Holiday Surprise: Dr. Leemon Baird on Decentralized Recovery and Custody – The Private Key to Mass Adoption

Oh welcome to gossip about gossip. Powered by Hedera Hashgraph. And each episode will cut through the hype of blockchain promises and explore real world examples of organizations creating the next generation of decentralized applications, which will bring trust back to the internet for us all. Hello everyone, and welcome to a very special episode of gossip about gossip, the podcast where we talk about real world applications for distributed ledger technology. My name is Zenobia Gods talk, and I'm the VP of communications here at swirls labs, helping to grow the Hedera ecosystem. Today, as we round out the year and come to the end of season three of the podcast, we have a very special guest on today. Dr. Lehman Baird is going to talk to us about direc decentralized recovery and custody and why it is the private key to mass adoption of crypto DLT and why it's so important. For those of you who have been with us on this journey, both through season 3 as well as through the other seasons of the podcast, Thank you so much. We so appreciate our long time supporters. We appreciate all the barbarians in the community and we appreciate all of our guests who have come on and who have made this season so vibrant and so exciting and have really brought some of those great use cases to life. So we will be wrapping up for the season. We're going to take a break for the rest of December and we will catch you back in January. I hope everyone has a safe and happy holidays. And without further ado, I'm going to pass it over to Dr. Liman. Baird Hi. I'd like to talk with you about something that our industry desperately needs decentralized recovery. This is something that we are going to put extreme amount of time into. We're already working hard on this. We want to work with other Ledger's people outside the industry. This is something that is a huge project that we desperately need throughout the industry. And this is something I want to talk to you about today. So decentralized recovery and custody, this is the problem today in the non Web3 world. In our existing world, you have a safety net for everything that you do. Everything has a safety net. If you lose the password to get into your bank account, you can still get your money. You can go to the bank and prove that you. You can ultimately go to the courts and get them to tell the bank that you. There is always a way of doing it. If you're incapacitated, your friends and family can go to the courts and petition to actually do it for you. It is always possible to get to your money. Just lose your password, won't lose it. Losing your wallet won't lock you out. If you lose the keys to your house, you can get a locksmith to come and let you into your house. You can get through the window with a brick. You can always get into your house somehow. And that's true for a safe that you have or for stocks that you own or your car or your passport. Anything you lose, there is always some emergency way that you can get it back. But in the decentralized world that we're entering, that's not true. If you have cryptocurrency in an account and you have the private key for that account, if you lose the key, you are out of luck. Your money is gone forever. Or if you have a recovery, mnemonic phrase, 12 words or 24 words. If you lose those and you lose the key, there is no way to recover. And if someone steals it from you and they steal your money, there is no way for you to get it back. You cannot even know who Stole it and you'll never be able to find it. Even if you know what account it went to. There's no way for you to get it back. This is not a world with a safety net, and it isn't just for cryptocurrency. It can also be tokens that you might have. It can be assets in a metaverses that are stored in tokens in the future. It could be your ability to vote in a DAO. That's not money, it's not tokens, it's power or ability to do something. It can be things like coins. It can be online ID credentials, desse, decentralized identifiers. Anything that is a credential for you that could become your identity in the online world. Giving you the ability to do everything and to own everything could be lost. And we do not have safety Nets. You cannot go to the court and say, I forgot it. I've had emails from people who said, oh, Lehman, we had a whole bunch of bars and an account and we lost our key. Would you mind generating another 24 words for us and sending us those 24 words since we lost ours? No, I can't. I physically can't. It's the whole point of decentralization is that no one can do that. I cannot get your money back for you by design. This is the whole point of Web3. So we don't have an FDIC insuring things. A lot of people wish we did. Right now we don't have safety Nets for if you lose your keys and everything is based on knowing a secret, having a key or a mnemonic. Everything is protected that way, and if you lose it, you're out of luck. If someone steals it, you're out of luck. There is no recourse. So what can we do? Well, honestly, for web three, for ledgers, for blockchains to go global, for everyone in the society to use it, it has to be something that your grandmother can use without training a non-technical person very easily. It has to have convenience. It has to be at least as easy as the bank, maybe easier. And you need to not have intermediaries who can steal everything. You really don't want that. We don't want to say that the answer to the problems of decentralization is to become centralized. That is not the right answer to the problems of decentralization. The answer is safety Nets. So what is a safety net in this case? Well, people talked about custody. You just give everything to someone you trust. That's better than nothing. I've actually recommended this to people, even though I don't like it because the one person you gave it to could steal everything and. And could lose everything. And maybe one employee in that company might be able to get everything. It's just not ideal. And I have recommended this to people because in some ways, it's better than nothing. It also raises the question again, well, how do you get to your stuff in the custody? Do you have a password? What if you lose your password? What if someone steals your password? Can they get the stuff out of