One of the missing cogs to mainstream cryptocurrency adoption has always been ease of use. The consequences of mismanaging private keys, seed words, and exchange passwords are catastrophic. Hardware wallets like the Ledger Nano S or the Trezor mitigate remote theft of cryptocurrency by hackers and malware authors, but for the general public, they are by no means easy to use. Expecting users to write down and store a 12-word seed phrase when we cannot get them to stop re-using passwords is not a reasonable approach to digital-asset security. It is a stopgap solution, useful for enthusiasts and the technically inclined, but for your average person, it is far too inconvenient and far too complicated to be practical.
A secondary complication to this issue is the tendency for easy-to-use custodial cryptocurrency wallets, usually found on popular exchanges, to lose funds to hackers, theft, and fraud. With digital assets using distributed proof of stake for governance, a secondary issue was recently demonstrated when, at the behest of Justin Sun, several cryptocurrency exchanges used tokens stored by users of their exchanges to vote on governance issues for the Steemit blockchain absent user permission. Not your keys, not your crypto. If we take the oft-repeated jingle at face value, why did so many users feel the need to store their tokens on custodial cryptocurrency exchanges? The number of users who chose to store tokens on popular exchanges was almost enough to tip the scales of governance in favor of a single monolithic organization. If the takeover had succeeded, it would have been the death of a democratic model of governance. As we can see, ownership and control of digital assets have implications far beyond simple adoption and the security of user funds.
Keyless seems poised to solve these issues with their zero-trust, zero-knowledge biometric authentication technology. In a recent interview on the Block Stars podcast with David Schwartz, Keyless co-founders discussed the potential for exchanges operating in a non-custodial manner using Keyless biometric authentication as one of the mechanisms for securing user funds:
“The one way in which they can help is to give control of assets to users more than the exchanges. Not necessarily all the assets that are in an exchange needs to be there at all times. It’s often a convenience for the users themselves. Being able to take care of their keys in a secure way enables the users to actually take control of that. And that can substantially change the equation there in terms of how much of these cryptocurrencies can be stolen and, therefore, also the incentives. Although, of course, it’s primarily a manner of having more secure exchanges and more mature exchanges.”
What could a more mature exchange look like? A more mature exchange might be an exchange that is unwilling to take full custody of a user’s private keys. The ever-present risks of security breaches and the inability to roll back stolen funds might necessitate that exchanges adopt technologies like Keyless to place custody of private keys in the hands of the users themselves. The self-custody of private keys using biometric authentication would solve issues of theft as well as prevent a rogue exchange from staking digital assets and voting on blockchain governance issues without user permission.
Keyless technology could be used in everything ranging from traditional exchanges to decentralized exchanges and even hardware and software wallets. In a previous article, I speculated that the keyless tech could be used to replace BIP39 code phrases of the kind found on popular hardware wallets like the Ledger Nano. The Keyless co-founders confirmed this:
“The way we think this problem should be addressed is by having a secure and privacy-preserving way to manage these keys. Remotely. Effectively what we have is, the user can unlock and reconstruct their keys at any time by showing their biometrics and doing some cryptographic processing on that biometric information. You can lose your face; you can probably not lose your fingerprints – so that’s one problem that users still have. You can’t really forget how to use a system that only requires you to show your face or to put a fingerprint on a fingerprint scanner. It’s easier to use; it’s easier to learn how to use it. There’s a much smaller barrier to entry.”
The Keyless technology doesn’t necessarily need to be the only authentication and restoration mechanism used to restore a cryptocurrency wallet. It should be possible to use a hybrid of a password or key phrase in addition to biometric authentication if a user wants the additive security. We may see integration in wallets like Toast Wallet, Xumm, Ledger, or Trezor.
Keyless also has potential application as a passwordless login mechanism for websites and applications across the board. With traditional password managers, the downside is that they store all of your passwords on any device used for login. When I log into my email using the password stored on my password manager, I’m forced to decrypt that database using my master password, which exposes all of my passwords to theft if malware is present on that particular endpoint. With a biometric login system like keyless, hackers may be able to capture a session cookie or login access for a single website, but they shouldn’t be able to capture login data to every single site in a user’s keychain.
A user’s biometric data is encrypted and authenticated using zero-knowledge proofs, which allow users to prove identity or knowledge of a password without exposing plaintext versions of the data to theft as the data is heavily encrypted at rest. Keyless also claims that the technology would be platform-agnostic, allowing use with a number of phone manufacturers and other biometric authentication hardware. When using a service like sign in with Apple, users are locked into the Apple hardware platform. If Apple eventually pairs the service with cryptocurrency wallets, it would most likely be difficult and inconvenient for users to switch their wallets to the authentication services of another phone manufacturer.
It is easy for the more technically inclined of us to forget that the average user has neither the desire nor the technical expertise to manage cryptocurrency key custody in its current format. Users are forced to choose between inelegant and complicated hardware wallets or exchanges that violate the very spirit of the self-ownership of cryptocurrencies and expose users to theft and misuse of their funds. There is no more significant barrier to adoption of any technology than ease of use. Ripple’s investment in these streamlining technologies is a boon to the crypto ecosystem as a whole. It ensures that the technology will find adoption not only in the hands of enthusiasts but also with the general public.