"In the blockchain, private key management is the key point, but there is always the risk of lost or stolen. You do not have to worry about losing or private keys stealing because we never ever create private keys. ZenGo Wallet applied the cutting-edge cryptography technologies such as Elliptic Curve Digital Signature Algorithm(ECDSA) and Multi-Party Computation (MPC) to Wallets, which allows users to easily process all transactions through 3D face mapping recognition and back up and recover crypto-assets efficiently. It's a new paradigm of wallet technology."
Ouriel, Chief Executive Officer(CEO, picture) of ZenGo Wallet said like this in the recent online face talk interview with d.street, emphasizing the simple user experience (UX) and strong security of ZenGo Wallet, the first non custodial wallet in the planet that does not generate or keep private keys. Unlike custody services ZenGo wallet is non custodial wallet that does not directly access, or control users' assets.
ZenGo Wallet's Zen means Peace, and Go means users delightful state of peace. ZenGo Wallet has collected 4million dollars investment from Samsung NEXT, Benson Oak, Elron, FJ Labs, Collider VC, and Block Nation and so on for a crypto wallet developed by the KZen Network. ZenGo also received grants from projects such as Zcash, Zilliqa and Tezos.
The KZen Network has developed a mobile wallet called ZenGo Wallet and is running a beta version of iOS, and will officially launch the public version on apple appstore today. ZenGo Wallet currently supports Bitcoin and Ethereum, and plans to expand support in the future. ZenGo Wallet, on the other hand, has become a hot topic by implementing the TSS transaction of the BNB token.
Current status of blockchain wallet, a crisis of private key management
To use blockchain services such as blockchain games and cryptocurrency transfers, you first need a wallet. Your wallet does not contain crypto assets such as bitcoin or ethereum. Instead, it creates and maintains users' private keys that can control that of crypto assets. To manage the keys efficiently, there often lies a separate database inside the wallet.
A wallet is not a simple vault. The wallet serves not only storing the private keys but also be an interface between the blockchain and users, managing token transfers or dealing with transactions. To do this, transaction signing functions must be included in the wallet so that users can easily access the blockchain and use the dApp straightforward. The wallet serves as a bridge between platform users, services, and the dApp. This is why you need a meta mask, an ethereum wallet, to play the Ethereum game like Crypto Kitties.
With the rise of the dApp and the successful development of the blockchain business, the demand for refined blockchain wallet is growing, requesting better user experience(UX), airdrop support, hard fork support and so on. Especially, there are a lot of needs for a multi-party owned account which is managed by several organizations to control cryptocurrency funds between consortiums or enterprise alliance members.
Lots of attempts have also been made to implement such that wallets, managing corporate assets, and logistics. Wallets that support the storage of crypto-collectibles like game items on blockchains are also expected to come in the future. Cryptographically improved wallets which provide a better user experience (UX) daily is expected to be touted by so many blockchain-interested people.
In terms of security of the blockchain, the user's private key management is the most important part, but there is no wallet solution to manage the key perfectly yet. For it is very difficult to create a wallet that achieves three factors entirely: security, privacy, convenience. There is an option called third-party custody services, they are most popular by far but risky. Because users should trust the third party but there also a case that third-party loses control. Furthermore, they require a lot of money input with operation fees high also. In some cases, they are just like a white elephant for regular users.
So users are forced to make use of self-custody services to manage their private keys. To do this, the user must select the wallet corresponding to his/her needs among the released products in the first place. In these cases, users should take the type of coin to be stored, security levels, convenience and so on into consideration.
Depending on the wallet functionalities, if chosen decent wallet, the user would be able to record a mnemonic that replaces complex long private keys as a simple form or set a passphrase for key recovery. Generally, the recovering mechanism of bitcoin or ethereum private keys is like this way. But this method is not completely safe. Because it’s totally up to the user's responsibilities that managing the 'special charm' that would be needed for the private key recovery.
The security problem of the wallet itself cannot be ignored. Generally, technical separation of wallet classified into a random wallet (JBOK) which stores arbitrary private keys as a bundle and a deterministic layer (HD) wallet which generates a user's private key and address based on a seed. HD wallets are used in many wallet services such as Bitcoin and Ethereum and are implemented in libraries such as truffles. However, HD wallets are not free from security because of security vulnerabilities when the seed is exposed. In fact, there were casualties in which money was lost because the wallet seed was exposed in the Coinomi purse.
