Ethereum Social Recovery Wallets

Creator: Dmitry Radkowski

There have been two noteworthy pieces of reports last month.

First, the Ledger Connect Kit library was used to attack the availability chain. Fortunately, the damage was limited to lower than $1 million, which is just not a great amount in comparison with other crypto exploits. Unfortunately someone still lost money.

Secondly, Secure Wallet (formerly Gnosis Secure) announced a marketplace for various self-recovery options for Secure Wallet.

At first glance, these two pieces of reports may not seem related, but they fit thoroughly into the broader picture of the state of self-monitoring cryptocurrency portfolios.

Before we delve into the main points, let’s recall what options we currently have for sending blockchain transactions.

Option 1: Externally owned account

This was the one option for sending transactions when Bitcoin first appeared.

The algorithm looks like this:

1. There may be a secret private key. Whoever knows this private key owns the assets within the “wallet”.

2. The private key will be used to cryptographically sign a transaction (e.g. asset transfer).

3. The signed transaction is transmitted to blockchain nodes and included in a block.

In Ethereum this is named EOA – External Account.

It could seem easy, but most of today’s Web3 ecosystem works with EOA. You connect your wallet, sign the transaction together with your private key in your browser, and a couple of seconds later your tokens might be magically sent to an individual on one other continent.
Centralized cryptocurrency exchanges can even use EOA to store your assets.

Unfortunately, for EOA to work, a signature should be created using a secret private key. And which means there may be a time and place where the key private key’s physically present in its full unencrypted form – otherwise it might be unattainable to compute the signature.

This brings us to the recent supply chain attack. This time it was an attack on the software supply chain, the hardware was not used. But do you understand who assembled your hardware USB recorder? Are you 100% sure that the courier company didn’t change the shipment on the technique to your property?

Having one private key that offers you unlimited access to your account isn’t protected. I’ll only list a subset of the risks related to using EOA in any physical form (software, hardware, paper).

Loss of personal key

Scenarios:

1. You store the private key in your phone and by chance wipe the memory.

2. You store your private key on a chunk of paper in a protected, and a hearth destroys each the constructing and your private key.

3. You’ve got a USB hardware recorder that falls out of your pocket at a gas station in a foreign country.

4. You store your private key on a distant cloud server, the cloud provider has a failure of their data center and loses your private key.

5. The owner of the private key’s unconscious or dead and only he knew the best way to access it.

A malicious actor gains access to the private key

Scenarios:

1. The owner of the private key’s kidnapped by a government agency and tortured to realize full access to all information and devices.

2. The laptop with the private key’s hacked with a 0-day vulnerability and a Trojan is installed with full access to the device.

3. Cell phone with private key’s stolen after unlocking.

Risk reduction

1. Loss of personal key
   Increase the variety of copies of personal keys: duplicate the important thing on different devices, elsewhere, store it with different people.
   Problem: the more copies of the private key, the more possible attack vectors. The safety of a key is barely as weak as its storage.

2. A malicious actor gains access to the private key.
   Make access tougher: encrypt the important thing, reduce the variety of devices storing the important thing, implement a reset switch that destroys the private key when a selected password is entered, etc.
   Problem: the tougher the access, the simpler it’s to lose the private key without with the ability to get well any assets.

EOA vs. smart wallets

As you may see, there are risks to using EOA, and the mitigation tactics are mutually exclusive: if we make it harder for a key to be stolen, it’ll be more prone to lose; If we make it harder to lose a key, it’ll be easier to steal it.

What can we do to extend safety?

Option 2: Smart Wallet

Smart wallets are sometimes called smart contract wallets and account abstraction.

The precise implementation may vary, but the top result’s a wallet that follows a strict algorithm before committing transactions.

Let me list some examples of possible policies.

Multisignature

A wise wallet may require multiple signatures to perform an motion.

In the best form, signatures will be equal, e.g.: “listed below are 3 signatories, no less than 2 are needed to sign the transaction”

Signatures can have weights, e.g.:

• Alice has a vote weight of two

• Bob has a vote weight of 1

• Charlie has a vote weight of 1

• Each transaction requires a complete of two votes.

Which means Alice can perform each transaction on her own, while Bob and Charlie should coordinate and vote together.

Benefits: a single stolen key cannot steal all of the wallet’s resources because multisig requires the participation of multiple signers.

Inconveniences: the wallet doesn’t have one owner, each transaction requires multiple signers, and using it for small, on a regular basis operations may be very inconvenient.

Time lock and veto

Transactions will be time-locked: even when the signatures are valid, a while should pass between the signatures on the chain and the execution of the transaction.

Although the transaction is time-limited, signatories can have the power to veto the transaction: canceling on-chain execution.

This may be balanced by introducing a ‘veto power’ much like voting power, e.g.

• Alice has a veto power of three.

• Bob, Charlie and Derek have a veto power of 1.

• Anyone can send a time-locked transaction.

• To cancel a timelocked trade, a veto power of three is required.

Which means Alice can single-handedly prevent any transaction from happening, while Bob, Charlie, and Derek should unanimously vote to cancel the transaction.

Benefits: a single stolen key cannot steal all of the assets within the wallet because anyone can cancel their transactions.

Inconveniences: time locking prevents a transaction from executing immediately, which makes many time-sensitive operations, resembling on-chain token swaps, essentially useless.

Wallet freeze

A freeze may be very much like a transaction time lock, but is out there on demand.
Considered one of the signatories can freeze the wallet to stop any transactions for a selected time frame.

This will be used to stop all wallet operations if some signing keys are found to have been compromised.

Benefits: if one among the keys is stolen (or there may be a suspicion of theft), the wallet will be frozen without having to consistently activate the time lock.

Inconveniences: a malicious actor could disrupt the conventional operation of the wallet (no less than temporarily).

Change of signatories

The list of signatories may change.

The best example is a 1/1 multisig wallet:

• Alice can perform any transaction using her signature.

• Alice can change the wallet owner from Alice to Bob.

• After that, Bob can perform any transaction together with his signature.

This allows key rotation and structural changes.
For instance, after a divorce, chances are you’ll wish to remove your spouse from multisig.

Benefits: a single stolen key will be easily replaced with one other. If there are multiple signers, a lost key from one among the signatories will be replaced with a brand new one by the opposite signatories.

Inconveniences: using a stolen key, it is feasible to remove or change other signatories.

Limited list of operations

Some operations could also be specifically permitted, e.g.:

• sending specific amounts of ETH with each day limits

• interacting with specific smart contracts (e.g. providing Uniswap liquidity)

• calling specific functions in a selected contract

These operations can have fewer restrictions than the default ones, resembling no time lock or fewer signatures required.

Benefits: if the wallet is generally utilized in a predictable way, we are able to significantly reduce the damage from attacks by utilizing safer defaults (more signers, time locks, etc.).

Inconveniences: tougher to implement and audit, high gas costs. It remains to be possible for an attacker to cause harm before the bounds trigger.

Is that this a DAO?

As you may see from the examples, the road between smart wallets and DAOs is becoming increasingly blurry.
Smart wallets with a social recovery module are essentially a micro-DAO with one one that can only manage the assets unless their circle of friends freezes the wallet based on suspicion of an ongoing attack attempt.

The mix of a convenient user experience and a high level of security may be very difficult to realize, but we in cryptocurrencies should not afraid of adverse problems – we construct on them.