Guardian Papers 2: Private Keys

by GalaChain | Apr 3, 2024 | GalaChain, Guardian Papers

Imagine losing the keys to your house… in a world with all unbreakable windows where locksmiths do not exist. This is what’s at stake when we talk about private keys, one of the most important tools in the web3 world.

Welcome to the second edition of The Guardian Papers, the series in which we’re taking you through some of the most important security issues in blockchain, one by one. The future of decentralization can create opportunities for bad people as well as good ones; that’s the nature of empowerment.

We’re here to not only empower our community, but also to help equip everyone with the skills and knowledge they need to protect themselves 

What Are Keys?

Keys grant you access to your assets or information on a blockchain. Just like a password, you can use your private key to access your holdings in a wallet address, but the security of a key far exceeds the security of a typical password. Passwords can be hurdles to the villains that stalk the shadows of the digital world, but cracking or brute forcing a private key is a hurdle too high for anyone to jump.

There are typically two types of keys associated with any blockchain address. A private key is your personal proof of ownership and should not be shared with anyone. This private key is known only to you, and due to blockchain’s decentralized nature your private key is how you prove to the network that the assets held at that address are actually yours. This itself prevents many of the methods that the bad guys will employ to prey on individuals in less sophisticated digital spaces.

A public key is the one that your wallet will share while transacting. Your public key is actually derived from your private key through complex mathematical calculations, but due to the high level of encryption, the process can’t be reverse engineered. This means that your public and private keys are matched pairs– one is your visible footprint on the blockchain while one is your personal access code.

DID YOU KNOW? 

Though not every blockchain uses the same names for them, most use some form of private and public keys.

On the Ethereum network, your wallet address actually represents the last 20 bytes of your public key. It is expressed in hexadecimal–  indicated by “0x” at the beginning of the address. Since each byte is represented in two hexadecimal digits, a full address is 42 digits long (0x+20×2)

Your GalaChain address is also expressed in hexidecimal characters. It is comprised of 24 digits, with the prefix “client|”, which can double as a unique user ID for the Gala platform.

On GalaChain, the ability to transact through the Gala platform or dApps built on chain simplifies the day to day use of your keys. Your public and private keys still control access to your on-chain items, however.

There are many independently functioning blockchains and not everything here will always be true for all of them. This is intended to be general information about how keys typically work on a blockchain, but you should always do further research to understand the specifics of any blockchain you use.

How Keys Protect Your Assets

In blockchains that use both a public and private key, asymmetric cryptography is employed to ensure that assets remain protected for a private key holder. This keeps security high even though transaction data and the public key are readily available as public information on chain.

GalaChain operates on asymmetric cryptography, just like many other chains. While your public key is used to sign transactions, your private key always stays exactly that – private.

First, your private key generates a public key with encryption software to complete the pair when you first set up your wallet. Your public key then secures data as it interacts with the blockchain so that it can only be decrypted using the private key that it pairs to. Your wallet safely stores your private key, which now is the only key that can give anyone access to your assets.

There are many nuances and exceptions to the way asymmetric cryptography works on blockchains, and there are even some chains out there that run entirely on symmetric encryption. Understanding how private keys and public keys interact and relate to each other, however, is the first step in keeping control over your crypto treasures.

It’s All In the Name

One of the key components of blockchains is transparency and history. Transaction information and data is readily available and stored within the chain itself, thus making ownership of your assets fully provable. While your public key will be visible on the network and identify your address to the chain, your private key needs to stay just that– Private!

Your private key should never be shared with anyone! This private key is designed to be stored within a wallet and should stay in one. Your private key can be imported to apps and extensions like Metamask, but make sure that you 100% trust the encryption and integrity of anywhere you are sending your private key. 

If someone has that key, they then suddenly own your entire digital hoard. While your private key may be able to be recovered with a seed phrase or recovery phrase, nothing can be done to prevent anyone who gains this key from immediately accessing your wallet. This cannot be restated enough times: Any individual asking for your private key is up to no good!

DID YOU KNOW?

A wallet doesn’t actually store your currency, but rather stores and controls access to the keys that can access the address the currency is stored at.

This means offline solutions like hardware wallets store your private keys in a secure environment, not accessible remotely.

When your private key is secure in a wallet, it signs transactions without being exposed to the network because your public key recognizes its other half. Though we use alphanumeric characters to express a private key, it’s in fact a seemingly random number of hundreds of digits long– the type of math us mere mortals use to keep your defenses impenetrable. Reverse engineering a private key from a public key is something that is beyond the technology of even a real life supervillain.

Control Your Lock and Your Key

The revolution that blockchain technology represents is all about sovereignty over personal property without barriers in between you and your assets. Maintaining control over your assets opens countless new possibilities, but that comes with responsibility.

Blockchains give you sophisticated tools to protect your assets, but in the end it all comes down to you. Maintaining a thorough security infrastructure on any device that your wallet is connected to will ensure that the lock on your vault is essentially impenetrable… but any lock is easy to penetrate if you hand over the key.

Your private keys are yours and yours alone. They should never be shared with others or transmitted digitally, and should preferably be stored offline whenever possible. Your keys are direct access to your treasures, so that’s what the enemies of digital sovereignty will come after… but you’re not alone in this fight. 

As long as there are easy victories to be had in our community for the bad guys, they’ll be hungry for more. Only by educating and empowering everyone within the blockchain world to protect their private keys can we shut out the brigands who seek to cheat their way through this digital frontier.