ZenGo Wallet, the first keyless biometric (FIDO) wallet
"Although wallets with improved UX have recently developed, still the key management is entirely up to users. These wallets didn't solve the pain-points which is forcing the users to keep their keys obsessively,” said Ouriel CEO. And also said, "Even if you use a self-custody service, there is no perfect way to prevent human errors while doing records, archives."
However, ZenGo has created a new type of wallet that does not create a private key when issuing an account to prevent the loss or theft of the private key.” He said, “ZenGo wallet has improved its ability to distribute responsibilities, managing assets with encrypted 3d face recognition without a private key to ease the burden of users," and said, "ZenGo Wallet can transfer or manage assets using 3d face recognition with encryption technology. Also, we do not need a private key signature. Sending a transaction has been simplified to the same level as existing web services, thus greatly improving the user experience (UX). " For example, when a user requests to send some BTC, ZenGo Wallet scans the face and sends the data to the server, and the server checks it. If there is no error, the request for the asset transfer is immediately approved.
On the other hand, it developed its algorithm of the wallet service and enhanced security. ZenGo Wallet does not use the HD wallet specification proposed in BIP-32. ZenGo Wallet does not have a wallet seed but creates an address for a user account based solely on two master keys. Therefore, there is no accident that the seed is leaked like a Coinomi wallet.
Although seemingly very simple, complex logic is working inside ZenGo Wallet. When a user makes a transaction to transfer money from a wallet, it is common that wallet to create a transaction by calling a private key and taking a signature stamp.
However, ZenGo Wallet does not require the user's private key for transactions. Also, you do not even need a password or additional passphrase. In ZenGo Wallet, the transaction signature is produced by a secret computation algorithm. ZenGo Wallet has applied many cryptographic techniques and mathematical techniques to create a new type of wallet. Based on these technologies, Zengo Wallet accesses the full node, reads and writes data on the main-chain, and signs transactions containing messages.
Generally, the wallet creates a transaction with the users private key as a validation stamp. On the other hand, ZenGo Wallet does not stamp a signature on the transactions with with the user's private key. Furthermore, no passwords or separate passphrase are required. ZenGo Wallet uses the device biometric services to scan the user's face at the time of the token transfer request, checking it from the server, and approves the transaction immediately if there is nothing wrong with it.
In ZenGo Wallet it is easy for users to recover the accounts that hold crypto-assest like bitcoin and ethereum. Under the backup process lies an enhanced FIDO technology. Simple crypto-asset transferring is done through iOS Face ID, but restoring accounts requires 3D face recognition process of FaceTech which is a partner of ZenGo Wallet. The backing up process is to create 3D facial mappings and then get some of the data to analyze a pattern. User’s images are used only to create an encrypted facial mapping value and no one can see the images.
[Caption: I tried Zendo Wallet myself. Photos shows the process of transferring the bitcoin, iOS's face ID authentication and simple transfer. Receiving an Ethereum coin and confirm it in the Etherscan. It is simple and intuitive to view transactions. There is no minimum or maximum amount limit for money transfer.]
ZenGo's facial recognition technology performs a verification, comparing the original facial data stored on the server with the incoming images. The verification process of the face map is on the ZenGo backend server, not on the mobile devices itself, for there are possibilities of users losing his mobile device.
The way the ZenGo wallet does is detecting the minuscule facial movement or vibrations of the face. Because of that, you can not fake it with a facial mask generated by 3d Hollywood printing. It seems that even the twin brothers cannot fool the server. No trick is simply effective as well as videos and photos.
If there is no error in the verification process on the server, the account that is stored in the server can be restored. ZenGo, on the other hand, also uses server-based facial recognition function and device-native facial authentication of the mobile device itself. For example, a simple transfer is also available via iOS Face ID, however, the accounts restoring requires FaceTech's face recognition technologies.
On the other hand, ZenGo Wallet does not currently support the importing of private keys created in other wallets into ZenGo Wallet. Because they consider that it is not safe to move the private keys from one to another device. In fact, Ouriel talked about the iOS13 version of the Swift API CryptoKit released on Tuesday, "Apple's attempt is positive, but it is useless because the CryptoKit does not support the secp256k1 elliptic curve now supported by Bitcoin or Ethereum (as a hardware wallet). There is no access to the secure enclave to export and migrate private keys,"
ZenGo Wallet's TSS Technology Deep Dive
The key point of ZenGo Wallet is TSS signing method that the ZenGo Wallet team developed. This is a key technology that enables ZenGo Wallet work with as a new signature algorithm. The signature process includes a cryptographic computation. In a blockchain transaction, a signature is like taking a stamp on the transacaction. To produce a signature, the private key is used as a key material. However, ZenGo Wallet has changed the structure and method of signing process with TSS. In ZenGo Wallet users do not need a private key to sign because of the TSS.
