ELI5: Cryptocurrency master keys

ELI5: Cryptocurrency master keys

A cryptocurrency master key is a theoretical concept where one specially crafted cryptographic private key would be able to decrypt ciphertext encrypted using any public key.

As far as we know, no such thing exists for any of the major cryptocurrencies. If a master key were ever discovered to exist, crypto value would drop to zero instantly since the security of the entire system would be automatically compromised forever.

During the early years of Bitcoin many feared that such an exploit could appear at any time and destroy BTC. After 10 years of Bitcoin’s first public tests (at the time of this writing : Jan/2019) no such exploit has been found – at least not publicly.

If anyone were to have this kind of technical possibility they would likely remain quiet!

Deriving the Private Key from the Public Key

Another theoretical concept of a master key would be some secret algorithm which would allow the private key to be derived from public keys. The holder of this kind of secret could then take any of the public cryptocurrency addresses found on the blockchain and derive their private keys. When in possession of the private key, a user could then sign transactions  and spend the cryptocurrency).

Again, no such derivation function is known for any of the major cryptocurrencies.

How do we know a master key does not exist?

There’s no way to know for sure. This strange fact derives from one of computer science’s most famous theoretical problems. We don’t know whether P=NP.

P stands for Polynomial, and NP for non-Polynomial.

An example is likely the best way to illustrate the P=NP problem.

Suppose you have the 6 secret numbers to access a safe box. The time it takes to enter these 6 numbers is proportional to the time it takes to mechanically enter them into the safe password system, whether it’s turning a small wheel or typing into a touch pad. This is a polynomial time solution because you can easily craft a polynomial equation that gives you very approximate time to solution for any number of digits.

If you didn’t have the 6 secret numbers, then the time to find the solution would be undetermined. You could either solve it on your first lucky try, on your 100th or only after all 1 million combinations were tried. In this case there is no polynomial formula to know how long it’ll take to find the correct password.

For decades, mathematicians have been trying to formally prove that problems of type P are not the same set of problems of type NP.  The idea is to try and find a mathematical concept that clearly explains the difference between opening a safe by having its keys and opening the safe by trying all possible combinations. Though this seems pretty intuitive to any layman, mathematically proving this difference exists has not been easy.

So how does this relate to cryptocurrency master keys?

Well, breaking cryptocurrency security features is clearly a NP problem. You don’t really know what you’re searching for and whether you’ll ever find a solution.

Solving Bitcoin blocks (mining Bitcoin) is an example of a NP class problem. We don’t know whether the block will be solved in 9 minutes, 11 minutes or the expected 10 minutes. All we know is that given X computing power there’s a great possibility of finding a block every 10 minutes on average. The exact 10 minute mark is not always hit. This is because the process is completely undeterministic. In theory a person could solve a Bitcoin using pencil and paper on their first try. The probability of such a thing happening is minimal, as you can imagine, but it’s not impossible.

It’s impossible to test every single imaginable process to break a cryptocurrency. It’s a theoretical problem that mathematicians and computer science researchers have not solved yet.

Therefore, since we can’t test every possibility for every type of cryptocurrency, it is therefore impossible to say for sure that no backdoor exists in the most popular cryptos.

Dash Master Key / Backdoor?

For nearly 2 years now there have been rumors of a Dash cryptocurrency master key.

Dash uses a Proof of Work hashing algorithm called X11. As the name implies, X11 uses 11 chained hashing functions, one after the other, in order to derive the final hash for blocks.

The 11 functions are Blake, BMW, Groestl, JH, Keccak, Skein, Luffa, Cubehash, Shavite, Simd, Echo.

In order for a master key to exist, there would have to be a cryptographic backdoor to these 11 functions. As we know, Quark uses Keccak, Ethereum Solidity contracts use Keccak and there haven’t been security holes reported in these. In order for a master key to exist, you’d need to have a master key for all 11 functions in Dash. Possible? Maybe. Likely? No. Like astronomically no!

Recovery Key Phrases

Some users have mistakenly called multiple word recovery phrases as “master keys”.

Recovery key phrases are not master cryptographic keys. They achieve the same result, but not like a master key would.

When a cryptographic algorithm begins to run you can provide it with what is called a “salt” or “initial state”.

It’s like a starting point for the cryptographic algorithm. The multiple word phrases are salts for deterministic wallets.

When a deterministic wallet starts from a certain number, it always produces the same sequence of addresses starting from that secret number.

If you turn a secret phrase into a number and salt the encryption algorithm using it, it’ll always reproduce the same sequence of addresses again, thus recovering the wallet.

As you can tell from the size of such phrases, it is a rather large number. Most deterministic wallets use 8 to 12 words or some variation of this ballpark figure. This phrase is turned into an astronomically large number that is used to salt the key derivation routine in your wallet.

So what’s the difference between recovery phrases and a master key?

A master key would be able to decrypt any encryption performed using it immediately.

Deterministic wallets cannot.

For addresses to be recovered using deterministic wallets, the wallet must recreate key by key that was used and test each one until one works. For some wallets this can take a very long time. A master key, on the other hand, would simply perform the forward encryption and immediately match any desired ciphertext (whether it’s a block hash, a signature or any other encryption routine).

Conclusion

As you can see, a cryptographic master key is the Holy Grail of cryptocurrencies.

You may hear about it in online chats and by folks spreading FUD in Telegram discussions, but the technical reality is that anything resembling a cryptocurrency master key would immediately destroy the entire crypto ecosystem in one fell swoop.

There are researchers working on this kind of problem day and night around the world and no such thing has ever been produced.

So, with the information we have today we can safely ensure you that there is no such thing as a cryptocurrency master key. If any cryptocurrency does finally get exposed for having a master key, it means its designed used cryptographic hashing functions that weren’t peer reviewed or were poorly (or maliciously) implemented. This is not the case for the most popular cryptos in the top 10 market cap list.



Send us news tips, suggestions or general comments by email: contact [at] crypto.bi