Regarding proof of loss, this may be a long story from ideas to a proof of concept. I thought about a kind of recoverable-property decentralized system which makes you confident that losing private key is not a problem anymore. Just like you lose your facebook, you can easily recover it by email or phone number. But it was almost at a standstill and I gave up.
Two months ago, I was working on Ethereum privacy and suddenly found out some good stuff which is perfectly fitted for my previous ideas. And somehow, Parity multisig hacked came as a hurricane, a lot of ether was locked because their owner had been unknown. This event reinforces my ideas about the necessary of the recoverable-property decentralized system and made me seriously getting my hands dirty.
In a traditional stream, you want to avoid losing your secret (maybe private key), then you decide to create many copies of original version to save them in many places. However, it becomes more dangerous when someone suddenly could find out one of your copies and stole your property.
In another solution, just like sending money to bank, you try to send your ether to a trustworthy party and let them save your ether. But it’s so unsatisfied and complex when you want to use your ether.
My goal is creating a system that help you to save nothing and send your ether to nobody. Moreover, you also don’t need to deploy any code. You just come there, pay only your service fee and enjoy your safety.
To reach this goal we suggested three main ingredients:
- Proof of Loss: proves your ownership with property that you lost.
- Revocable Property: makes your property possible to come back to you.
- Decentralized Risk: prevents “all” frauds of risks, creates a safe environment to you.
Proof of Loss (PoL)
This is the first problem I had to think about and try to solve it. You want to get your money back or a compensation at least, you have to prove that it’s lost. So, the question: How can I get PoL in blockchain ?
When you lose it, you lost it!!! On blockchain, the only one thing can present ownership of your ether is private key, as what I said: “You lose it, you lose all things”. As for your balance, it’s not lost but still there on blockchain, actually. It just does not realize you any more.
I had no idea to distinguish a guy who lost the key from a random guy because they are just the same. So let’s put ourselves in a situation for some motivation.
If you have 1000 ether (more than $300.000 of worth) in your account and you lose private key, it will be at this moment you know you fucked up. Yeah, it is… When you lose something, maybe the first person know about that is you. It’s such a crazy idea. Because I’m also crazy, I attempted to use this idea to make an on-chain PoL.
When you literally lost your key, you can send a message to blockchain to write down “I lost my key of account 0x50f00150f00150f001…” along with some ether for a deposit and this is your PoL but you must wait 1000 blocks (for example) for validation. Why must we wait? It’s the way to prevent your budget from attackers who can create a fake PoL and drain your budget.
In the term of 1000 blocks, If any ether is moved out from your budget or real owner call a function (discuss in more details later) in order to prove that the key is still safe, PoL will be invalid and all deposit will be punished.
Well, we have gotten a scheme to create a valid PoL. The next problem is a method to recover the property.
My idea is not trying to build a kind of insurance as something like “I will bring my ether to compensate for your losing ether”. No, it is not what I want. I need a solution that when you lose your ether, the community will help you to bring it back. That’s how I call Recoverable Property.
Moving on another question: What is the property ?
There are 2 choices, the first one is private key and the other one is your balance.
In case of private key, to be able to recover it, you need to save it some where. It seems to be a paradox when I say this. When you saved private key in somewhere, that means you never ever lost it. Let’s imagine that Nani is the richest man on Ethereum in the world and Nani is so careful, not believe any one else. Nani tries to write down his private key in 10 copies and hide them at so many places in his house. One day, Nani’s house got fire, everything was destroyed even his soul. Yup, that is the situation I am mentioning in this article.
So, we try to persuade Nani to send Luis (his lawyer) the private key and let Nani know that we use some cryptography algorithms to encrypt his private key and no one else can decrypt it except for Nani. But only one thing Nani must do that is remembering the password to decrypt the cypher text which was saved by Luis. “Shit, if I have to save this password why I don’t save my private key directly, bruh!”, Nani yelling at our face.
I knew that it had some thing like Secret Sharing, but nah, it will not work if all parties collude and drain all ether in darkness. So we skip the idea that private key is a recoverable property. Even though we can figure out a magic solution, what would we do with ether in a smart contract? Actually, you can do nothing because it doesn’t have private key practically.
As a result, we choose your balance to become a recoverable property. To make it possible to be recoverable, I took an idea from Lightning Network. I create a transaction to send all my balance to another account which I had its private key and let the transaction be saved offline by someone else (not broadcast yet). Now I can withdraw my money with this transaction in case.
Let’s think about it! I had a transaction that sends ether from an account A (my original account) to my another account B (my redundant account), so I have to save the private key of B. M*therf**ker, I still get around with saving the f*cking private key. Ahhhhh!
Otherwise, just the same as Nani, I don’t want to save anything. In this case, I don’t want to save the private key of my redundant account. Thus, this transaction must be possible to be filled with the receiver, which was provided in PoL, later.
I guess that you are wondering how can I create such the transaction. Haha, I don’t want to make this article too long to read. Let’s discuss more detail in next episodes, now I just tell you and pretty sure that I had a solution.
According to what I said repeatedly, we don’t want to save anything. We just want to create PoL and that’s enough at all. However, we had a transaction in the Recoverable Property part, if we do not save it, so: Who would save your transaction ?
To make someone spend their effort on saving your transaction, we must create an incentive, that is the moment service fee comes.
One party that would save our transaction is not enough, of course. We need to decentralize risks. This is the moment for Secret Sharing emerging as a hero.
You can make a research by yourself how charming Secret Sharing is.
To be brief, we call the guys save the shares are holders. Secret sharing 5-of-10 will be using, it means you just need 5 shares to be able to construct the original transaction and that’s how we decentralize and decrease risks.
Now, we try to discuss some attack vectors if a number of holders collude.
For instance, a half of holders collude to not construct and send the transaction. Of course, they may have incentives to do that. Thus, to prevent it, when some one want to be a holder, they must deposit an amount of ether. When they get fraud, we will penalize on this deposit. On the other hand, If they do right, they will get an incentive.
Furthermore, if some holders try to destroy the transaction by sending it in invalid conditions, it’s just the same above, we will punish them by taking all deposits.
Here, we will punish all of the holders even though some of them do not take part in fraud. Because we want them to take a responsibility against for cheating, if they don’t, they’re just like attackers and punished.
In summary, what would you do when you lost your private key:
- Create your Proof of Loss along with a deposit and a receiver (the address you want your money to come back). Waiting for 1000 blocks to be valid.
- More than half of the holders construct the transaction and broadcast to network.
- Check your money in new account. Enjoy it!
This is not the last episode, it’s just the beginning of my proof of concept. In the next episode, we will dive into:
- How can we create the transaction?
- Write a smartcontract — by Solidity
- The restrictions.
To read the next article in this series about proof of loss — Episode 2: Proof of Loss, Recoverable Property, Decentralized Risk — click here.
Also published on Medium.