Blog

Jul 18, 2019

Account and Key Security at Algorand Part I

By: Sharon Halevi

Part I: Background

There are multiple ways to generate keys, but some are more secure than others. Since Algorand is a decentralized cryptocurrency, there is no central authority to protect against loss or theft. As a result, key security is a crucial part of ensuring that your account is safe from attacks or loss of access.

The main goal of generating and storing keys securely is to protect the currency residing in your account and allow for increased account usability. In an account, you want reliability and redundancy to protect against loss of keys, secrecy to protect against adversaries, and ease of access to enable spending. The security measures discussed in this series are more suited to high value accounts and not frequent spending accounts because they achieve higher security, but require more effort.

This series of blog posts is organized as follows:

  • Part I: In this post, we explain some background information necessary for understanding the Algorand wallet and account architecture, the best practices for key storage, and the difference between single-key and multisignature accounts. We also explain the importance of offline machines and how to set them up.
  • Part II: We explain how to create and transact with a basic (single-key) account in the Algorand network.
  • Part III: We explain how to create a transaction using a multisignature account.

How are Wallets, Accounts, and Keys Structured?

This blog post series focuses on the use of kmd (key management daemon) for account creation. Thus, the structuring of accounts and wallets is unique to kmd. To learn more about kmd, visit developer.algorand.org. There are alternative methods of account creation and use, but this series will not cover them.

The structure of wallets, accounts, and keys is important in understanding the best security practices regarding each. Wallets store a collection of accounts. If a user has access to a wallet, they can recreate and gain access to all accounts that were created from that wallet. Wallets have a user-created password that is used to protect kmd operations like creating accounts and signing transactions. This password is local on the machine, and not associated with the network.

Accounts have a balance and must be created inside a wallet. Accounts are accessed through pairs of keys — one private and one public. A public key is the same as the account address where others can send currency. A private key acts as a password to approve transactions out of an account or import accounts on other devices. Private keys are strings of bytes, encoded in mnemonics for readability.

Since the pair of keys for an account exist regardless of the account location, funds can always be sent to an account independently of whether it is in a wallet. However, there are functions like signing transactions that require for an account to be in a wallet. Accounts can be used in the wallet where they were created, or imported into a different wallet and used there. However, if a wallet with imported accounts is recovered elsewhere, those accounts cannot be recovered in it. Only accounts created in the wallet rather than imported into it can be recovered. These facts have important implications for security, since importing an account into a wallet exposes the private key mnemonic.

What is a mnemonic?

Account and wallet mnemonics are a series of 25 words that encode a secret key. For wallets, this mnemonic allows for the recovery of the wallet on other devices. For accounts, the mnemonic allows for the recovery of the account in another wallet as well as for signatures to allow transactions from the account.

From inside a wallet, a user can view all of the accounts in the wallet and their account mnemonics. Wallet mnemonics only appear once, at the creation of the wallet. These features have important implications for security that will be discussed in the following sections.

Where do I store the keys?

Public key-secret mnemonic pairs can be stored however you choose, but some options include:

  • Writing keys on paper and storing in safe locations such as locked cabinets, closets, boxes, safes, safe deposit boxes, or vaults. Archival paper is ideal, as it is less susceptible to wearing over time.
  • Using a hardware wallet like Ledger to hold the account.
  • Storing the mnemonic in a cryptosteel — a steel device that stores the first 4 letters of each word in the mnemonic and is safe from breaking, flooding, and wear over time. Be sure to store the cryptosteel in a secure location. To recover the full mnemonic, compare the first four letters with the dictionary of words here, and enter these words as your mnemonic.

There are also custodian companies (like Coinbase, Bitgo, and others) that specialize in creating and protecting keys for users. These companies hold your secret keys for you, and allow you to interact with your account through web-based login or other means. Make sure to research the security of each company, since they have access to your secret key and account. For example, note that login security is just as important as key security: even if an attacker cannot learn the secret key to a user’s account through the company’s data, the attacker may be able to exploit weak login security to log in as a user and access funds that way.

For accounts associated to multisignature accounts, the more spread out the keys are, the more secure they are. For a multisignature account, if you write the keys on paper, store the pieces of paper in different locations. That way, if an attacker finds one, they will not find all of them. Additionally, keeping paper, cryptosteels, or hardware wallets in tamper-evident bags can help inform you if the account is under attack. For more security, use a combination of the options listed above.

How do I make sure my keys are not compromised?

The best way to ensure the security of your keys is simply to store them as securely as you can and sign transactions offline whenever possible. If you suspect your keys are compromised, transfer your funds to a new account ASAP.

What do I do when the keys are compromised?

If you discover that your keys are compromised and your funds are still in your account, initiate a transaction to send your funds to a new account as soon as possible. Since Algorand is a decentralized currency, there is no central authority to help return lost funds.

How do I recover a wallet from a secret key mnemonic?

If you want to recover a wallet on a new machine, use the flag -r. The full command is

./goal wallet new <wallet name> -r -d <path to data directory>

You will then be prompted to enter the mnemonic. Once you enter a mnemonic and create a password you will have a new wallet with the same address as the previous wallet.

