Connect with us

dApps

Squarelink driving mainstream blockchain adoption through simple, secure private key recovery

Tony Zerucha

Published

on

Technology as revolutionary as the blockchain shouldn’t be gone simply because a user has lost their private key.

That is the impetus behind Squarelink, a service providing a safe and simple authorization for apps and dApps. Launched in early November, it will eliminate a major reason why people find blockchain technology intimidating to use, co-founders Nick Slavin and Alex Patin said.

“This is doing a lot to enable mainstream adoption,” Mr. Patin began.

Download Squarlink’s whitepaper here.

The core technology allows a user to register, sign in and sign transactions with a username and password while also easily recovering lost private keys. Developers can offer Squarelink integration in addition to or in place of custom key management solutions.

By using an access method every technology user is familiar with, Squarelink essentially masks the complexity of the blockchain and allows the average person to benefit from it. Once mobile technology and the Internet became ubiquitous people saw clear benefits and didn’t care what was under the hood. Squarelink could be a key step in blockchain’s growth trajectory, Mr. Patin and Mr. Slavin believe.

Even though the solution feels centralized, it has the same level of security as a non-custodial wallet solution, Mr. Patin said.

“The user’s password never touches our servers and neither does their private key.”

When a user registers they receive cryptographic salts, which are long random values that add entropy to the password. When a password is hashed the salt is added. While the salts are centrally stored, passwords and salts are hashed on the front end so private keys are kept off Squarelink’s servers.

The second breakthrough is the ability to recover those pesky private keys, Mr. Slavin said.

“What we’re basically doing is allowing the user to encrypt their private ket with some other derived value like their answers to security questions  or their PGP public key for their email. These solutions are reminiscent of common methods of password reset. What we’ve done is offered a means of encrypting a user’s private key such that they are the only ones who can recover it.”

Only cipher text is stored and the computing power required to break that is beyond unfeasible for any hacker to deploy.

“From the outset a barrier to faster blockchain adoption, a central one is it’s hard to use and intimidating,” Mr. Patin said. “If you lose your private key, it’s lost.”

The challenge was in being able to recover a blockchain-based account while preserving each account’s decentralized structure. Squarelink has solved that problem.

“The user is the only person capable of recovering their account,” Mr. Slavin said.

Some assume Squarelink is centrally storing their recovery keys so a user would just have to verify their email and get their recovery key, but that is not the case. The user instead deterministically recreates their private key so it never touchers Squareink’s server. To reset their password users have to verify their email before they obtain their security questions, thereby removing the questions’ vulnerability.

The inherent nature of Squarelink’s authorization protocol makes them almost completely invulnerable to centralized attacks, the co-founders said, but there are still topics keeping them up at night. Like any application, client side attacks are a constant concern and Squarelink diligently works to prevent them. Frequent security scans and adherence to the Open Web Application Security Project Standards are some of the steps they take.

“You cannot get more secure than cold storage,” Mr. Slavin added. “Our solution has the ability to have security close to hardware wallets.

“No one has private key recovery quite like we have. There are other tools and services people sometimes think of when we explain Squarelink, but those products store private keys locally.”

Simplicity of use, familiar processes and strong security, three reasons why Squarelink will do its part to bring blockchain to the mainstream.

“If we want to make blockchain universal, you have to be able to access it anywhere,” Mr. Slavin said. “That’s what we are doing. With Squarelink you are the local storage device.”

Learn more about Squarelink here:

Tony Zerucha

Tony Zerucha is an alternative finance journalist with more than seven years experience in the space. The author of more than 1,000 articles, Tony was named LendIt's 2018 Journalist of the Year.

Continue Reading

Latest

Companies