Designing a simple and secure Ethereum wallet for the masses

(and why mnemonic seed phrases are a security hole)

Today, there are two extremes when it comes to holding cryptocurrencies. On one hand, there is the bank-like approach of Coinbase, which takes full custody of funds. While this has clear advantages in user experience, there are large regulatory barriers and liability concerns, and it flies in the face of Nick Szabo’s famous maxim, “Trusted third parties are security holes”.

The alternative is the opposite approach, giving users complete self-custody over their funds. Unfortunately, when you add millions of inexperienced mainstream users into the mix, this introduces an even larger security hole: user error.

If you’ve downloaded a mobile cryptocurrency wallet lately, you were probably asked to write down a 12 word mnemonic seed phrase like the above. This has become the gold standard in the industry, adopted by almost every wallet app. There’s just one issue: it’s setting users up for failure.

For starters, the timing is bad. You’ve just installed a shiny new app, you’re probably not at home, and you’re being asked to write something down and store it in a safe place. The odds that you actually do it are slim. More likely, you’re going to take a screenshot, write it down in a note or email it to yourself, without seriously considering who has access to these repositories.

Second, it’s a non-standard behavior. Of the millions of apps that users are accustomed to, none are asking you to write down secret phrases. Let’s be honest, it’s pretty strange, and you can’t blame users for not taking it seriously. Touch and Face ID have been training users towards faster, less complicated authentication. Seed phrases are a step in the wrong direction.

Finally, you’re being asked to write, in plain text, what essentially amounts to the keys of the kingdom. Even if you were to write a password down (which no one is dumb enough to do), an attacker would still need to know a) it’s a password and b) the username / service it belongs to. Seed phrases are instantly recognizable (12 random words from a predefined set), can easily be parsed out of your email / docs / photo library, and only require checking against a few services (Bitcoin, Ethereum, etc.).

As developers, we can do better. Putting custody in the hands of users may solve for liability, but it won’t solve for security or adoption.

So, what’s the answer? Returning to Szabo, the important thing to realize is that trusted third parties are the issue. A solution that incorporates trustless third parties has the potential to strike the right balance between security and usability. Ideally, it would have the following properties:

If the user loses their device or forgets their password, the third party helps recover funds If the user is compromised, the third party helps to protect funds from the attacker If the third party is compromised or malicious, funds cannot be accessed

Importantly, the solution needs to assume that the user is inexperienced and accustomed to simple authentication methods, and should not encourage anti-patterns that risk security (e.g. writing down the private key in plain text). Here are a couple of potential examples:

Solution #1: Blockchain

The perfect example of trustless third parties in action is a blockchain. You rely on other actors to provide service, but you don’t need to trust them. If you wanted to implement wallet recovery on Ethereum, it might look something like this:

Funds are held in a proxy wallet, with two authorized keys (primary and secondary)

The primary key can spend funds, while the secondary key can only request to be made into the primary key, subject to a 30 day waiting period

If such a request is made, it must be made in plain sight, and monitoring services could alert the primary key holder, giving them a chance to cancel it and void the secondary key

When setting up an account, the wallet app would keep the primary key secure locally, and save the secondary key in your cloud storage (photos, gmail, iCloud, etc)

The secondary key is easily accessible to you, in the case of emergency, and reasonably inaccessible to an attacker

But even if an attacker did gain access, only the secondary key is discoverable, which still gives you a chance to prevent an attack

While this is technically doable today, transaction fees and scalability means it’s probably some time before it makes sense to deploy in a production app aimed at millions of users.

Solution #2: Encrypted Backup Provider

When it comes to finding the right balance between security and usability, password managers have already made great progress. For example, 1Password’s use of “2 Secret Key Derivation”, which combines the user’s weak password with a strong random key, means that the password vault backups stored on their servers are essentially uncrackable.

Borrowing some of the concepts from these apps, a wallet might use the following strategy:

Store a backup of the user’s private key, that was encrypted locally on their device by a combination of their password and a random secret key

Also store a second, “recovery backup” encrypted by the secret key alone

The secret key is saved in the user’s iCloud KeyChain

If the user loses their device, they can request the primary backup and decrypt it with their password and the secret key from iCloud

If they forget their password, they can still decrypt the recovery backup with the secret key, but the backup provider (which doesn’t trust the user) can enforce a 30 day waiting period, during which they send notifications and give the true owner a chance to cancel the request

An attacker needs to compromise two of three factors (password, iCloud or backup provider), in order to access the private keys

Neither of these solutions protect against all possible scenarios, but they go a long way towards reducing the chances that a user loses access to their funds.

All in all, it’s important to note that seed phrases are not always a bad thing. For experienced users, they can be a convenient way to backup keys. Similarly, mobile custody is not a replacement for hardware wallets and more robust security solutions. However, the reality is that the majority of new users coming into the space will be technically inexperienced and using a mobile device. If we want to achieve mainstream adoption, these are the users we need to be designing for.

This is exactly the approach we’ve been taking with the Props wallet, that will be introduced to YouNow’s community of millions of users in Q1 2018. Rather than burdening users with a complicated setup process, we’re using mix of solutions like encrypted backups and biometric authentication to design an experience that aims to strike right balance between security and usability. We look forward to releasing it soon, and continuing to work with the community to develop a set of best practices that makes holding cryptocurrency accessible to anyone.