Crypto Wallets at Their Peaks of 'Inflated Expectations.' What's Next?
Software and hardware crypto wallets are about to enter the 'Trough of Disillusionment,' but the future seems bright, as it will bring a better alternative to private keys, according to major research and advisory company Gartner.
Their recent Hype Cycle for blockchain technologies shows that both hardware, such as Ledger, Trezor, and Keepkey, and software wallets have reached their peaks of inflated expectations, with software wallets reaching the border of the Trough, and hardware wallets heading the same way.
"There was much hype around both hardware and software based cryptocurrency wallets because they essentially gave crypto investors and users an interface by which to become their own ‘bank,’" Avivah Litan, analyst and research vice president at Gartner, told Cryptonews.com.
Therefore, users were hoping that they found a long-term protection of access to their accounts, but that sentiment changed as both users and providers realized over time “that safeguarding private keys while maintaining user convenience, is very challenging, no matter who does it and how it’s done,” said the analyst.
"In the coming 2-5 years, I believe the market will see much innovation in alternative access security methods such as MPC [multi-party computation] that will replace private key management used today in hardware or software based wallets."
This is why:
“Private keys as single point of failure”
“Private Key management is the Achilles Heel of blockchain applications,” said Litan. The stories of people losing their keys and, with them, their digital assets, are well known throughout the Cryptoverse. What we see today is that most service providers and vendors supporting blockchain projects have custody of users’ private keys, and users usually access it with password. “The loss of a user’s private key represents a single point of failure in the world of blockchain,” she said. “Key management and recovery are critical functions for maintaining blockchain account access and data security.”
And though some progress is being made, the problem still exists “both with cryptocurrency assets and any other asset or information stored on a blockchain.” Additionally, third party custodial services for enterprise blockchain are scarce, if any. There are also hardware-based wallet technologies that support user custody and recovery using a self-managed private key, said Litan “but these are much too cumbersome to use and most blockchain application operators will not impose them on their users.”
“Blockchain data security does not equal blockchain data access security”
There’s a radical difference between blockchain data security and the security of access to the blockchain. “While blockchain data is securely and immutably stored, hackers and malicious insiders can gain access to those data by hijacking centrally maintained private user keys using age-old techniques,” she said, such as SIM Swapping or browser session hijacking. Litan reminds that crypto worth hundreds of millions of dollars was stolen using these techniques, adding: “Current implementations of key management — where private keys are centrally maintained — almost negate the benefits of secure cryptographic access that they enable.”
With MPC, private key is out of the picture. It enables several “parties to work together to execute a transaction based on a secure cryptographic operation,“ by utilizing “clever and secure mathematical algorithms that can sign blockchain transactions without the use of a private key at all.” It’s becoming more popular, mostly with exchanges using it for their system and employee access. But “over time, they should make these solutions directly available to their customers and extend their solutions to a wide range of permissioned enterprise blockchain use cases,” said the analyst.
We need a better alternative to private keys as a single point of failure. MPC starts to give us one. We predict that in the future wallets will manage MPC or other alternative access security methods, instead of a private key that means ‘game over’ when stolen or lost.
Meanwhile, Cryptonews.com previously reported that crypto wallets have found themselves at the crossroads, given the disadvantage they have due to the lack of funding and the use of open-source code. Furthermore, we discussed the hard-to-achieve security, but also the new solutions that may prove helpful, from MPC and multi-signature authentication to new hardware wallets.