think the XOR card solution introduced by BitKey will be the best practice with the ability to balance safety and ease use, and, covers the protection of avoiding data loss and theft.
Figure: NFC-XOR-KEY plays a critical role in the solution
The fundamental of Cryptocurrency is asymmetric encryption. To achieve a goal of global decentralized currency system, Cryptocurrency users must have the ability to securely keep their private keys. However, this is not an easy task even for experienced Bitcoin users. Some new users who have want to be involved in the field may have great doubts about the future because of the key management problem.
There are a lot of worries about private-key loss. So Bitkey wants to solve these problems. In a more specific way, we want to find the best practice to keep private-key never lost and with a robust backup that is perfect security resist any brute-force crack.
With nine-years Bitcoin history, there are many ways invented to keep private keys.
At first stand-alone wallet software on computer, then many other popular ways: paper wallet, brain wallet, hot online wallet, self controlled app wallet and hardware devices.
Many method has been found with huge weaknesses and risks such as brain wallet and hot online wallet, and other method still have some other issues.
Hard disk wallet on PC/MAC. A disk can die any time, so you must regularly back up your wallet.
Paper wallet. The private-key may be cached on the printer and paper is easily damaged by water and fire.
Brain wallet. Brain wallet is very risky. Why are brain wallets not secure?
Hot online wallet/ Web wallet. The private-key or secrecy seed is storage on a central online server, this is very risky.
App wallet without data cloud backup. Risky like PC’s hard disk wallet. Your wallet and cell phone can be lost or damaged.
App wallet with data backup. Even if the backup data is encrypted, there is risky, All kinds of advanced encryption methods cannot resist brute-force crack especially under the condition of weak password protection.
Hardware wallet. This is usually a recommended method. Howevre hardware wallet also have some issues as, hardware damage, supply chain attack. And one of the most inconvenient aspects is that there is no good way to storage and backup seed words. So hardware wallet is perfect on avoiding coin theft, but not perfect on the seeds lost issue.
Old version of Bitkey works as an App-wallet-with-data-backup, and the encrypted data is storage on iCloud, user’s independent sandbox. There are many security measures implemented to obfuscate code and use salt to add password’s entropy,However that is not perfect.
The new introduced NFC-XOR-KEY card is an innovative feature that gives BitKey a huge progress to high-level security.
Use the NFC-XOR-KEY to encryption the private-key, with this perfect secrecy XORed encryption, the protected private keys can resist any brute-force crack. Even if the attacker gets wallet data, he cannot decrypt the private-keys.
As illustrated by the above Figure, the NFC-XOR-KEY can be implemented easily. Just inter wallet, when a new private-key generated you use the NFC-XOR-KEY encrypt the key immediately, and when you sign a tx you use the NFC-XOR-KEY decypt the private-key temporary. And the backup encrypted data contain only the xor-ed private-keys, these make cloud data at a high-level security.
As the working principle of this XOR encryption please refer to other articles.
XOR encryption provide unbreakable protection.
Besides, the wallet binary can be built and installed on your trusted cell phone. Or install the app from a trusted applacation store.
The NFC card is a very simple and durable device .
Based on this solution, we can build our own grass-roots cryptocurrency wallet using some very stable open cloud storage services.
. Bitcoin Core developer wumpus`s Signature on bitcointalk.bitcointalk.org
. Why are brain wallets not secure. stackexchange
. Supply chain attack. wikipedia
. Google cloud storage service Designed for 99.999999999% durability. google