It is necessary to understand the bitcoin core technology to understand the general Wallet technologies. First, unlike traditional digital currencies, bitcoin is also called the first programmable currency. Supporting scripting programming. Bitcoin full node can force the bitcoin assets like BTC or regarding transactions to follow specific rules. For example, if you are running a bitcoin full node, it is possible to add BTC spending condition at the tail of the transaction, while sending BTC to a specific account. This tail part, including scripts, is called the output of the transaction. This work can be done by anyone doing simple scripting programming.
A bitcoin wallet can also control a bitcoin or an account by a script just like a bitcoin full node does. This is because the role of the bitcoin wallet issuing a user’s private key and address is linked with bitcoin core. For example, a bitcoin address that users created in a wallet will follow the rules by that wallet. The bitcoin address created by the user in a particular wallet is also would obey the ruleset of the corresponding mother wallet. There are also a spending condition and managing condition that handles the assets in the bitcoin wallet. If the bitcoin is sent, the recipient can not use the bitcoin unless they match the terms indicated in the signature script code.
In particular, a multi-signature (multi-sig) account where several accounts are managed can also be created by writing a code in the signature script. Multi-sig manages the cryptographic assets in the manner of N of M. Which means that with only more than N of the M members agreement, then can spend the crypto-assets that stored in the multi-sig account. Signing the transaction needs private keys of the members. Commonly N is called the reference value (threshold). Applying a multi-sig script can further improve the security performance of managing crypto-assets. Even if an attacker intercepts a private key in the middle, a single key can not unlock the bitcoin script, therefore it can not be used to steal money.
However, there is a disadvantage in the multi-sig transaction. A multi-sig script transaction is large in size with a high commission fee. So they are seemingly different from regular transactions and is likely to be a target of hackers. This is because the participants are visible in the bitcoin public network. It is also challenging to implement a multi-sig scheme as in a general-purpose solution that can be applied to both bitcoin, ethereum, etc. Because the implementation of multi-sig account varies among protocols.
Now, the Secret Sharing System (SSS) has also emerged that can lower the high commission fee, which was a drawback of multi-sig. It can be universally applied to multiple regular transactions. SSS is a core algorithm of multi-party computation (MPC) cryptography. MPC is a cryptographic technique that allows multiple participants to take part in transactions securely, without knowing the secret value of the other party’s. SSS is a way to split a single private key into pieces and reassemble it when necessary, situations like producing a signature when sending transactions.
The split key pieces are called a secret share. In other words, Secret Share is a fragment of the private key. However, the SSS method is not yet perfect for security. This is because the attacker may take a key at the moment when the participants collect and rearrange the secret share to consume the bitcoin. Even in a very short time, when the key is reassembled, it comes up to the memory of the client node, and the hacker who monitors the node can infer the pattern to steal the private key and steal the funds. In cryptography, this type of attack is called a subchannel attack.
The TSS algorithm developed by ZenGo Wallet combines the advantages of multi-sig and secret sharing techniques (SSS). ZenGo Wallet server plus user jointly compute a master public key to be used in the account generation process. Also, Secret Share, which is used as a kind of a private key in ZenGo Wallet, is created and managed through the SSS technique. The secret share is used for both key generation, signing, and users accounts recovery.
Unlike the present SSS, in the ZenGo wallet, there is no reassembling process to make a full private key. ZenGo Wallet’s secret share is kept in a separate space not to be combined. ZenGo Wallet uses a special signature algorithm that gives the same result as a private key instead of a private key. This requires a multi-party operation between the user’s mobile and the ZenGo server, which will simultaneously participate in signing job. The user and the server are unlocking the safe by turning the each dial of the lock by several degrees.
