Bryant Nielson | November 15, 2023
For blockchain participants, protecting the private keys that authorize access to funds and contracts is paramount. Various storage models exist on a spectrum from cold storage that keeps keys offline, to hot storage with online access. Evaluating risks, usability trade-offs and operational needs allows selecting suitable storage kingdoms for keys.
The coldest form of storage is paper wallets, where private keys are printed on paper kept offline. While safe from remote attackers, paper wallets can be physically stolen or damaged. Printed QR codes also make them more error-prone to use. One step warmer is offline media like encrypted USB drives or external hard drives. Here keys reside digitally but still air-gapped. However, drives must be securely accessed to sign transactions.
Another cold option is hardware wallets or key-signing devices such as Trezor or Ledger. These allow key generation and signing offline while transmitting transactions through a connected device. Hardware wallets offer user-friendly cold storage but lack backups if devices fail or are lost. Some HSMs also support fully offline operation. Overall, cold storage provides robust security for large holdings but poor usability.
On the hotter end, keys may be stored in online databases or wallets protected through encryption, access controls, multi-factor authentication and other measures. Hot wallets facilitate active use of funds while still securing keys against remote unauthorized access. However, insiders or malware could compromise keys stored digitally online.
Between frigid cold storage and hot wallets lies a lukewarm zone. Solutions here minimize online exposure of keys while permitting frequent access. One example is multi-party computation where factions each hold key fragments that are mathematically combined for signing without fully reconstituting keys online.
Additionally, innovative secret sharing schemes like Shamir’s Secret and dual custody models enforce that multiple trusted parties must jointly authorize transactions. Keys themselves remain offline while proxy certificates or passwords enable managed access. Combining secret sharing, multi-party computation, and dual custody constructs can provide robust lukewarm storage.
Hybrid or tiered models also gain traction, where the bulk of funds reside cold while a hot sub-wallet contains a smaller balance for regular spending. Or cold storage may act as disaster recovery or backup for keys used in lukewarm or hot modes. The hot-cold paradigm allows aligning storage to assets with varying risk tolerances and transaction cadences.
When traversing the storage kingdom, sound protocols and hygiene are critical wherever keys reside, including:
- Cryptographic encryption of keys at rest
- Secure generation, sharding and reconstitution of keys
- Minimal access permissions and meticulous logging
- Multi-factor authentication and mandatory timeouts
- Key rotation, revocation and replacement regimes
- Regular reconciliation of assets against keys
- Physical security, backups and redundancy for offline storage
With growing institutional adoption, custody and insurance around private keys is improving. However, ultimately blockchain users must self-educate and implement strong storage opsec. The adage of “not your keys, not your coins” endures across the diverse realms of cold and hot storage.