How does cryptographic system work?

The financial industry has used cryptography for a long time to provide security, confidentiality, and integrity to monetary transactions. This is made possible by encryption - converting information into unintelligible text - which prevents unauthorized parties from altering or stealing data. A “key” controls encryption and decryption.

There are different types of cryptography, but for this article’s purpose, we will focus on two: Symmetric Key Cryptography (SKC) and Public Key Cryptography (PCK), also known as Asymmetric Key Cryptography.

Symmetric cryptography

This is the most commonly used technique in the banking industry. A single secret key is shared between two parties. The disadvantage of this method is the same key is used for decryption and encryption. Therefore, to reduce the risk of an attack, it should be distributed and kept secure by a reliable agent at your bank.

Asymmetric cryptography

In this method, the user has a pair of keys that, as its’ name suggests, differ one from another. Namely, the required key to decrypt the message is different from the key required to encrypt it. That enables a one-way function where the secret key cannot be derived from the public key.

Cryptocurrencies use asymmetric cryptography. Now let’s see the function of each key and how you can manage them.

Public - Private keys

Public key

This key is comparable to your email address; you share it to receive emails.

In this case, the public key is meant to be distributed so that you receive funds there. This address is publicly available in the network. The public key is derived from the private key.

Private key

It is meant to be kept in secret because it gives you access to your crypto and allows you to sign transactions. Owning this key means you are the owner of the funds associated with it.  

The private key is a variable in cryptography used with an algorithm to decrypt and encrypt code. The private key can be composed of a certain number of bytes (depending on the algorithm) that can be presented in a simpler form with a hexadecimal string.

So, the hex string of a 32 byte private (or public) key would look like this:

0xEC5387D8B38BD9EF80BDBC78D0D7E1C53F08E269436C99D5B3C2DF4B2CE73012

The private key is generated randomly, and as previously mentioned, it’s almost impossible to derive it from the public key. This part is crucial because if you lose it, you will lose access to your funds. There’s no “password recovery” button in crypto.

So, now that you are familiar with each key’s role, you must be wondering where these keys are stored and the best way to safeguard them.

Private key storage

Only the private key is stored in a hardware wallet of a tool like one of Tangem’s cards, and what truly determines your digital assets’ safety is the security of your private key storage. There are different types of storage, and these can be broken down into custodial and non-custodial. With a custodial wallet, a trusted third party has custody of your keys. Non-custodial wallets let you have self-custody of your keys.

This topic deserves to be studied in depth. We recommend reading this article and learning what each technique’s responsibilities, advantages, and limitations are.

Before we move forward, keep one thing in mind. One of the most attractive blockchain technology properties is its decentralized architecture, where there’s no need for a centralized authority or intermediary to custody accounts to process transactions. This is widely recognized as a feature in that the points of trust are reduced to the individual.

Key recovery

Last but not least important, part of the private key lifecycle is recovery. Losing access to your funds can happen very quickly, and it has already happened to many people who lost their private keys.

Private key recovery depends on the type of wallet you are using to store it.

A custodial wallet will most likely help you recover your private key. However, this depends on the service provider and its policy.

For Non-custodial wallets, where you have self-custody, there are two ways to access your wallet.

Seed Phrase

The private key can be represented as a pesky string of numbers and letters that make it very hard to read and easy to mistake. To mitigate this problem, wallets use seed phrases.

The seed phrase is a 12 or 24 “easy to read” word phrase that will allow you to restore your private keys if you lose access to your hardware wallet.

The disadvantage is that the backup plan is not user-friendly. Writing down sentences on a paper and then another dozen to keep as a copy in different locations is one of the barriers to massive adoption and is, itself, a security flaw.

Multi-sig for redundancy

Multi-signature is a blockchain feature that allows using multiple keys to access the same wallet.

At Tangem, we keep the private key in the chip for the whole lifecycle. Since the secret key will never leave the chip, we reduce the attack surface.

We use multi-sig to allow redundancy, with self-generated keys programmed to access the same Bitcoin wallet using a blockchain-native 1-of-2 multi-signatory feature that will allow each key to sign a transaction independently.

Learn more about Multi-sig here.

Keep in my mind that not all hardware wallets provide a recovery mechanism.

The importance of open-source

In case that the company that designed your hardware wallet would stop operations, you need to be sure that you can still access your funds independently.

Suppose Tangem apps were removed from app stores in an emergency. In that case, any trusted application supporting the open-source Tangem NFC protocols can be used to sign and broadcast transactions.

In other words, at Tangem, no cards depend on any particular infrastructure or Tangem as a company.