The First and Last Guard

We’ve already covered a lot of ground in The Guardian Papers on how to keep yourself secure in the decentralized world, and our next installment will take us even further yet as we explore how 2-Factor Authentication is crucial for healthy defenses.

In the world of Web3, you are the first and last guardian of your assets. This may sound overwhelming, but that is the cost of the power of controlling and owning assets without the interference of a larger organization. You have the tools at your fingertips to easily maintain defenses that can’t be matched in the pre-Web3 world. 

Here at Gala, we believe that empowering the players is about more than just ownership. It represents a responsibility to educate and arm the community with the knowledge they need to protect their control over their assets. As a community, the responsibility to spread wisdom that could help any member protect themselves is carried by all of us… until none of us are threatened. 

Our security on chain may be strong, but we are always infinitely stronger together.

Guardian Papers 1: The Responsibility of Empowerment

by GalaChain | Mar 27, 2024 | GalaChain, Guardian Papers

This is the future, where ownership is real and the physicality of an object, idea or asset is less important than what it represents.

At Gala, we empower people to own their content through web3 tech. Thanks to the innovations of GalaChain, users can actually own the content they interact with. This revolutionary idea was first explored in finance and entertainment… but as demonstrated by the recent GALAthon hackathon event during GDC 2024, its applications are limited only by imagination.

Vast amounts of users and resources are already flowing through web3 ecosystems, and this is just the beginning. Still, many newcomers underestimate the risks of the space, as well as the enhanced security that true responsibility for one’s assets demand.

You shouldn’t have to trust faceless corporations to protect your interests. You should, however, have the skills and knowledge to trust yourself when the power is in your hands.

Welcome to the Guardian Papers

From our staunch desire to both protect and empower members of our beloved community, the Guardian Papers were born. Through this series of articles on the responsibility of ownership, security guidelines and red flags, we hope to empower our community with something more valuable than any physical or digital asset: education. 

We want each of you to have the tools to effectively avoid the scams that can unfortunately still be found lurking in the corners of the Web3 world. We utilize blockchain systems for their unmatched security potential, but there will always be people who make it their life’s work to prey on the under informed, the gullible or – worst of all – the generous. This is a frontier. Frontiers have heroes… but they also have villains.

Understanding and staying ahead of the bad actors is an important part of doing your own research or due diligence– phrases you’ll continue to hear over and over in the web3 world. In this world, your money is no safer than your wallet, your wallet is as safe as your private keys, and your private keys are nothing short of sacred to you. Lose your firm, secure grasp on any of these things and your assets may be as good as gone. This is decentralization. There is no big bank ready to protect you and replace funds that were taken fraudulently. It’s all on you. The power is with the people.

Almost anyone can enjoy all the empowerment of the web3 space… as long as they also understand and accept the responsibilities.

Trust Yourself

Do not let these warnings make you afraid, but instead rise to the challenge of practicing basic security measures to keep your stuff safe! You are more capable of protecting yourself than any corporate bank, but you will have to spend some time and energy taking this power and responsibility into your own hands. This is still totally new, and we all have to learn new habits and routines.

The web2 world encouraged us to focus on simplicity and trust in the financial system. The convenience of cash transfer apps, debit cards and anytime/anywhere banking have taught us that money can move quickly and smoothly behind the scenes with little effort on our part. While highly convenient, it is easy to forget that this system requires trust of countless entities who are essentially strangers to you. With web3 tech, we are rapidly moving toward eliminating the need for trust. When trust is removed from the equation, a scammer’s power over victims is vastly reduced. You have the power to fight bad actors, you just need to learn to use it!

Owning crypto may not require you to trust a bank, but you must always trust yourself. You must trust yourself to never lose your seed or recovery phrase. You must trust yourself to take careful and deliberate actions when trading, transferring, purchasing, bidding, etc. You must trust yourself to follow the income tax laws of your country, realizing that while only you can hold yourself responsible, others will certainly hold you accountable.

Be a Watchdog

We understand that there will always be those who take advantage of anything with value. Become vigilant. Pay attention to the actions of those around you. Help your early adopter peers by watching their backs. These impersonators, imposters, phishers and frauds will always pollute the most successful blockchain communities. Their power will be continually reduced as web3 evolves toward its true potential. There is a constant battle between those here to engage with blockchain systems in the correct ways and those that are just here to try and take from others.

The Reality of Scams

Focus on protecting yourself and your fellow community members through open communication. Enhanced community looking out for each other… that’s making sweet and delicious lemonade out of some really bitter lemons.

Scammers and cheaters are not going anywhere, but the more people we can empower throughout the world, the fewer people will be driven to these types of malicious activities… and the more we’ll all be able to protect ourselves and each other. Doesn’t it feel good to be part of the solution for the big problems?

Within the Gala team, there are ongoing and passionate conversations about the importance of building a road for our growing community that is always safer and straighter than the one before. We’re proud to have been rated the most secure altcoin in the world, but there’s always room for improvement.

Upcoming Papers

This article is merely an introduction to the Guardian Papers series, which will be published over the coming weeks and months to ensure basic security information is available to all newcomers to the Gala community. 

Each relatively short article will have the intention of raising awareness to a specific security concern, but these articles are far from the whole story. We encourage every one of you to always stay vigilant and informed, and please, do your own research.

Stay tuned and stay safe!

Our mission of empowerment is becoming a reality, and as any friendly neighborhood Gala community moderator would tell you, with great power comes great responsibility.