Account model, Wallet model and Security on the DEX part 1 of 2steemCreated with Sketch.

in #bitshares7 years ago

I decided to write this post because there is a lot of confusion on how the DEX handles security and what the different models mean.

Let's start this off by mentioning the basics. DEX means Decentralised Exchange.

The key word here is DECENTRALISED. There is no central server performing authentication, no central authority that EVER sees your private keys or your wallet.

Both the reference web wallet and reference wallet application (as well as the various gateway branded versions of them) run LOCALLY on your computer.

The web wallet simply downloads a web application (the reference wallet) from the internet and then runs it locally in your browser.

The wallet (web and standalone) then communicate DIRECTLY with the various API nodes and only SIGNED transactions and operations are sent through the network. The signing itself takes place locally on your computer and keys are NEVER, I repeat NEVER, sent through the network.

Clear enough I think.

Now let's continue.

Wallet model is pretty much the same as any other cryptocurrency wallet (think bitcoin standard client, electrum etc.).

You choose your wallet file from your computer (which contains encrypted keys), unlock it with your password and perform transactions.

A wallet can contain multiple account entries, each with its own set of keys similar to other cryptocurrency wallets.

The main difference is that the Bitshares wallet (web or otherwise) ALSO provides exchange functionality and not just transactions.

The subtle difference is that while in other cryptos there is a 1-1 relation between Private Key and Address, in bitshares there is an "account name" (address) which abstracts this.

In fact, each account name has 3 private key types (all of which can have multiple entries and can be changed):

An active key that has full access over the account (but cannot change the owner key)
An owner key that is the absolute master key
And a memo key that is used to decrypt memos in transfers

When you create an account in Wallet Model, one set of those 3 keys is randomly generated (locally) for that account and is then backed up to your wallet file and encrypted with the password you choose. Hence you need the wallet file in order to gain access to the private keys.

When you create an account in Account Model, the set of those 3 keys is derived from the password you choose through a standard one-way hashing function. This is why an auto-generated very long/complex password is auto-generated for convenience, but it allows you to regenerate those keys on the fly anywhere simply by entering your password. Still, the keys are NEVER stored or transmitted anywhere online.

However since in account model , your password corresponds to one set of keys, you can only use one account at a time.

Seeing as account keys can be changed, you can always set things up so your wallet contains multiple accounts, each of which has a set of keys derived from a password (From the Cloud Wallet tab when you select View Keys for the account in question from Settings -> Accounts). This will allow you to keep a wallet file with all your accounts and their keys encrypted but also allow cloud access for one or more of those accounts by using the seed password)

Once again, the important thing to remember is that there is NO central authority that holds your Private Keys. If you lose your wallet file, lose its password, or lose the seed password (if you're using cloud model keys) , there is NO WAY to get your private keys back.

Since there is no centralised authority, there is no Google Authenticator-type 2FA either.

If you want slightly more piece of mind, you may want to consider a multi-sig account but I'll leave that for part 2.

Sort:  

Good post. And here lies the double edged sword. Ultimate security and sovereignty over your digital assets comes at the cost of absolute responsibility. I think it would be worth bringing up with any future core dev team whether to include some compromises in the wallet model to allow general population a "forgot my password" function. What do you think?

"Forgot my password" automatically implies that it also exists (or can be reset) with a 3rd party/centralized entity. It pretty much defeats the whole purpose.

Keeping your private key safe has been the key (pun intended) instruction for ALL crypto since the beginning. There is some confusion because bitshares' wallet also functions as an exchange(and centralised exchanges have their own auth mechanisms with 2FA and reset functionalities etc. but they do it by virtue of holding on to the private keys.

I think the system as it stands is great. What is lacking is some "ease of use" features / abstractions. For example a Trezor multisig equivalent for bitshares for people needing more security....Or a suggestion to print out your PKs and keep copies in hard form in safe locations etc.

Good response and I agree. My thought is that perhaps there's a way to accommodate the 5 billion people who are not at this moment willing/capable to take total control and responsibility. Perhaps there is a way to have a similar ease of use feature a la a third party gateway with a degree of centralization for people who want to opt in to handcuffs and want a Coinbase like experience.

You seem to be going the other way and I think I agree with you. We should focus on making it easier for people to take responsibility and not enabling them to take the easy way out.

I think technically OL does that with their AirBitz integration.

Not my preference but it definately fills the gap you're referring to.

Oh I did not know OL integrated AirBitz thanks. My first principle is discretion and individual sovereignty. If people want to be at the mercy of a centralized third party company they should be able to do so. They have to deal with that set of tradeoffs though. And no one better force me to use something like that.

Congratulations, you were selected for a random upvote! Follow @resteemy and upvote this post to increase your chance of being upvoted again!
Read more about @resteemy here.