August 3, 2017

Keys to Secure the Digital Future: nChain’s Inventions for Security of Bitcoin, Digital Assets & Digital Resources


Bitcoin continues to generate excitement, but still faces questions about the security of users’ coins on wallets and exchanges.  Those security concerns are top of mind again as the ghost of the Mt. Gox hack made news again recently, with the arrest of BTC-e owner Alexander Vinnik for allegedly laundering $4 billion worth of bitcoin over six years.  His arrest has triggered suspicions about whether he or others are responsible for the theft of Mt. Gox’s hot wallet private keys and 850,000 bitcoins.  For bitcoin adoption to grow further, consumers and virtual currency business operators need more confidence that private keys cannot be stolen.

nChain believes it has the answer, in two of its patent-pending security inventions: (1) a Deterministic Key Generation technique; and (2) a Secure Split Key technique.  These techniques can be used to secure a digital wallet so that no Mt. Gox-type hack could ever succeed again.  But these inventions can do far more; they can secure any digital data, asset, communication or controlled resource, making their potential uses countless as our world and devices become increasingly digitized.

Since its inception, nChain has been working on a wide range of research and inventions to enable blockchain growth.  It is now pleased to begin sharing details of its work – beginning with these two inventions to prevent security problems with private keys, and more broadly, enhance confidence in digital storage of any critical and sensitive data.


Invention #1:  Deterministic Key Generation

The first technique is covered by a patent application entitled “Determining a common secret for the secure exchange of information and hierarchical deterministic cryptographic keys.”  We refer to it more briefly as a Deterministic Key Generation technique.  The full description can be found in PCT application number PCT/IB2017/050856.

Essentially, this technique provides for improved secure communication between a pair of nodes or parties on a network.  In summary:

  • A pair of nodes on a network (e. parties), each of which has its own private key and public key, exchange their respective public keys while keeping their private keys secret.
  • They also exchange a message.
  • They then agree between them a deterministic key which is based on the message. The key is “deterministic” in that the same key will be produced upon multiple executions of the key generation algorithm.
  • Each node then determines:
    • an updated version of its own private key, based on its existing private key and the deterministic key, and
    • an updated version of the other node’s public key, based on the other node’s existing public key and the deterministic key.

This may be achieved by applying a neat mathematical process to the existing private key and the deterministic key.

  • Each pair of nodes then determines a common (e. shared) secret on the basis of its own updated private key and the other node’s updated public key. As the deterministic key is based on a shared message and is therefore common to both nodes, the same common secret can be determined by both nodes, but by means of a combination of different updated private and updated public keys. This common secret can then be used as the basis for secure communication between the nodes.

Benefits and Use Cases of the Invention

The technique enables secure communication between the parties without the need to store the common secret, since the common secret can be separately determined by each party as required on the basis of the shared message.  Importantly, the message does not need to be stored with the same degree of security as the private keys, and in some cases may be publicly available.

Another significant benefit is that use of this technique also allows the generation of multiple common secrets, corresponding to multiple secure private keys, based on a single private master key for each node. This can be achieved by determining a series of successive deterministic keys on the basis of a process agreed in advance between the parties. These multiple private keys are consequently kept secure, despite the need to only securely store a single private key at each party.  Not only does this ease a considerable security burden, it enables the user to generate hierarchies of keys which are derived from a base or master.  If the user wishes, it can generate “sub-keys”, wherein the keys in the hierarchy have a logical association.  For example, a virtual currency business operator can generate keys which represent and secure related accounts or entities associated with a particular organisation or individual.  Thus, deterministic keys can be generated securely and in such a manner that they reflect the environment or context in which they are used.

Applications for this technique are varied and not even limited to use with bitcoin or blockchain environments.  Its potential use cases are countless as the digital world grows with increased digitisation of assets, cloud storage of data, newer methods of digital communication, and the anticipated explosion of Internet of Things devices.  Essentially, this innovation can provide significant security benefits for any situation in which sensitive data, assets, communications or controlled resources need to be secured.  Among other implementations, this can include:

  • Public display bitcoin addresses that are not re-used;
  • Secure point of sale systems for merchants;
  • Secure messaging;
  • Secure document archiving;
  • Secure oracle machines; and
  • Secure control of IoT devices.

To illustrate how this technique may be built upon to provide yet further innovations, here is one example of how the technique can be used to secure a digital wallet (for bitcoin or any other digital asset).  Public/private key pairs are often used in relation to digital wallets.  However, if wallet users are responsible for storing their private key, problems may arise when the private key, the users themselves or their hardware become unavailable as this renders the wallet’s funds inaccessible.  Conversely, though, storage of the private key at the wallet provider’s end requires a degree of trust in that service provider and their security mechanisms.  If the service provider’s systems are hacked, the private key(s) become available to unauthorised parties.  Funds may then be stolen or compromised.  Thus, there is a need to store the private key in such a way that it cannot be obtained by an unauthorised party, but can also be reproduced when necessary.