When a signature is being generated in ZenGo Wallet, it requires a cryptographic computation process such as homomorphic encryption. Equivalent to the latest cryptographic technology that can perform operations such as addition, multiplication without having to decrypt the ciphertext. The value calculated based on secret shares is transferred as a secret value. End of the homomorphic encryption, the user’s mobile client sends the finally encrypted secret value. Then the server decrypts the value and completes the whole signature operation. If this procedure is successful, you can unlock the bitcoin lock script and transfer it to another account.
The signature of a blockchain is generally a mathematical process that executes a function that creates R, S, V values based on a private key, a public key, and a transaction message. When stamping a seal, the output prints the R, S, V values. R and S values are essential for signature, and V value is used as a parameter to boost the speed of verification operation.
To understnad the signing algorithm, first need to understand the ECDSA. Bitcoin and Etherium uses the Elliptic Curve Digital Signature Algorithm (ECDSA) by default. In ECDSA, a public key is created by taking random numbers selected from 2^256 numeric spaces as private keys and multiplying them by the generation point 'G' of the elliptic curve. The signature algorithm is computed based on the transaction message hash and the private key. The recipient uses public key to verify whether the signature is valid.
ZenGo Wallet’s signature is far more advanced. The signing task is also performed by the MPC algorithm, which simultaneously joins both the Wallet server and the participant client. ZenGo Wallet takes the x coordinate of the public key which is moved over the elliptic curve as the R-value. The S value requires additional computation. The S-value is generated when the mobile client and server exchange encrypted operations in two stages.
Transaction message, a random value, the public keys are the inputs of the function that calculates S-value. Homomorphic encryptions are applied in this computation. With homomorphic encryption, additional separate encryption/decryption procedure would not be needed. So reducing the attack vector thus enhancing the security. If the client finishes the total calculations securely, then the server would receive the result and decrypts it to get the S-value.
ZenGo Wallet generates R, S, V values in this way to complete the signature. ZenGo Wallet’s TSS method can apply to Ethereum as well as Bitcoin. Which means that the ZenGo Wallet's solution is blockchain-agnostic. On the other hand, the address of the Bitcoin generated by ZenGo Wallet starts with number 3, which means that it uses a script for BTC payment transaction. The account created by ZenGo
"Cryptographic techniques to overcome the security, privacy, convenience of universal wallet"
It is not realistic to support a variety of coins in a single wallet, but ZenGo Wallet has a goal to make it possible based on cryptography. In order to support different tokens in a single wallet, it is necessary to have different signature algorithms. In fact, it requires an additional elliptic curve algorithm or signature algorithm, which requires a lot of additional work.
For example, a ring signature signature algorithm is required to support Monero in a wallet, and jubjub curves for the Zcash. Unlike the blockchain datastructure, like IOTA using directional acyclic graph (DAG), it is much challenging to support within a wallet because it is a custom data type. In order to deal with the transactions of the IOTA, the wallet is needed to have specialized for IOTA.
However, ZenGo Wallet does not need to modify the wallet algorithm to load different coins or tokens, unlike existing wallets. ZenGo Wallet's TSS is not lies in the application layer, but the core math layer based on cryptography, all the logics are built so connecting other blockchains to ZenGo Wallet is not difficult. In fact, it took just a day to build concept products (PoCs) with TSS on Zilliqa. ZenGo Wallet plans to support several coins in the future such as Tezos and Zilliqa.
The technical background of ZenGo wallet, which made possible this general purpose wallet solution, is the outcome of cryptography research. Ouriel CEO stressed that cryptography is key to improving the security, privacy and convenience of wallets. He says the big progress of signing transactions with only facial scanning maximizes the user experience (UX). There is no worries about key loss or theft.
"The development of ZenGo Wallet required a lot of mathematical design in the software base, actually cryptographic research combined with performant software was the biggest hurdle," he said. And “The two-year cryptography research and development has created the fast, high-performance MPC wallet.” On the other hand, ZenGo Wallet has also contributed to improving the performance of the Zcash by developing a library that creates a threshold key that can be used in Zcash Sapling protocol. ZenGo Wallet announced this week that they now supports Libra coin which is a cryptocurrency of FaceBook Libra project.
ZenGo Wallet launched a public version on apple appstore last june. ZenGo Wallet is currently based on 2-party MPC but plans to expand the threshold value to many like 5 or 6, not two. Ouriel CEO pointed out that ZenGo Wallet's TSS technology can be extended to all services other than custody services, such as a cryptographic exchange or the Inter-Planetary File System (IPFS), a distributed file system.
[reporter Minseung Kang]