How Cryptocurrency Wallets Revolutionize Digital Asset Management

A cryptocurrency wallet is a digital wallet which holds the private keys of your cryptocurrency. There are over a thousand cryptocurrencies, but the first and best known is bitcoin. Some wallets support multiple cryptocurrencies. The cryptocurrency itself is not ‘in’ the wallet. In the case of bitcoin a copy of the total amount of that cryptocurrency is decentrally stored and maintained in a publically available ledger. With the private key(s) you can write in that public ledger and move your cryptocurrency to another address (wallet), effectively spending your ‘money’. Every piece of cryptocurrency has its own private key. If you have a single bitcoin (= 100000000 satoshi) it could exist out of multiple private keys.

Wallet access

When choosing a wallet, you must keep in mind who has access to (a copy) of your private keys and thus has potentially access to your ‘money’. Just like with a bank, you have to trust the provider to keep your cryptocurrency safe. Trust was misplaced in the case of Mt. Gox, who ‘lost’ most of their clients bitoins. Downloading a cryptocurrency wallet form a wallet provider to your computer or phone does not automatically mean that you are the only one who has a copy of your private keys. For example with Coinbase you can install a wallet on your phone, but you can also access the same wallet through their website.

Key derivation

Deterministic wallets

With deterministic wallets a single key can be used to generate an entire tree of key pairs. This single key serves as the “root” of the tree. The generated mnemonic sentence or word seed is simply a more human-readable way of expressing the key used as the root, as it can be algorithmically converted into the root private key. Those words, in that order, will always generate the exact same root key. A word phrase could consist of 24 words like: begin friend black earth beauty praise pride refuse horror believe relief gospel end destroy champion build better awesome. That single root key is not replacing all other private keys, but rather is being used to generate them. All your addresses still have different private keys, but they can all be restored by that single root key. A hierarchical deterministic wallet doesn’t need to back up so much data. The private keys to every address it has ever given out can be recalculated given the root key. That root key, in turn, can be recalculated by feeding in the word seed.  

A well generated 24 character password takes distributed.net, with the CPU power of 76 billion passwords per second, max 12307952319511902000 years for a brute-force attack.  In 2001, distributed.net was estimated to have a throughput of over 30 teraFLOPS and in 2016 the fastest single supercomputer reported 93 petaFLOPS. A 93000/30=3100 times faster system however is still far too slow. A word in a word seed can have 3 to 8 characters. A 24*3=72 character password takes even longer.

Non-deterministic wallets

In a non-deterministic wallet, each key is randomly generated on its own accord, and they are not seeded from a common key. Therefore, any backups of the wallet must store each and every single private key used as an address, as well as a buffer of 100 or so future keys that may have already been given out as addresses but not received payments yet.

Backup

Depending on the wallet a backup basically come in these three forms: 

• A (encrypted) file like wallet.dat or wallet.bin wich contains all the private keys.
• A word seed from which te root key can be generated, from which all your private keys can be recreated. Preferably these words could be remembered or written down on paper and stored on a physical other location.
• A private key. Like: 5K8BwE76VsatQiRa5wJpGng7758FAz4vLkMxAry8QnyZTdQJxPn

When you loose your wallet and thus your private keys then you loose your cryptocurrency! There is no backdoor. When owning cryptocurrency you should carefully select who you trust managing your cryptocurrency. An (encrypted) copy of your wallet should be kept in a trusted place. Preferably off-line.

Software wallet

They come in dirrerent forms like:

• Installed locally on a computer, telephone or tablet application.
• When using a webwallet the private keys are managed by a trusted third party. Some web based wallet providers use two-factor (like Google Authenticator) for extra security. In that case a keylogger is not enough for a hacker to steel your credentials and get access to the wallet.
• Cryptocurrency exchanges link the users wallet to their centrally managed wallet(s). For example: When trading bitcoins between users on the Kraken exchange the trades are written in their private ledger (off-chain transaction). Only when a user wants to enter with his cryptocurrency into the exchange or when he want to take his cryptocurrency out of the exchange, then the transaction is written onto the public bitcoin blockchain (on-chain transaction).

Full clients verify transactions directly on a local copy (more than 110Gb) of the blockchain, or a subset of the blockchain. Lightweight clients consult full clients.

Hardware wallets

They are considered the most secure, because the private keys never leave the physical wallet. They are born (created), used (transactions) and die (deleted) on the physical wallet. If a hardware wallet uses a word seed for backup then you should not electronically store the seed, but write it down and store in a physical different location(s). Storing the backup electronically lowers the security level to a software wallet level. Most hardware wallets require the user to physically press or touch the wallet in order to make the transaction. Worst case scenario is that a computer is infected with malware and the amount and destination address is altered by a hacker. The private keys remain safe. Some hardware wallets have a display where you can verify the transaction before executing it.

If a software wallet supports the same (word seed) technique, then the backup can also be restored on a third party (software) wallet.