A simple way to have real self custody of your crypto private keys

A simple way to have real self custody of your crypto private keys


In this post we analyze meaning of self-custody, define a criterion how to distinguish fake self-custody from real self-custody and point out to a method how to have real self custody.

First of all, we need to understand that there are many definitions of self-custody and they have different meanings. For our purposes, let us choose the definition given here https://www.investopedia.com/selecting-a-qualified-crypto-custodian-8400929

Definition: Self-custody is when you secure your own private keys.

This definition is convenient, because it gives us a simple criterion to verify if we have self-custody or not. We need to ask our-self the following question: Am I the only person who can access my private keys?

If the answer is yes then you have self-custody of your private keys, but if the answer is no then you do not have self-custody.

Ok, let us consider some examples.

 

Example 1. Your private keys are in a hot wallet of a crypto exchange.

In this case, you are not the only person who has access to your private keys. There are many people (employees of the exchange) who can access your private keys. Therefore, in this case you have no self-custody.

 

Example 2. Your private keys are in a hot wallet of a company, which offer you non-custodial wallets (for example MetaMask, TrustWallet, etc.).

In this case, your private keys are in an encrypted file, which is on your computer, or cloud, or a server of the company. You do not control software, which encrypts and decrypts the encrypted file. Therefore, you are not the only person who can access your private keys. There are some people (employees of the company) who can access your private keys. Therefore, in this case you have no real self-custody. Some people would argue that the company does not make transactions with the private keys, therefore the person is a custodian, but this argument contradicts to the definition we have chosen. It does not matter that a company gives you legal rights to use your private keys, what does matter is if someone other than you can access your private keys. Those, who control software/hardware which encrypts/decrypts your private keys, have access to your private keys. Therefore, so called self-custody of hot wallets is not real self-custody, according to the chosen definition.

 

Example 3. Your private keys are in a cold wallet of a company, which offer you non-custodial hardware wallets (for example Ledger, Trezor, etc.).

In this case, your private keys are in an encrypted file, which is on hardware of the company, which is controlled by proprietary software of the company. The software is not yours, you have only a license to use the software. Therefore, you are not the only person who can access your private keys. There are some people (employees of the company) who can access your private keys. Therefore, in this case you have no real self-custody. Some people would argue that the company does not make transactions with the private keys, therefore the person is a custodian, but this argument contradicts to the definition we have chosen. It does not matter that a company gives you legal rights to use your private keys, what does matter is if someone other than you can access your private keys. Those, who control software/hardware which encrypts/decrypts your private keys, have access to your private keys. Therefore, so called self-custody of cold wallets is not real self-custody, according to the chosen definition.

By laws, such companies are required to block access and confiscate your crypto assets if they receive an order from governments.

New law grants US president power to block digital assets access!!!!!!!!!!!!!!

https://cointelegraph.com/news/new-us-law-block-digital-assets

 

Example 4. Your private keys are in a open sourced software wallet.

In this case, your private keys are in an encrypted file, which is on your hardware. The software is not yours, you have only a license to use the software. Before the software encrypts your private keys, it keeps them in some places in the non encrypted form. Open sourced software is in public domain. This means, that any qualified person can learn how it works and how to access the non encrypted private keys. Therefore, you are not the only person who can access your private keys. There are some people (experts with some technical resources) who can access your private keys. Therefore, so called self-custody of open-sourced software wallets is not real self-custody, according to the chosen definition.

Here is an example, how an expert “had broken” BitLocker encryption using Raspberry Pi Pico.

BitLocker encryption broken in 43 seconds with sub-$10 Raspberry Pi Pico

https://www.tomshardware.com/pc-components/cpus/youtuber-breaks-bitlocker-encryption-in-less-than-43-seconds-with-sub-dollar10-raspberry-pi-pico

 

A simple way to have real self-custody of your private keys is to use virtual private keys with rules no one else, except you, know. See [1-10].

According to cryptocurrency data firm Chainalysis, over three million bitcoins (worth over 180 billions USD as of today) are considered lost due
to forgotten passwords, lost or damaged private keys, etc. See https://www.nytimes.com/2021/01/13/business/tens-of-billions-worth-of-bitcoin-have-been-locked-by-people-who-forgot-their-key.html

Ignorant people pay very high prices for their ignorance. See

https://www.nytimes.com/2021/01/12/technology/bitcoin-passwords-wallets-fortunes.html

https://www.publish0x.com/cryptogod-1/security-researchers-crack-bitcoin-wallet-worth-over-3-dolla-xxvnmog

 

P.S. The same problem exists with passwords stored in encrypted files. Users do not own and control software, which encrypts/decrypts files in which the passwords are saved. Therefore, users do not have self-custody of their passwords, according to the chosen definition.

 

 

References:

[1] https://www.publish0x.com/simple-solutions-to-complex-problems/a-simple-way-to-increase-security-and-protection-of-crypto-a-xrxewlm

[2] https://www.publish0x.com/simple-solutions-to-complex-problems/a-simple-way-to-create-virtualphantom-seeds-or-mnemonics-for-xkevzrr

[3] https://www.publish0x.com/simple-solutions-to-complex-problems/a-simple-way-to-verify-validity-of-marketing-myths-xlgepqq

[4] https://www.publish0x.com/simple-solutions-to-complex-problems/a-simple-way-to-create-secure-brain-wallets-for-btc-xvzpeod

[5] https://www.publish0x.com/simple-solutions-to-complex-problems/a-simple-way-to-create-secure-brain-wallets-for-eth-xjdymdx

[6] https://www.publish0x.com/simple-solutions-to-complex-problems/a-simple-way-to-create-secure-brain-wallets-for-ltc-xpxlzzn

[7] https://www.publish0x.com/simple-solutions-to-complex-problems/a-simple-way-to-create-secure-brain-wallets-for-xno-nano-xwvrrnp

[8] https://www.publish0x.com/simple-solutions-to-complex-problems/a-simple-way-to-create-secure-brain-wallets-for-xrp-xpxlrpp

[9] https://www.publish0x.com/simple-solutions-to-complex-problems/a-simple-way-to-create-secure-brain-wallets-for-sol-xjdyxox

[10] https://www.publish0x.com/simple-solutions-to-complex-problems/a-simple-way-of-dynamical-passwords-defense-against-sniffing-xdkleyw

 

 

 

 

 

 

 

 

 

 

How do you rate this article?

19


I_g_o_r
I_g_o_r

I am curious about science, technologies and their applications to solving real problems.


Simple solutions to complex problems
Simple solutions to complex problems

Each post is devoted to a simple solution to a complex problem.

Publish0x

Send a $0.01 microtip in crypto to the author, and earn yourself as you read!

20% to author / 80% to me.
We pay the tips from our rewards pool.