How can I protect my private key?

The blockchain uses asymmetric encryption to divide the user's key into private key and public key , The public key is published in the network , For data interaction and address access , The private key is kept in the user's hands , To protect your data and assets .

This kind of public 、 Private key separation , It is an encryption mechanism with high security coefficient . But in this mechanism , Similar to other encryption methods , Once the private key is stolen by others , Users' data and assets will be stolen . in fact , In the years of blockchain development , There are often network security problems caused by the loss of assets due to the disclosure of private keys . The hacker can not deduce the private key through the public key , You have chosen to directly steal the user's private key .

Why is the user's private key stolen ？ Here we need to understand several popular private key protection methods ：

firstly ： Kept by the user

This usually means that the user passes the cold / The hot wallet manages its private key , There will be a set of private keys in the wallet . Cold wallet is offline in the whole process , It can be said that it has high security . And the hot wallet is due to the Internet , It is possible for hackers to intercept private key information .

however , Although the cold wallet is safer , However, the private key generated by the hash algorithm adopted by the blockchain during encryption is a long string of characters , Memory is relatively difficult , They usually use mnemonic words to help them remember , Users can also use notebooks 、 Memo and other tool records , These recording methods may lead to the loss of the private key .

second ： Joint custody of multiple signatures

This safekeeping method uses smart contracts to sign transactions through multiple private keys before execution to improve security . Although the multi signature method makes the transaction more secure , But at the same time , It also creates new risks , That is, whether multiple signers holding private keys are fully trusted , If a signer has malicious behavior , Then assets will also face security threats .

third ： Third party escrow

This is a scheme to store and manage the user's private key through a third-party organization , Third party organizations usually combine multiple signatures 、 Hardware security module （HSM） And other more professional protection measures to ensure the security of the private key .

however , There is also a premise , Users need to trust a third-party organization to protect the private key , And do not use user assets in secret .

From the above several ways of keeping private keys , There are some shortcomings more or less , These are the key vulnerabilities of hacker attacks .

After summing up the experience , The developer proposed a more secure protection method , It is called multiparty computation （MPC）, This is a method to split the private key into multiple fragments , Share separately 、 The safekeeping method encrypted and sent to multi-party nodes .

The advantage of this approach is that , As long as the user doesn't use the wallet , Then the private key will always be separated . When hackers attack , Unless you completely break through all storage devices , Otherwise, the complete private key cannot be obtained . This undoubtedly reduces the risk of private key attack .

in addition ,MPC You can also do this without changing the private key , Update shared clips , It also avoids the risk of being cracked due to long-term existence in a device .