The blatant tradeoff blockchains make in achieving immutability
“The biggest issue in blockchains today is scalability”
This is a fallacy many people credit as the most critical issue in blockchains. This is what the hype around Nano last December was all about. A fast cryptocurrency that solves scalability is here, so we should now see adoption, right? Wrong. Not only was Nano not adopted by consumers for peer to peer payments, but all of the enthusiasm around it has diminished.
Let us take a second to gain some perspective here though — to truly understand the essence of what I’m getting at. What is the most historically established use-case for distributed ledger technology (DLT)? It isn’t supply-chain, file storage, or content monetization. It’s payments — peer-to-peer transactions for commerce or for remittances. For payments to succeed as a use-case for DLT — what needs to happen? It isn’t that blockchains need to be able to scale to twenty trillion transactions per second. It’s that cryptocurrencies become adopted by consumers. This would then lead to cryptocurrency becoming adopted by merchants, and in turn, cryptocurrencies becoming a major part of the economy. To what scale? I don’t know. One thing, however, is clear to me — it doesn’t matter how many transactions per second a blockchain payment solution can achieve — if no one is using it.
What’s the actual issue with cryptocurrency?
The premise of a cryptocurrency is that it is more secure and more decentralized than a centralized fiat currency. Let’s go over each of these concepts briefly. Decentralized indicates that it is economically, geographically, and/or systemically decentralized.
Bitcoin, for instance, isn’t entirely economically decentralized and it isn’t entirely geographically decentralized. However, it still is systemically decentralized. Performing an attack on the network would not only be costly but most likely end in a failure. Therefore, the network is decentralized.
Secure indicates that it is completely trustless in the sense that there is no single point of failure. Resultantly, the currency’s monetary policies are not controlled by one single centralized entity. That is, without a doubt, true. The birth of cryptocurrencies fathered a whole new era of global finance. You’ve got to take a step back and realize how groundbreaking the concept of being able to own your own money truly is. Ten years ago, the idea of a currency not issued by the state would have sounded like a fairy tale. We’re living in historical times. There’s no doubt in my mind that not only are blockchains secure on the network-end, but they’re unbreakable if implemented and scaled out correctly. But there’s a tradeoff. There’s a tradeoff made in increasing network security.
It is not only making blockchains insecure, but acting as the greatest barrier to adoption.
In 2017 alone, 978 million people were victim to cyber theft. That’s about 12.8% of the entire world’s population. But this number is skewed, because it includes the large population of the world that is underdeveloped. 143 million Americans lost money to online thefts in 2017. That’s 43.7% of the entire American population.
Keep in mind that these aren’t hacks of cryptocurrency, which would be irreversible due to the immutable nature of the blockchain. These are figures of people losing money that was stored in their bank accounts, in which case they just had to call up their bank and ask for a chargeback. No questions asked, the bank or payment provider issued the reversal and everything was happy and jolly again. If Bitcoin were the global currency, and 978 million people around the world lost Bitcoin to hacks — that would have been 978 million people stolen from and not given back what was theirs.
Now let’s go back to what we were saying about cryptocurrency needing to be adopted by consumers.
If people can’t figure out security in legacy, reversible systems — we can assume without any hesitation that they won’t be able to figure out security using an irreversible cryptocurrency. Imagine if this were a new era of finance where Bitcoin is a global, sovereign currency. One hack would result in a person losing their entire bank account.
I’m not alluding to the idea that people won’t be able to understand cryptocurrency, or be able to adapt to a new generation of technology. That’s too specific. What I’m referring to is the unsustainability of the notion of taking control of your own finance. It’s unachievable for the everyday layman.
Centralized solutions have network insecurities that can be alleviated through the use of blockchain technology, which allows us to distribute the hosting of nodes that keep track of the network’s information. However, in order for people to access their ‘account’ (wallet) on the network — they must generate a 64-character private key. Let’s take a step back. It’s sixty four characters long. It can’t be memorized. The average password is 9.6 characters long, and even at that length people can’t seem to keep track of them at times. Therefore, it has to be stored somewhere. So instead of people storing their passwords in their brains, physically, or digitally; private keys are stored only in physical and digital locations. This only exposes access to hackers even more, increasing the weakness of security on the user’s end.
We’ve established that the greatest obstacle to the usage of cryptocurrency as a payment rail is on the consumer’s end of the spectrum. We know that user security is the most grave and critical of them all. We also know that you must trade some of one (network) off to gain the other (user) and vice-versa. This forms a dilemma. It’s the blockchain security paradox.
Improving network security sacrifices user security in the immutable nature of a blockchain itself. Improving user security by reducing immutability through reducing decentralization trades network security off. So how do we find that sweet spot, where user security and network security are maximized? We don’t. It’s impossible. But what we can do is reduce the tradeoff in user security that we make in pursuit of achieving network security.
That, my friends and readers, is why I’m writing this article right now. I believed that it would be impossible to accomplish this — though now, I’ve come across a project that is improving user security without trading off network security. It’s a project that has got me excited enough to write this long article out in a rush. Meet Vault12.
