Ethos Smart Keys: How Cryptocurrency Enables Consumers to Protect and Own Their Money

Ethos Smart Keys

How Cryptocurrency Enables Consumers to Protect and Own Their Money

Introduction

Cryptocurrencies, such as Bitcoin and Ethereum, bring unique benefits to the world of personal finance by pairing the ability to own and store your digital assets, with the ability to cheaply, securely and almost instantly transfer them to others.

A blockchain, simply put, is an open record keeping system that’s maintained by a peer-to-peer network where everyone has access to read and potentially write data. Because of the open nature of blockchain, it’s absolutely necessary that all the data on the chain is verifiable as authentic and can’t be manipulated after the fact. To guarantee that all of our transactions are authentic, we turn to cryptography which gives us the ability to generate digital signatures and fingerprints.

The Ethos Smart Key is a unique digital signature that is used to verify the authenticity of transactions originating from your wallet. Any time a digital asset is transferred out of your Ethos Universal Wallet, your Smart Keys will provide the authorization needed to execute the transaction. Ethos Keys are “Smart” because your one key represents all of your funds, regardless of what form of cryptocurrency you are using. This allows you to backup and restore all of your wallets with a single key phrase.

How safe is it?

Ethos leverages well-tested cryptographic standards and methods to ensure that your Universal Wallet uses an extremely high degree of security. The passphrase is 24 words (vs the 12 word standard used in many wallets) and the keys themselves are 256 bit, meaning uncrackable.

As discussed in the next few sections, the bulk of the security offered by the Ethos Universal Wallet and Smart Keys comes from modern cryptographic techniques, such as public-key and elliptic-curve cryptography, and their ability to generate secure and verifiable digital signatures and fingerprints. Let’s first consider some background to fully understand the mathematical magnitude of the protection.

Ciphers, Hashes, and Digital Fingerprints

The concept of a cipher is fundamental to cryptography. The roots of cryptographic hashing go back to 50 BC, during the reign of Julius Caesar and the Roman Empire. At that time, the official means of communication was a courier service that was highly vulnerable to espionage and interception. To throw off their enemies, the emperor and his consul would communicate by scrambling the letters of their messages before sending them. Upon receipt of a message, the letters would have to be unscrambled to reveal the original message.

One method of doing this was to shift every letter over by one, so that every instance of the letter ‘a’ would be replaced by ‘b’, ‘b’ would be replaced by ‘c’, and so on. This now commonly referred to as a Caesar Cipher, or a Shift Cipher, because the method to conceal the message is simply shifting each letter over one.

In this case the message ‘hello’ would become ‘ifmmp’ and the courier tasked with delivering it would ideally not be aware of the method used to scramble the message. Anyone who intercepted this message would also not know what to make of the seemingly nonsensical message. The “key” in this example is the method of encoding the message.

Over the next two thousand years, this idea of a cipher was further developed into that of a cryptographic hash, which in simple terms is a more sophisticated way of scrambling a message so that it’s very difficult to reverse. Hashes also have the property of, given some data, being able to reliably create a unique digital fingerprint of that data.

Everytime you submit a transaction to the blockchain, a fingerprint of your transaction is created and used to link the blocks in the blockchain, ensuring that the data in each block hasn’t been manipulated. For example, if you spend one bitcoin and someone tries to go back and manipulate the record to say you spent 10 bitcoin, it would invalidate all of the fingerprints in the blockchain leading back to that transaction.

Digital Signatures

Public Key Cryptography

Equally fundamental to the field of modern cryptography is the concept of Public Key Cryptography. In Public Key Cryptography there is the notion of a shared public-key that can be used by anyone to encrypt a message; then only you, with the corresponding private-key can decrypt to read the original message.

One of the most important properties of Public Key Cryptography is that, given a key-pair, its possible to generate a signature, digital proof of ownership of addresses that derive from your key. So whenever you send a transaction to the blockchain, it includes a signature proving that you are the owner of that address and therefore authorized to make that transaction. If the signature doesn’t match the public wallet address, the transaction is deemed to be unauthorized and is rejected by the network.

