When Peter Schiff claimed his wallet lost his Bitcoin (BTC), many in the crypto community were skeptical. While some believe Schiff simply lost his password, others, like Ethereum co-founder Vitalik Buterin, stressed that the loss of private keys is still a major issue for cryptocurrency users.
It is difficult to be your own bank
Custody of your own cryptocurrency is quite complex, especially for non-tech-savvy users. Most wallets require the user to write down the private key before accessing the wallet. The key can be stored by simply writing it down on a piece of paper, a method that is prone to errors if the paper is lost, stolen, or damaged.
Using hardware wallets or encrypted digital backups is an alternative, but it requires a certain level of preparation and technical knowledge that many casual users may find difficult to understand.
In response to the loss of Peter Schiff, Binance CEO Changpeng Zhao argued that keeping coins on central custodians is safer for most users.
However, this is inherently contrary to the principles of decentralization in the crypto community. Some members pointed to alternative methods developed on Ethereum as a possible solution.
As an alternative to complex storage solutions, the concept of social recovery is to give friends, family, or even businesses the right to restore access to a specific account.
The person who loses access to their wallet could turn to “guards”, preselected entities who are authorized to reassign control of the particular account.
Argent Wallet is currently implementing this idea live. A user can designate other Argent users or even other wallets belonging to him as guardians. However, the guardian is Argent himself by default and uses the person’s email address and phone as a guarantee of identity. Without other legal guardians, this recovery method cannot be removed.
Screenshot from the Argent app.
A slightly different method is offered by Ethereum Improvement Proposal (EIP) 2429, developed by Ricardo Guilherme Schmidt and others.
Following the concept of social restoration, “user secrets” are introduced – personal data such as biometric data from fingerprint scanners, a password or personal information provided in a questionnaire.
This information must then be provided during the recovery process to ensure that guardians cannot simply collapse to steal the user’s wallet. In addition, the list of guards is never published until the actual recovery procedure is activated.
However, this is still a proposal under development that is subject to change.
Criticism of the social upswing
A frequently cited disadvantage of social recovery is the reintroduction of trust – this time with friends rather than centralized units.
Cointelegraph contacted Schmidt for clarification on the EIP. Although he agreed that the system is imperfect, he claimed that the proposed system is far more trustworthy than simpler implementations:
“Social recovery is fundamental to adoption, it brings a Web2 experience to self-confident accounts.
The disadvantage is having to trust others, but EIP 2429 solves the problems of guardian trust so that we are back in a trustworthy system, which we all love about Ethereum. “
Schmidt went on to criticize open multi-signature implementations such as Argent’s because they failed to curb agreements. He still believes they have their place in an environment where extreme transparency is required, such as holding public funds.
Itamar Lesuisse, CEO of Argent, made it clear to Cointelegraph that it is misleading to call your system social recreation as it “implies that people must always be involved”. He explained:
“So the method is safe and literally anyone with a smartphone can use it. Another benefit of this approach is that you can use these trusted entities to protect your wallet beyond recovery. With Argent you can use it to lock your wallet and approve a large transfer. “
Lesuisse also welcomed the development of EIP 2429, noting that “it improves privacy in the scenario where users choose friends and family as trustworthy entities”.
Nevertheless, Schmidt admitted that the EIP is not immune to guards who blackmail the user in order to gain access to the wallet, which is known in technical terms as a “griefing attack”. He envisioned that this could be used in a positive environment where a guardianship company identifies customers and restores access for a fee.
In an interview with Cointelegraph, Blockstream CSO Samson Mow criticized Ethereum and stated that the EIP was “largely complex for the sake of complexity”. He added that social recovery on Bitcoin is entirely possible with existing software, simply by creating a multisig wallet and distributing parts of it to friends.
Still, Mow is skeptical of the general concept of password recovery on social networks:
“The downside to any social recreation system is that your social circles change over time and we live in an entropy-prone universe. So your friends today may not be your friends tomorrow, and even if your social circles don’t change, your guardian may lose his or her part of your recovery plan. “
Mow still believes the ability to restore private keys is important, even though he was referring to carbide backups – storage devices that should be indestructible. According to him, the burden of securing Bitcoin remains with the users:
“The challenge is to make it clear to people that they should save their semen and plan recovery from day one – social recovery no longer helps eradicate the ‘ship paradox’ (people concerned with securing their bitcoin worry if it’s too late) to negate metal backups do. “
Since the beginning of Bitcoin, Keybase has offered a service for generating private keys based on a user’s password and email.
Torus allows users to create Ethereum wallets by logging in with their Google or Facebook accounts. The private key is uniquely assigned to this account by some rather complex assignment mechanisms.
However, as Schmidt explained, solutions based purely on personal secrets are extremely difficult to secure:
“In Web2 it is safe to have an 8 password as the authentication server blocks bruteforce attempts. […] None of this is possible on the blockchain, and using an 8-digit password as a seed phrase is likely to be an instant loss of money as it is very likely that addresses with low entropy will be constantly monitored. “