Rethinking private key storage: Dice, Math and Art wallets.

in #crypto7 years ago (edited)

btc_wallet.jpg

This may sound as surprisingly simple concept, but Bitcoin private key is just a big number. So, all you have is a number that, fortunately, very difficult to guess. This is just as difficult as finding a certain atom in the universe. For example take a look at the biggest private key:

115,792,089,237,316,195,423,570,
985,008,687,907,852,837,564,279,074,
904,382,605,163,141,518,161,494,336

I was incredibly impressed by this approach of proving the fact of ownership. Simple and elegant.

But here is the problem: how to remember or save this thing? And even its more complex version: how to remember it securely that other people could not find it?

The traditional way is to use software, hardware or paper -wallets. The first two work almost perfectly: they are fast, easy to use and quite safe. The third provides the highest level of offline security. So why would we need anything else?

ok wallets.png

Because it's so obvious that you have bitcoins! Hardware wallet, for example, could be very secure from a technological perspective, but the fact that you keep that little device makes you vulnerable.

So can we hide them? Yes, the method is called Brainwallet. Brainwallet allows you to store the entire key in you head in a form of a secret phrase. The only weakness of this approach is the phrase itself. People come up with "super secure" passphrases like bitcoinisawesome and then "suddenly" lose their money.

Therefore, I propose to approach the process of storing keys more creatively. In this article I will show several Superbrain wallets. The rule is simple: the more creative you are, the safer your keys, but the important thing here is not to fool yourself.

Dice wallet

In this section I want to cover simple self-generated wallets. This is probably the most secure way of key generation. A private key could be created without a computer, so without the risk of being spied on. Just grab a pair of dice, lock in your bathroom and start to generate the key. You need 78 dice rolls to generate a perfect random private key.

Each roll of the pair will give you a digit in your decimal private key representation:

dice.png
If sum of numbers is from 2 to 9 => write the sum;
If sum of numbers is 10 => write 0 (zero);
If sum of numbers is 11 => write 1;
If sum of numbers is 12 => roll again;

You'll get something like:

520711385241306060803293894049570349993513283960361568975308841698854766426408

(To generate the public key you'll need an offline computer with a dec2hex converter and the local version of bitaddress.org)

So far, so trivial. Now the creative part: why would you ever store your key as it is or in a form of mnemonic phrase? This is what most people do. But we are smarter, right? We'll hide it. For example we could take our most reliable password (usually the oldest one) and make some calculations with a private key:

« s u p e r p a s s »


s = 115
u = 117
p = 112
e = 101
r = 114
p = 112
a = 097
s = 115
s = 115
(in decimal ASCII codes)

Combined give us: X = 115117112101114112097115115. Now our obfuscated private key Po could be:

Po = P - X2

520711...408 - 1151171121011141120971151152 =


520 711 385 241 306 060 803 293 880
797 620 851 493 040 139 607 986 763
091 587 602 261 749 204 963 183

That's it! Now you can print this number wherever you want. The formula is easy to remember and reversible, so you can get the original key back.

Of course you need to come up with your custom formula. Perhaps, instead of subtracting you will use XOR, or the power will be 7 and you cut the highest digits, or you'll create a totally different algorithm for calculating X. Most importantly, if you come up with it by yourself, then you will remember it for a long time.

We got the key. Now let's think, how we can completely hide the fact of its existence. Well, we have a lot of digits, why not put them in their native habitat, for example... in an electricity bill? Easy!

fake bill.png

Print out multiple copies of this invoice and put them in the deepest corners of your grandma's house. (have you noticed the lightning network logo by the way?)

Now your money are pretty safe, right? Not actually. Figure out your own ideal concealment scheme, use the imagination but keep it simple!

Math wallet

revenge-of-the-nerds.jpg

This one is for nerds. But in fact it can be used by ordinary people... I guess. The idea behind it is similar to the brainwallet method with the exception of using custom math for key generation. Basically, you take several big numbers (or methods of their calculation) and a simple easy-to-remember formula to get the final number. Also you'll need a little bit of your brain juice.

Let's experiment.

The first idea that comes to my mind is prime numbers. The formulas that compute prime numbers are widely known. So you will never forget that. Also it's good to use name/username as a seed (something that you'll remember even in the middle of the night):

« c y b e r w o l f »


c = 099
y = 121
b = 098
e = 101
r = 114
w = 119
o = 111
l = 108
f = 102
(in decimal ASCII codes)

It's time to choose a prime numbers formula. I like Carol primes:

carol.png

I will use my ASCII codes as n (just insert them in the formula above) and calculate 9 different Carol numbers:

401734511064747568885490523084023000030322519044201505619967

7067388259113537318333190002971674057993023604362812340871196564049100799 (1)

100433627766186892221372630770688837357523572410676200603647

6427752177035961102167848369359579807687899057525184528383999

431359146674410236714672241392314049239819442482028131453687130226687 (2)

441711766194596082395824375185729627627642978433988866626594490042810367 (3)

6739986666787659948666753771754902476112427570807514589779573342207

105312291668557186697918027683669783281787778547095544942269825023

25711008708143844408671393477448460435553422065312711739179007

I can just sum the numbers, but this would be too obvious. Plus I'd like the sequence of characters to influence the final result.

