Guardian Papers 2: Private Keys
Imagine losing the keys to your house… in a world with all unbreakable windows where locksmiths do not exist. This is what’s at stake when we talk about private keys, one of the most important tools in the web3 world.
Welcome to the second edition of The Guardian Papers, the series in which we’re taking you through some of the most important security issues in blockchain, one by one. The future of decentralization can create opportunities for bad people as well as good ones; that’s the nature of empowerment.
We’re here to not only empower our community, but also to help equip everyone with the skills and knowledge they need to protect themselves
What Are Keys?
Keys grant you access to your assets or information on a blockchain. Just like a password, you can use your private key to access your holdings in a wallet address, but the security of a key far exceeds the security of a typical password. Passwords can be hurdles to the villains that stalk the shadows of the digital world, but cracking or brute forcing a private key is a hurdle too high for anyone to jump.
There are typically two types of keys associated with any blockchain address. A private key is your personal proof of ownership and should not be shared with anyone. This private key is known only to you, and due to blockchain’s decentralized nature your private key is how you prove to the network that the assets held at that address are actually yours. This itself prevents many of the methods that the bad guys will employ to prey on individuals in less sophisticated digital spaces.
A public key is the one that your wallet will share while transacting. Your public key is actually derived from your private key through complex mathematical calculations, but due to the high level of encryption, the process can’t be reverse engineered. This means that your public and private keys are matched pairs– one is your visible footprint on the blockchain while one is your personal access code.
DID YOU KNOW?
Though not every blockchain uses the same names for them, most use some form of private and public keys.
On the Ethereum network, your wallet address actually represents the last 20 bytes of your public key. It is expressed in hexadecimal– indicated by “0x” at the beginning of the address. Since each byte is represented in two hexadecimal digits, a full address is 42 digits long (0x+20×2)
Your GalaChain address is also expressed in hexidecimal characters. It is comprised of 24 digits, with the prefix “client|”, which can double as a unique user ID for the Gala platform.
On GalaChain, the ability to transact through the Gala platform or dApps built on chain simplifies the day to day use of your keys. Your public and private keys still control access to your on-chain items, however.
There are many independently functioning blockchains and not everything here will always be true for all of them. This is intended to be general information about how keys typically work on a blockchain, but you should always do further research to understand the specifics of any blockchain you use.
How Keys Protect Your Assets
In blockchains that use both a public and private key, asymmetric cryptography is employed to ensure that assets remain protected for a private key holder. This keeps security high even though transaction data and the public key are readily available as public information on chain.
GalaChain operates on asymmetric cryptography, just like many other chains. While your public key is used to sign transactions, your private key always stays exactly that – private.
First, your private key generates a public key with encryption software to complete the pair when you first set up your wallet. Your public key then secures data as it interacts with the blockchain so that it can only be decrypted using the private key that it pairs to. Your wallet safely stores your private key, which now is the only key that can give anyone access to your assets.
There are many nuances and exceptions to the way asymmetric cryptography works on blockchains, and there are even some chains out there that run entirely on symmetric encryption. Understanding how private keys and public keys interact and relate to each other, however, is the first step in keeping control over your crypto treasures.
It’s All In the Name
One of the key components of blockchains is transparency and history. Transaction information and data is readily available and stored within the chain itself, thus making ownership of your assets fully provable. While your public key will be visible on the network and identify your address to the chain, your private key needs to stay just that– Private!
Your private key should never be shared with anyone! This private key is designed to be stored within a wallet and should stay in one. Your private key can be imported to apps and extensions like Metamask, but make sure that you 100% trust the encryption and integrity of anywhere you are sending your private key.
If someone has that key, they then suddenly own your entire digital hoard. While your private key may be able to be recovered with a seed phrase or recovery phrase, nothing can be done to prevent anyone who gains this key from immediately accessing your wallet. This cannot be restated enough times: Any individual asking for your private key is up to no good!
DID YOU KNOW?
A wallet doesn’t actually store your currency, but rather stores and controls access to the keys that can access the address the currency is stored at.
This means offline solutions like hardware wallets store your private keys in a secure environment, not accessible remotely.
When your private key is secure in a wallet, it signs transactions without being exposed to the network because your public key recognizes its other half. Though we use alphanumeric characters to express a private key, it’s in fact a seemingly random number of hundreds of digits long– the type of math us mere mortals use to keep your defenses impenetrable. Reverse engineering a private key from a public key is something that is beyond the technology of even a real life supervillain.
Control Your Lock and Your Key
The revolution that blockchain technology represents is all about sovereignty over personal property without barriers in between you and your assets. Maintaining control over your assets opens countless new possibilities, but that comes with responsibility.
Blockchains give you sophisticated tools to protect your assets, but in the end it all comes down to you. Maintaining a thorough security infrastructure on any device that your wallet is connected to will ensure that the lock on your vault is essentially impenetrable… but any lock is easy to penetrate if you hand over the key.
Your private keys are yours and yours alone. They should never be shared with others or transmitted digitally, and should preferably be stored offline whenever possible. Your keys are direct access to your treasures, so that’s what the enemies of digital sovereignty will come after… but you’re not alone in this fight.
As long as there are easy victories to be had in our community for the bad guys, they’ll be hungry for more. Only by educating and empowering everyone within the blockchain world to protect their private keys can we shut out the brigands who seek to cheat their way through this digital frontier.
The First and Last Guard
We’ve already covered a lot of ground in The Guardian Papers on how to keep yourself secure in the decentralized world, and our next installment will take us even further yet as we explore how 2-Factor Authentication is crucial for healthy defenses.
In the world of Web3, you are the first and last guardian of your assets. This may sound overwhelming, but that is the cost of the power of controlling and owning assets without the interference of a larger organization. You have the tools at your fingertips to easily maintain defenses that can’t be matched in the pre-Web3 world.
Here at Gala, we believe that empowering the players is about more than just ownership. It represents a responsibility to educate and arm the community with the knowledge they need to protect their control over their assets. As a community, the responsibility to spread wisdom that could help any member protect themselves is carried by all of us… until none of us are threatened.
Our security on chain may be strong, but we are always infinitely stronger together.