Exploring Private/Mnemonic Keys Advantages and Challenges: A Talk by Mudit Gupta
Mudit Gupta, who serves as the chief information security officer of Polygon, a well-known layer-2 scaling solution, recently engaged in an enlightening conversation. The discussion took place at the Ethereum Community Conference (EthCC), and it revolved primarily around the complex matters of private or mnemonic keys, their operational and security advantages, and the challenges they present. This article aims to provide a comprehensive overview of Gupta’s main talking points.
Key Takeaways from the Ethereum Community Conference
Gupta began the conference by underlining the disparity between theoretical security and practical security within the blockchain and crypto space. The executive was quite candid about his belief that when it comes to practical security, the industry has a lot of catching up to do. Gupta stated, “The space is running so fast when considering theoretical security. However, in terms of practical security, we are so far behind.”
Mudit Gupta presenting at the EthCC event in Paris, France. Source: EthCC Livestream
The Dangers of Private Keys
Gupta then proceeded to highlight the issues associated with private keys, articulating that they prove more challenging to secure than traditional passwords. This is mostly because, unlike passwords, private keys cannot be changed or recovered if they’re leaked or lost. To quote the expert:
“A mnemonic is just a one-time thing. You have it once. And if you ever make a mistake, if it ever gets leaked, you are done. So, keeping your mnemonic or private key safe is a much, much harder problem.”
Financial Risks
The executive shed light on the alarming financial implications brought about by the loss of mnemonic keys. Gupta estimates that a loss of “a couple billion” can be attributed to individuals losing their mnemonic keys. Furthermore, the lack of proper security sustains that there are billions of dollars in users’ wallets that are incorrectly secured, thus placing them in significant risk.
Despite such risks, Gupta emphasized that in theory, private keys can yield 100% security: “If nobody knows your private key, nobody can access your funds.”
Practical Issues with Private Keys
While he noted the theoretical advantages of private keys, Gupta explored the practical problems that these keys bring about. Gupta said, “What if you die for some reason? How can your loved ones access your funds? So that’s a tough problem to solve. Also, there is the key rotation problem. What if, for whatever reason your key is compromised?”
Related: Answering a morbid question: What happens to your Bitcoin when you die?
Security Challenges in Crypto World and Beyond
Gupta took time to highlight the difficulties faced by those who work in security, particularly the challenges of being a defender in today’s time. He stated that compared to attackers, defenders have a much tougher job.
“As a defender, you have to cover every single point. If you leave any hole, someone will get in. As an attacker, it’s easier. You just ignore the secure system. You find a way around. You just have to find one way to break in and that’s it.”
Yet, despite the challenges and complexities of the task, Gupta underscored the importance of defence in the world of security. He concluded his talk with a reassuring statement that “someone has to defend.”
Magazine: Should crypto projects ever negotiate with hackers? Probably