A blockchain is a trustless, distributed ledger system supporting transactions between accounts. Blockchain entries consist of blocks of information that can include transactions, data records, and other information. For use as a distributed ledger, a blockchain is typically managed by a peer-to-peer network collectively adhering to a protocol for validating new blocks. Once recorded, the data in any given block cannot be altered retroactively without the alteration of all subsequent blocks. A blockchain includes multiple blocks, each containing data and a hash of the previous block, thereby linking the blocks in the blockchain. A typical block in a blockchain may hold a batch of transactions. Each transaction may include one or more data elements for storing information and a transaction ID to identify the transaction. The transactions are associated with a unique blockchain address, which serves as a pointer for locating and retrieving the transactions.
Public/private-key pairs enable user interaction with applications by allowing the user to access information stored on the blockchain with a private key generated specifically for the user. Thus, private key cryptography provides an ownership tool that fulfills user authentication requirements and allows the user to access the digital assets stored on the blockchain. Conventional private key management methods are inherently susceptible to hacking.
Conventionally, the user of the application is responsible for managing the user's private key and protecting it to prevent malicious parties from fraudulently acting on behalf of the user. The user is thus encouraged to keep the private key hidden and, should the user lose it, there is no conceivable way to regain access to the user's account. For example, one conventional key management mechanism is a non-custodial wallet, where the user manages the private key himself. Conventional non-custodial wallets require that users save and remember long private keys and/or multi-word random mnemonic passphrases in order to access user accounts/wallets. If the user loses or forgets the private key, any information encrypted using the private key is lost as well, such that any assets held by the conventional non-custodial wallet are irrecoverable. This requires extreme vigilance in maintaining the key. Additionally, this requires a high degree of sophistication on the part of the user, which may limit the adoption of blockchain-based technologies.
Another conventional key management schema involves the use of private key recovery phrases, which are system-generated mnemonics that are matched to a private key. Each word in the phrase matches to a series of bits that collectively make up the private key. The private key recovery phrases are easier to record and remember, but they are still not created by the user and are essentially alternative representations of the private key.
Yet another conventional key management mechanism is a conventional custodial wallet. Conventional custodial wallets are services that store and hide a user's private key and cryptographically sign transactions on the user's behalf. This allows for a more conventional account authentication and password recovery user experience, but the user does not have full control of his wallet account and the nature of the custodial wallet service makes user authentication information susceptible to security breaches. Additionally, in such conventional custodial wallet scenarios the entity maintaining the custodial wallet (and a user's private key) has the ability to access user information encrypted using the private key—meaning that a user must relinquish some level of control to the entity maintaining the custodial wallet. In many situations, this may not be desired if the user wishes to maintain complete control over their information. Custodial wallets further introduce a point of failure if the custodial wallet provider were to suffer a cybersecurity breach.