This is a good article but you seem to be ignoring the most obvious solutions to this problem. Actually I would say that this problem is pretty much already solved but the solution is not widely implemented.


Hardware Security Modules

Users’ keys are secured by tamper-resistant hardware security modules in a crypto-anchor architecture.


Fully-managed, hardware-backed key management and custody platform to support your blockchain-powered application. Leverage industry-standard hardware security modules and secure access control policies with just a few lines of code.

Fortmatic uses what they call a HSM cryptographic anchor. This type of architecture might solve some of the previous security flaws we saw with past implementations of hardware security modules.

If we decide to go this route then the only thing we need to do is secure the method by which we validate a users identity. We CANNOT use 2FA relying on a user to receive a text to verify their identity as this makes cell phone providers the gatekeepers of our identity which is a huge mistake. They’ve already demonstrated their willingness to allow anyone to sim swap a users phone number allowing the attacker to gain access to all of the users accounts.

We can and should use 2FA such as Google Authenticator or similar. Users are then told that the phone on which the code generating keys which authenticate the user reside MUST be physically secured by that user. If the phone is lost or destroyed the user then is required to validate their identity by some secure manner and the users access is then restored.

So this problem is already solved once the following solutions are combined correctly:

  • Hardware security modules
  • Google 2FA — Not allowing identification via text
  • Methods and procedures for reestablishing a users identity in case code generating keys stored on a users phone are lost
  • Multi-signature architectures which require multiple entities to sign transactions which authorize the transfer of ownership rights to digital property
  • Registries more robust than what we currently use for domain names, establishing cryptographic certificates which establish a legal basis for ownership of physical property in the real world. For more information about the connection between domain names and cryptocurrency as digital assets which have similar property rights under the law please see:
    Treatment of Bitcoin Under U.S. Property Law
    And also:

Curious to hear your thoughts. The fact that people don’t seem to know how to do this is really sort of strange. This isn’t a radical concept. To recap:

  • System encrypts and secures private keys which interact with blockchain registries.
  • User identifies themselves as having access rights via a physical device which can use google 2FA.
  • Identity validation which can reissue new 2FA code generating keys is a separate mechanism
  • Multi-sig requires multiple keys to validate a transaction
  • Registries store the certificates which represent ownership of assets. The transferring of assets are dependent upon the encrypted private keys on the HSM servers.
  • The legal system enforces ownership of assets tied to certificates.
  • A blockchain architecture can give the registries authority and the property of non-repudiation of transactions between participants. Ownership and transfer of certificates becomes transparent, auditable, permanent, tamper-proof.
  • At the same time the identities of the actual people are never revealed by the public blockchain itself because the blockchain doesn’t reference identities, it references public keys.

Easy peasy lemon squeezy. The only hard part is the legal part. Other than that, we are clear about how to solve the technical challenges.

Written by

Incentives architect for TandaPay

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store