Elliptic Curve Cryptography

Elliptic Curve Cryptography is a type of Public Key Cryptography that makes private and public key generation even more secure due to the mathematical properties of elliptic curves that make it extremely difficult to reverse engineer the private key from the public keys.

Ethos Smart Keys are created from a cryptographically random number known as a seed. Sometimes seeds are created by a random number generator. However, this isn’t 100 percent secure because sometimes a hacker can re-generate a random number by knowing when it was generated and using a timestamp.

To ensure a higher degree of randomness, you generate your seed with a combination of a random number and another random number created by shaking your phone the first time you open the app. The unique signal from this process ensures that no one will be able to guess a non-random seed like your birthday, phone number, or a timestamp.

This seed is then used to generate private and public key-pairs on a secp256k1 Elliptic Curve, the results of which are hashed several times and encoded to reveal your public wallet addresses. By creating your Smart Keys this way, you can safely share your public keys and rest assured that only you have access to spend the funds in those wallets with your private key.

A Brave New World

Now that you know a little bit about the technology we use to secure your Universal Wallet, you might want to know exactly what we’re protecting you against. The follow are the most common exploits that are used by “bad actors” to gain control of your funds.

Jailbreaking and Mobile Security

Jailbreaking is a popular method of unlocking non-standard features on your mobile device. While this can be an easy and fun way to personalize your phone, doing so goes around some very important security features of your phone, and can give unauthorized apps the ability to snoop around your phone and potentially sniff out your keys.

While the Ethos Universal Wallet does everything it can to secure your keys on your phone, it’s very important that you never jailbreak your phone or install apps that aren’t approved by the app store. We can’t emphasize enough how important it is that you never use the Ethos Universal Wallet on a jailbroken phone.

Dictionary Attacks: Cracking Passwords

Someone who wants to gain unauthorized access to your funds is going to be most interested in finding out your private key. To crack a password, or in this case a key, a hacker would typically use a “brute force” method and employ what is commonly known as a “Dictionary Attack.” This method involves a linear search through a dictionary of common words, comparing passwords systematically against each word until a match is found. While this may sound like a lot of work, remember that an average computer alone can execute billions of operations per second.

Hypothetically, say someone were to chose the very insecure password “castle”. A dictionary attack on this password would take about 3 seconds, which is the time it would take a computer to try all of the words in the dictionary before “castle” is found as a possible password.

Let’s add a little bit more complexity to this password by adding a random number to the end of it, for example, “castle123”. This seemingly more complex password still takes only 27 seconds to hack.

Stringing together dictionary words, ie, “castleone” would take considerably more time to hack (11 days, 8 hours) but still within the realm of possibility for a properly motivated hacker with the right equipment.

 

 

Good News: There’s Safety in Numbers

As demonstrated, adding just one additional word to a password provides an exponential increase in its security. If we take this idea to the next level, we can quickly generate a password that would take an unimaginable amount of time and energy to guess, with even the most sophisticated computers available.

 

 

Even considering that every 18-months, new computers with twice the computational power are released at half the price, a 12-word password will still be secure for generations to come. And to be extra secure, Ethos uses 24-word passwords.

Introducing the Ethos Smart Keys

An Ethos SmartKey is a unique 256-bit key signature that is yours and yours only. It is generated and secured on your mobile device, and should also be written down on a piece of paper, aka “paper wallet”, and stored in a safe place or memorized.

 

 

When you open the Ethos Universal Wallet App for the first time, you are asked to shake your phone to create your first wallet. The shaking motion generates a random number that is impossible to recreate, and your key is generated on your phone based on that random number.

Your key is then automatically mapped to a 24 word phrase that gives you the convenience of backing up and restoring your wallets with an easy to read mnemonic. It’s very important that you physically write this phrase down and keep it in a safe place in case you lose your phone. When you get a new phone you can restore all of your wallets easily by entering the backup-phrase.