Invention #2:  Secure Split Key technique

In order to address the issue identified above, nChain has devised another invention – a Secure Split Key technique:  how to store a private key (such as for a digital wallet) in such a way that it cannot be obtained by an unauthorised party, but can also be reproduced when necessary.   Building upon the Deterministic Key Generation technique, this second invention is titled “Secure Multiparty loss resistant Storage and Transfer of Cryptographic Keys for blockchain based systems in conjunction with a wallet management system,” and its full description can be found in PCT application number PCT/IB2017/050829.

In summary, nChain’s Secure Split Key invention can secure a digital wallet, or another type of resource for that matter, by:

  • splitting a cryptographic key (or a mnemonic seed for a cryptographic key) into a plurality of shares such that it can be restored or regenerated from two or more of those shares. This could be performed using a known cryptographic algorithm called “Shamir’s secret sharing scheme” (4S), which involves splitting the key up into unique parts or shares which are then distributed to different parties.  The shares can be used to reconstruct the key when needed.  Each individual share is of no value or use on its own until it is combined with one or more other shares.  The number of shares required to reconstruct the key can vary according to the needs of the situation.  In some cases, all shares may be required, while in other cases only a sufficient number are required.
  • determining a common secret at two or more nodes on a network (e. parties), and then using the common secret to generate an encryption key which can be used to encrypt one or more of the shares, or a message relating to the share.
  • using the common secret to transmit at least one share of the key between the two or more nodes. These two steps can be performed using the foregoing technique and the Deterministic Key Generation invention described above. The transmission of shares between the parties must be performed in a secure manner because any unauthorised interception of multiple shares could enable the interceptor to reconstruct the key.

Therefore, different shares of the key or its mnemonic can be transmitted securely between different parties and then stored in separate locations.  The key does not exist anywhere in its complete form until required, at which time it can be regenerated from a specified number of shares – e.g. using the 4S algorithm that was used to split it.  No single party has the ability to generate the private key unilaterally, not even the user.  Even if the user dies, becomes incapacitated or loses her key, the other two shares could be used to access the funds by another legitimate party – e.g., an attorney or next of kin.  Alternatively, if the wallet provider is hacked, the key and thus the funds remain secure.

So, for example, a digital wallet provider could use this technique as follows in a “2-of-3” scheme – i.e., there is a threshold of two shares required for regeneration:

  • A user registers with a wallet provider to create a new wallet to store his/her funds or other digital assets (for example, bitcoins).
  • A public-private key pair is generated and associated with the user’s wallet;
  • The private key is split into shares using 4S.
  • One share of the private key is sent via a secure transmission to the user using the technique described above.
  • Another share of the private key is retained by the wallet provider and stored on a server.
  • Another share is sent via a secure transmission to a remote location for safe storage.
  • The wallet provider can destroy any or all copies of the complete private key, because it is no longer needed.  When the private key is needed for subsequent authorisation of the user (e.g. because the user now wishes to make a transaction) the key can be reconstructed from the user’s share which (s)he provides to the wallet provider when needed plus the wallet provider’s share.
  • In the event that one share is lost, the key can still be reconstructed using the remaining two shares.

Therefore, nChain has created a solution for securing a digital wallet (or, indeed, any other type of controlled resource) which avoids the risks associated with either storing a private key yourself or trusting a third party (such as the wallet provider) to do so.  With this technique (in combination with the Deterministic Key Generation), no Mt. Gox-type hack could succeed; a hacker would not be able to access users’ complete private keys and could not steal their bitcoins or other assets.

These two patent-pending inventions – Deterministic Key Generation and Secure Split Key techniques – will foster more consumer and service provider confidence in security of bitcoin, and more broadly, all digital assets, communications and controlled resources.  They are just the beginning of many exciting innovations coming from nChain on its mission developing technological solutions to enable exponential blockchain growth.

nChain’s PCT patent applications for the two inventions described above are available here:

  • Deterministic Key Generation technique (“Determining a common secret for the secure exchange of information and hierarchical deterministic cryptographic keys”) – PCT/IB2017/050856).
  • “Secure Split Key” technique (“Secure Multiparty loss resistant Storage and Transfer of Cryptographic Keys for blockchain based systems in conjunction with a wallet management system”) PCT/IB2017/050829).