As you can see, the length of number (2) is 9 digits less than what we need. This is the exact number of characters in my username. So I'll take the sequence of the first digits and extend all numbers except (1) and (3) because these are too long :

471644612401734511064747568885490523084023000030322519044201505619967

7067388259113537318333190002971674057993023604362812340871196564049100799

471644612100433627766186892221372630770688837357523572410676200603647

4716446126427752177035961102167848369359579807687899057525184528383999

471644612431359146674410236714672241392314049239819442482028131453687130226687

441711766194596082395824375185729627627642978433988866626594490042810367

4716446126739986666787659948666753771754902476112427570807514589779573342207

471644612105312291668557186697918027683669783281787778547095544942269825023

47164461225711008708143844408671393477448460435553422065312711739179007

Now I can finally sum the numbers and get my private key:

476840265094426330407196206875155042541543242828548535261757453672237039091703

Why does this work, you ask? Because the course of my thoughts is a real password. Even if I forget the exact algorithm I still can reproduce it through the same method of thinking.

Now the key is entirely in my head. No hardware / paper wallets, and it's pretty secure (it was before I published it).

Art wallet

If you are an artist you are really lucky - you can create art wallets. Again, everyone can do this, but your wallets will also be valuable art objects.

As you may have guessed, I'm talking about works that you can spread over the internet, print in magazines and hang in galleries. And no one will know about the secret.

It took about 3 years to solve this popular $50,000 bitcoin puzzle. It would have taken much longer if the author had hidden the fact that there was a key. May be longer than the potential Bitcoin lifetime.

For example, well-known gif artist Zack Dougherty could have stored some bitcoins in this beautiful art piece:

zack_.gif

The simplest way is to count the number of triangles in each frame and then produce the result using some simple formula.

Triangle in our case is any contour with 3 black edges, which can be detected by applying Paint Bucket Tool with the maximum tolerance (100) on the edge-detected image:

_a_frm0,0 (1).png

Layer 1.png

We got: 8, 6, 5, 7, 6, 5, 4, 6, 5, 8, 9, 6, 5, 7, 4, 0, 7, 8, 7. It's only 19 digits, but we need about 78, so we'll use cubed X for the extension:

X = 8657654658965740787
X3 = 648934368119118738927965517829892670314024368938341623403

Pk = 8657654658965740787648934368119118738927965517829892670314024368938341623403

I think the key to success here is to be as original as possible, but not so much as to forget your own scheme. Of course, this particular image is not the best choice because of low resolution and ambiguous encoding, but if you create your own art, you will take care of the details.

Conclusion

There are many more methods to encrypt and remember private keys - only your imagination is the limit. You are a universe and that universe is larger than 256-bit space. Obviously, these methods only applicable for long holding and backup wallets. Don't use them to buy coffee - you will get mad!

Be creative and unordinary, it pays.

Tools used in the article:
Big number calculator
ACSII converter
Base Converter
HexDec converter
Photopea - onine photoshop

Sort:  

While I enjoy the creative ways of generating a private key, and have seen many other creative approaches to security out there, I would discourage people from using any of them. There are so many ways to get it wrong.

Security professionals understand the issues involved, think about them every day and keep up to date with information on which security solutions have been compromised and which have held. In almost all situations, people are better off using industry standard security solutions which have been tested with millions of people. Currently, hardware wallets are considered the best available solution for generating and storing a private key. People who want peace of mind can utilize this solution and try to read up on how hardware wallets, private keys and blockchain technology work, in order to have a better understanding of the workings of the whole system, and hence to know how to protect themselves better.

Unfortunately, to my knowledge, there is no hardware wallet solution for generating and storing your Steem private key, so that remains as one of the big and important security problems for the ecosystem.

Yes, I have to admit that the complex schemes are not for everyone.

I guess your creativity is so far beyond mine. I had never thought about using my own art to create art wallets. Plus, I am also very bad at maths and this whole formula thing and numbers are giving me a headache. But I love reading this kind of posts, a good reminder to not stop myself imagining things.

"I guess your creativity is so far beyond mine." no, it is not! You have your own type of creativity, and you can use it to make art wallets. Just keep the math part simple, all you need is to somehow encode 78 numbers in your picture.

These are indeed perilous times for cryptos.
People aren't designed to store private keys. Our memories just aren't that good. Further, we will have many wallets, and many many addresses.

You have thought of some good ways to hide, in plain sight, your keys. And this will be even more important in the near future.

I believe, really good methods have not been discovered yet. And also I think that the concept of money will change. Who knows, may be we'll even go away from that concept?

You can also try Molis Hai which converts random bits to seemly natural language using n-gram language model.

And here are some 56-bit passwords of order 8:

took horse for Dover; and then stood smoking, too! replied: My child, this world

out of these footsteps destination and by the wall where he

and alluvial mud, under such thought madame, drawing themselves through her f

by Lucie at her sole reliance, under a bank overhanging about. There, said he, i

in such differed principle. And look at, am I? Why don't you be afraid of, for he stooped, and leth

the nose became much more wicked foreign woman; what plate as to matter. But when I ask your

did a great Stilton cheese, until to-morrow. For to-morrow! Now, a judiciously sensibility she wound about he

young ladies made to stand up against, and notice, when two dusty men passionate, loving, thankful that if s

Cool, thank you for the info!

This is a very interesting way to go about it @cyberwolf. Biggest fear is losing my memory though..

Just grab a pair of dice, lock in your bathroom and start to generate the key.

Gotta love how security freaks think!

And he didn't even suggest putting cardboard around the dice to cover from any potentially hidden camera in the bathroom. :D

Haha.. reminds me of The Truman Show. Cameras everywhere!

Yes, there is a possibility to forget it, but I think that everyone should have at least one backup in memory. Plus If you refresh it let's say every month, you'll be safe.

Gotta love how security freaks think!

B)

One thing I feel great about pure brainwallets is to be able to cross borders carry my whole bank with me like a boss..

Yeah, even by swimming :D Absolute freedom