It is an empty wallet upon recovery, but as you create new accounts you will see that the addresses of the accounts in the recovered wallet have the same addresses and thus are the same accounts as those in the previous wallet. Recall that imported accounts cannot be recreated from wallet mnemonics, but must be imported again from the account mnemonics if you wish to use them in the recovered wallet.

The security risk here is that if an attacker gains access to a wallet mnemonic, they can recover all of your accounts. Then, they can use an export command to see all of the individual account mnemonics as well.

To avoid this security issue, you can create different accounts in different wallets. This way, if an attacker recovers one wallet, they do not have access to all of your accounts. Alternatively, you can create all accounts in one offline wallet and simply not record the wallet mnemonic at all. Then, to use these accounts on other machines you must import them using individual account mnemonics.

How do I recover an account from a secret key mnemonic?

If you want to import an account in a new wallet, use the command

./goal account import -m “<secret key mnemonic>“ -d <path to data directory>

Do not forget to put quotes surrounding the mnemonic.

How do I decide whether to use a single key or set up a multisignature account?

A multisignature account is a more secure account type that is associated with multiple key-pairs instead of just one, and it requires signatures from a subset of those keys before completing transactions. For example if you have a 3/5 multisignature account, that means there are 5 associated keys and you require 3 of them to sign to complete a transaction.

Whether to use a single-key or a multisignature key account is a question of usability/security tradeoff. If you have a single key account it may be easier for an attacker to gain access to the account, since it only requires them to learn one secret key. It is also easier for an account holder to lose a single secret key by accident than it is to lose multiple. A multisignature account ensures higher security due to the existence of a threshold. To gain access to an account, an attacker would need to learn enough secret keys to get above the threshold. Multisignature accounts also protect in the case of lost keys. In the example above, a user can lose up to 2 keys and still have access to their account by using the remaining 3 keys.

However, having multiple keys also makes accessing the account more difficult. High thresholds may take more effort to sign, making them inconvenient for frequent spending.

What does it mean to do operations offline?

Some operations, like creating accounts and signing transactions, require the use of the secret key. If they are performed on a machine that is connected to a network, this creates the possibility for an attacker on the network to access the secret key.

To avoid exposing your secret key to a network, it is important to do these operations on an offline machine. The next two sections describe how to set up an offline machine and how to run a node on that offline machine.

What devices will I need for secure account use?

You will need two computers — one to use online and one to use offline.

You will also need at least two USB sticks — one to boot the offline machine from and one to store files for transfer between the online and offline machine.

How do I set up an offline machine?

The recommended method to securely create an account is to have one node running on an online machine and one node running on an offline machine. To learn how to run an online node, visit developer.algorand.org.

An offline machine refers to a machine with no internet access, no access to a hard drive, and no communication with the Algorand network.

An offline machine can be created by downloading an operating system like Ubuntu onto a bootable USB, and booting your machine from that USB.

For instructions on how to do this on the Ubuntu operating systems, visit https://tutorials.ubuntu.com/tutorial/tutorial-create-a-usb-stick-on-ubuntu#0

For MacOS, visit https://tutorials.ubuntu.com/tutorial/tutorial-create-a-usb-stick-on-macos#2

For Windows, visit https://tutorials.ubuntu.com/tutorial/tutorial-create-a-usb-stick-on-windows#0

The reason why offline machines are so important in security is because any time you expose a secret key, your account becomes vulnerable. If you only use the secret key mnemonic on an offline machine that is not connected to the network, then it is practically impossible for an attacker to access that information from the network and compromise your account.

How do I run an offline node?

  1. To set up an offline node, download the installer file matching your offline machine’s operating system onto a USB drive for storage, different from the bootable USB from the previous section:

Linux: https://releases.algorand.com/install/offline_install_stable_linux-amd64.tar.gz

Mac: https://releases.algorand.com/install/offline_install_stable_darwin-amd64.tar.gz

RPi: https://releases.algorand.com/install/offline_install_stable_arm-x86.tar.gz

2. Boot the offline machine using your bootable USB and plug in the storage USB containing the installation file.

3. On the offline machine, retrieve the installation file from the storage USB. In the terminal/command line, create a temporary installation directory and go into it

mkdir instcd inst

Move your installation file into your temporary directory and unzip it

mv <path to file> .tar -xf <filename>

Go into the bin folder created

cd bin

4. To create a node, use the command

./update.sh -i -c stable -r -p ~/node -d ~/node/data -n

In this command, -i is the flag to install, -c is the flag for the channel, -r is the flag to resume installation, -p points to the bin directory of the node, and -d points to the data directory of the node.

Now to start your node, use the command

./goal node start -d <path to data directory>

What’s Next?

At this point, you have learned how wallets, accounts, and keys interact. You have also learned some suggested best practices for key storage, as well as the importance of offline machines and how to set them up.

To begin securely creating an account, follow the additional parts of this tutorial:

  • Part II: How to create and transact with a basic (single-key) account
  • Part III: How to create a transaction using a multisignature account