 

Important SmartKey Safety Tips

  • Write your backup phrase down in a private place away from any cameras or windows.
  • Never copy / paste your private key, always type it in.
  • Do not store private keys on services like Google Drive or Dropbox
  • Never share your private keys.
  • Reputable firms will never ask for your private keys via email, phone or chat.

How many SmartKeys are there?

SmartKeys are generated with a unique 256-bit signature. There are over 340 trillion trillion trillion different possible SmartKey combinations. To put this number in perspective, that’s more than the number grains of sand on Earth. That’s even more than the number of known stars in our universe. That’s over forty-five octillion possible SmartKeys for every man, woman and child on planet earth; So there are plenty to go around.

SmartKeys and Hierarchical Deterministic Wallets

Under the hood, the Ethos Universal Wallet is built on the BIP-32: Hierarchical Deterministic Wallet specification developed by the Bitcoin developer community. While many Bitcoin exchanges have been hacked, generally with phishing or database hacks, no one has yet to mathematically break or reverse engineer a BIP-32 wallet despite hundreds of billions of dollar equivalent as bait. The underlying algorithms have been battle-tested with trillions of dollars of transactions. In other words, its among the most secure cryptographic standards on earth.

Features

Ethos Universal Wallet and Smart Keys:

  • Generates an astronomically complex, and cryptographically secure key that prevents anyone from spending from your wallet.
  • Maps this key to a set of 24 words enabling you to restore your wallet easily.
  • Stores multiple types of digital assets including Bitcoin, Ethereum and ERC20 Tokens.

Conclusion

The Ethos Universal Wallet is designed for you to store and secure a wide variety of coins/tokens with a single Smart Key and backup-phrase. We leverage decades of cryptographic research in addition to widely used industry standards that enable the self-custody of your assets, as well as their safe transmission and backwards compatibility with popular devices such as the Ledger Nano S and Trezor hardware wallets.


Balancing “Decentralization” —  Purpose & Utility of ETHOS Tokens within an Inclusive Financial Ecosystem

A very common question that many crypto firms today face is “Why do you need a token?” It is a fair question and something that we try to tackle head on. I’ve said time and time again that blockchain is a tool. Blockchain is not a “Sledgehammer.” As Abraham Maslow once said, “if all you have is a hammer, everything looks like a nail.” Right now the world has been given “The Blockchain” and everyone is trying to figure out what “nails” to hammer the blockchain with.

In reality, “The Blockchain” — whatever people mean by that — is much more of a “scalpel”. Blockchain technology should be seen as a precision tool which when used correctly, can prove to be quite powerful in solving difficult problems. This is a theme that we will expand upon at Ethos and will become increasingly apparent as the blockchain industry matures.

In general there are 5 main reasons we have a token which are laid on in our FAQ on ethos.io/faq which are:

  1. Reduce costs for consumers for crypto-related transactions.
  2. Enable low-cost blockchain applications for developers.
  3. Create a scalable micropayment transfer mechanism for all platform services.
  4. Support an open financial ecosystem that bridges traditional and crypto assets.
  5. Enable verified source of funds and identity for transactions through the Ethos ecosystem.

For the sake of transparency and education I will lay out what each of those means here and people can reference back to this answer. Without further ado, let’s jump right in…

Reduce Costs for Consumers

Using USD for transactions generally has many intermediary fees associated with it. Withdrawing money from a bank account, using a credit card or wiring funds all require fees that add up to a significant percentage of the transaction. The transformative power of the blockchain means that for the first time there is a completely open financial ecosystem that has no prerequisites for participation. There are no intermediaries which removes a lot of barriers and costs. To illustrate this, imagine you wanted to buy a diversified basket of assets. You may have to ask an investment advisor to provide suggestions, decide to purchase shares of a mutual fund, have a broker-dealer purchase on your behalf through the investment advisor, have a mutual fund manager manage the money while the shares are held in custody by a custodial bank — not to mention the money being held and transacted through a bank. At each intermediary, there are costs that ultimately are shouldered by the user.