Distributed, decentralized, and serverless digital custody
Vault12 is an application that utilizes Shamir’s Secret Sharing, invented by Adi Shamir, to split digital information into any number of shards. From there, a specified number of shards are required to restore and reconstruct that digital information that was split. How does it work? Let’s go over that.
The first thing you’ll do is download the Vault12 application on your mobile or desktop device. You’ll then select a number of Custodians — comprised of close friends (Guardians) and casual friends — that you want to have your shards distributed to through secure relay networks. These individuals will be added to your list of Custodians, and from then on you’ll be able to secure your assets in a few simple taps. Once they download the application and accept your request to secure your vault, things can really get going.
You’ll enter in a key or image that you’d like to store safely and securely. This could be an image of your seed words that you wrote down for your Ledger, or the private key to your cryptocurrency wallet.
From there, you’ll select the parameters of how you want to secure the digital information you’ve just uploaded. There are multiple security models the user can choose from to conform to whatever their friction tolerance is, or whatever their specific security needs are. You could go with Quick-Access, which simply creates backups and distributes that to your Custodians. You could go with Easy Access, Secure Storage, or Ultra Secure. It all just depends on how important the information is, what exactly the information is, and how much you trust each of the people you’re distributing it to. Keep in mind that the parameters of how the system will work are completely up to you. That means you could set it up so that you shard your information out to a hundred people, and only require ten back to reconstruct the information. You could also store some of your shards on multiple devices that you own, if you enjoy the concept of taking control of your own finance but want to distribute storage of your keys. Generally, as a consumer, you’d distribute it amongst five family members or close friends.
At this point, your digital key or image is completely secure. It’s distributed amongst whatever number of devices you chose, and cannot be accessed without your device (the master device) as well as without retrieving a specific number of your shards. Eventually, it comes to the point where you actually want to retrieve your keys.
In the example we’ve been looking at, Jon has five custodians. Of those five custodians, two guardians are required to confirm his request to receive his shard back. No casual friends are required to in this case. After two of five guardians confirm his request, he’s free to view or edit his seed phrases.
It’s that simple
The user interface on this magnificent application is extraordinary. It doesn’t really feel as though it’s a cryptocurrency application, because every single cryptocurrency application we use today is over complicated and just feels terrible to use. Vault12 is not only a user-friendly application, but it’s addressing the greatest issue in cryptocurrency of present. Now, let us address some potential concerns.
What if you lose your master device? That’s simple. You’ll just download the Vault12 application on a new device, and request a restore of your vault from your Guardians. This will be more tedious and frictious than simply reconstructing your key or image, but it will make sure you’re requesting a restore for your device and not someone elses.
What if you can’t find people willing to act as Custodians, just out ingenuity? For this, Vault12 has already thought out a solution. Vault12 is introducing the Vault Guardian Token (yes, I know “another useless token?”) which will be used to bind services through smart contracts on the application. These services include the costs of relay networks through which shards are securely transmitted (which can get quite costly), paying professional custodians, and membership fees. So if you are unable to find anyone you know to use their devices as vaults for you for free, you could either pay them in Vault Guardian Tokens (VGT) or hire professional custodians and bind the service of Custody through these tokens.
Economic incentive is why cryptocurrency was designed in the first place. Blockchains could not work without an economic incentive motivating people to host nodes and secure the network. In the case of Vault12, VGT act as the economic incentive for people to secure shards, act as storage nodes, and host relay networks. With this in mind, VGT is not another useless token.
What if Custodians lose or delete shards? Vault12 will immediately notify the owner if any of the shards are lost, and the Mesh Information Storage (MIST) Network will monitor the health of the vault in real time. If a fraction of shards were lost, that would be a signal to reconstruct your key and redistribute it to more trustworthy individuals. You could also request a few shards back in order to generate more, which is a functionality built into the application.
What if the owner’s device is compromised, and someone requests shards back from Custodians maliciously? Every Vault beyond the tier of Quick Access requires either social authentication, or some other form of authentication, be done by the Custodian. This could include things like a phone call or a video call. The system is designed to make it so Custodians can be absolutely certain that the request is coming from the actual owner, and not someone else with malicious intentions.
The team behind the project is excellent. You can take a look at their experience themselves, I won’t walk you through their LinkedIns. It’s filled with experienced, well-seasoned individuals with experience in large firms doing business development, software engineering, cryptography, and management. They are positioned well as a company.
This is a serious group of people with a strong history of executing sharply — looking to solve a serious problem, with a serious product, and some serious progress. I’ve grown fond of the product Vault12 intends to deliver. I’m excited to see what Vault12 will bring forth when the product launches. Currently, I have made no investment position in Vault12. I truly believe that Vault12 can make an everlasting impact on the cryptocurrency space and make a strong push towards actual adoption of cryptocurrency for payments.
This article intends to introduce an unpopular perspective on blockchain technology, and outline a project that makes an interesting effort in solving a grave issue in the space. As always, none of our reviews are paid, compensated, or incentivized in any way, shape, or form.