A Reliable Key Backup and Recovery Method for Cryptocurrency Custody in Blockchain

Abstract

Blockchain authenticates the user’s identity and guarantees consensus on the execution order of all the valid transactions generated by users. Every transaction is signed by user’s private key and users are identified by their public key. If a user has lost his/her private key, then it may result in the loss of all of cryptocurrencies that he/she has owned. Therefore, it is critical to keep a user private key available. For this purpose, we need a method to back up and restore a user’s private key. In case of centralized service, it is easy for centralized organization like bank to back up user private keys. However, in case of decentralized services in blockchain, each user is responsible for backing up his/her own secret key because there is no centralized organization in blockchain.

The challenge is how to backup user private keys without compromising the decentralized feature of blockchain. The technique called t-out-of-n secret sharing is typically applied to support backup and recovery of user secret keys in such a blockchain. In the t-out-of-n secret sharing method, a user secret key is divided into n partial keys which are stored separately in different servers. The original secret key can be restored when t correct partial keys are obtained from t servers. In that sense, t is defined as ‘threshold’ for recovery. It is important to have at least t correct partial keys available at any time. For this purpose, first, we need to check whether a server maintains the partial key correctly. This operation is named as ‘scrubbing’. The existing t-out-of-n secret sharing technique has a disadvantage that each partial secrets are disclosed in plain text to a server that invokes the operation of scrubbing. Second, we need to maintain the number of honest servers (storing partial keys correctly) at least t. Note that the existing t-out-n secret sharing technique assumes t partial keys are accessible whenever needed. This assumption does not hold in real situations. This thesis proposes an efficient key backup method that guarantees to make more than threshold number of servers to maintain their partial keys accurate and no partial secrets are disclosed to a server (a scrubbing server) during the operation of scrubbing. The scrubbing is invoked periodically (that is, scrubbing interval) by a scrubbing server. It is shown that the proposed method guarantees the secret key backup and recovery if t partial keys are available. The reliability of the proposed method is analyzed with Markov chain model. Through the reliability analysis, we can decide both scrubbing interval and the value of t and n in the proposed key backup method to meet the given reliability requirement for key recovery of key backup service. For performance evaluation, a prototype is implemented. When n (the number of servers) is set to 120 and t is set to 100, it takes about 277.99 msec to validate all servers. Given 99.9999999%(nine nines) of reliability requirement, it is shown that the proposed method is able to meet the reliability requirement if the scrubbing interval is set to about 26 hours in the configuration of n = 10 and t = 8.