A tokenized system can provide consumers the “market price” of a product or service without the markup that happens through inefficient mechanisms or profit motive. Markets are the most efficient way to allocate scarce resources in a way that is fair to everyone. Uber uses markets to pair riders and drivers and Google uses markets to match advertisers with ad spots to maximize consumer and producer surplus. The Ethos token is designed to match consumers to transactions for the lowest possible cost.

Enable Low-Cost Applications for Developers

In a similar vein to “Reduce Costs for Consumers”, the Ethos token provides prorated access to the Bedrock API. By enabling pro-rated access to an API, there are no over or under charges to developers, and participants in the Ethos Ecosystem can get exactly what they are entitled to. This is similar to an Amazon Web Services model, but even more thinly sliced to the API level, similar to how Ethereum uses Ether gas to power Smart Contracts with the added benefit of eliminating payment risk from the business and the consumer. This allows the ecosystem to operate much more efficiently — basically at the lowest possible cost the ecosystem will allow — and is beneficial to both businesses and consumers. Ethereum’s gas market has shown the power and potential of a computer system that can be “rented out” on a microscopic scale. We took many of the best ideas from Ethereum and expanded upon them for Ethos Bedrock.

Create a Scalable Micropayment Transfer System for all Platform Services

Ethereum, along with the many layer 2 scaling proposals for ERC20, enable highly scalable systems that can build the foundations for payments infrastructure and consumer application rails which are simply not possible in a USD world. ERC20 enables us to fully utilize the security and scalability of a tried and tested blockchain while at the same time providing a unique digital commodity to power an ecosystem. These applications span underserved unbanked populations to high throughput payment and settlement systems. Again, these sorts of applications are simply not possible without a unique digital asset. There is no way for an unbanked consumer to transfer a dollar without incurring significant fees. By using an near infinitely subdividable digital asset along with a micropayment transfer mechanism, any person in the world can be able to send micropayments securely and safely.

Support an Open Financial Ecosystem that Bridges Traditional and Crypto Assets

A huge part of our mission is making the financial ecosystem accessible and connected for consumers and institutions. Bridging the gap between traditional and crypto is an important part of this mission for Ethos. A digital asset simply makes a lot of sense when you want to begin establishing marketplaces that form an ecosystem linking both worlds. As more and more firms join the Ethos Ecosystem and begin operating within it — it becomes increasingly important to establish connections between the different marketplaces to support an all-inclusive capital market that can better serve individuals and institutions alike.

Enable Verified Source of Funds in the Blockchain

A major source of headaches for regulators is the perception that cryptocurrency can be used for money laundering, terrorist financing, drug transactions and the like. Even though there exists this perception, many studies have shown that illicit actors still prefer to use fiat over cryptocurrency due to the linkability and transparency of the blockchain. The blockchain is often more transparent than the existing fiat financial ecosystem, and can be used to create a safe and clean digital financial ecosystem.

Ethos is building standards that will help people stay on the “light side” with crypto and power all the transformative possibilities that crypto promises while at the same time maintaining the integrity of a clean financial system. This includes identity for all Ethos participants. Instead of sending funds to an anonymous address, Ethos users can link identity to funds. We see this starting with a “DNS-like” Wallet domain marketplace powered by the ETHOS token that enables verified users the ability to leverage the plethora of capabilities that are available in the crypto world. Users can register a unique wallet handle, much like a web domain, that will make it easy to receive funds of any kind through the Ethos Ecosystem.

Additionally, ETHOS-VSF is a standard that proposes a way to encode verified source of funds into blockchain transactions powered by the Ethos ecosystem. A digital asset that powers a new, decentralized, inclusive and compliant future is something that should appeal to both users and regulators alike.

This post was inspired by a telegram comment that I responded to! Visit our telegram at t.me/ethos_io and ask the Ethos team more questions to receive information straight from the source. Ethos strives to be transparent and forthcoming with all activity and it is a big part of our mission to drive clarity and education in the industry.