your custody by pretending to be you? How strongly does your custody service KYC you and re authenticate you every time you try to get stuff? A lot of the same problems we have with accounts that are just carried over to custody. And even if you have to go in person every time you make a withdrawal, are they really checking you carefully? A lot of questions. So that's problems with custody. People have also had other alternatives like social recovery. The idea is that you have an account, that you have multiple keys in your account, and then it takes multiple helpers to agree. If they all have different keys in your account, they all have to agree for you to pull anything out of your account. Now there is problems with this. With social recovery like this, you have privacy problems because the whole world can see the keys in the account. And so they may be able to know who your helpers are. They know who to go to attack. They know who to go bribe. You don't want that. You want privacy. They'll know how many helpers you have. Also, the helpers might fail. Your helpers might eventually, one by one, lose your key. Maybe they really don't care about it. And you won't know. And they won't know. Maybe they forgot they were helping you. You won't actually know until you really need it. And then you go to them and say, OK, help me. And they say, oh, I'm sorry I lost your key a few years ago. I hadn't noticed. Sorry about that. You're out of luck. And then it's also very inconvenient to add new helpers and remove helpers. You have to change keys. Social cover like that is really not the best way of doing things. What you really want is direct, decentralized recovery. And here is the idea. You have your secret. Maybe it's an account with just one key on it, or maybe it's a did. It's actually information or it's private keys for something else, or it's passwords for websites that you're using something like one password or a whole bunch of past. Your secret is a list of passwords. Whatever your secret is, any secret. What you do is you get helpers like we had before. But it's not that they each have a key on your account that would be bad. Instead, you take that secret and you break it into pieces and give each of your helpers a piece. Shamir's secret sharing. Very easy, very straightforward, very secure. You can say that it takes half of your helpers to recover it. So if even one less than half of your helpers isn't helping you, or if you have just less than half your helpers helping, then you will not be able to recover the key. It takes a full half of your helpers to do it. And again, I say a half. I would encourage us to build that into the software. Don't even give the user the choice of what the fraction is. Because again, we don't want grandma to accidentally get into trouble here. So we'll just say you can get as many helpers as you can. Maybe until you have three or four helpers, the software will yell at you. 3 is probably good. The software will yell at you and say, hey, you need more helpers. And then when you have enough helpers, your key, your secret is shared among all of them in pieces. None of them can see your secret, and then any half of them can recover it. That's decentralized recovery. So what happens if you lose your key? You just have to or you lose your phone, say you go get a new phone, you install the app, and then you go to each of those helpers and you say, hey, I want you to be my helper. And just like you had connected with them in the first place, you connect with them again. But when you reinstalled the app, you told it, hey, I'm in recovery mode. I've done this, I've been here before. Please help me recover. And so when your phone connects to each of your helpers, it knows that it's recovering. And as soon as you talk to half of the helpers, if you had 10 helpers, as soon as you talk to the fifth one, your phone magically has all its secrets back. It even has the list of helpers back. Remember, we're keeping that private. The helpers don't know who each other are, so it's not really stored anywhere, except it is itself one of your cigarettes. So as soon as you can remember five of your 10 helpers, you will instantly have the list of all 10 and you'll have all your secrets. Everything is recovered. You are fine. This is dreck. Even that is maybe obvious. If you know what shamir's secret sharing is, you might have thought of that. It's not enough. It's really not enough. So what we need to do is, in addition, in this picture, each helper is getting a quarter of your secret share because there's four of them. If you had five people, each one will get a fifth. When you add or subtract a helper, you need to give all the other helpers new shares. So when I go from four helpers to five helpers, I go to every helper and I say, och, you used to have one fourth of my secret. Now you get one fifth of my secret and you give them the new share and they throw away the old share. And this should all be invisible and automatic. Behind the scenes, the act of adding one new helper should just automatically make my phone talk to their phones. And we just all redo our shares. And my helpers don't even know that's going on. It's just silently happening. So that needs to happen. We need to be able to add and subtract helpers in a very smooth, automatic, invisible way. So for grandma, all she knows is that she has to go connect with a bunch of people. That's it. That's all she has to know. Also very important, this is maybe out of this entire talk. The one thing that I would say is the biggest takeaway to remember for dreck is that you want them verifying daily. My phone should be calling up your phone or talking to it, sending it messages in the background, which I also can do, Android can do and say, hey, do you still have that share I gave you? Maybe you even do a challenge response to prove that they have the share. There's ways of doing that. And so then what you have is every day my phone is making sure that all my helpers still have the shares. If you don't do that, I guarantee you you're going to have a helper who upgrades their phone every year and doesn't think to bring along your secrets. And they've lost your shares or they just lose their phone. They have to buy a new one, and they've lost their shares. And they're not even going to remember about you. They're not going to tell you. And one by one, you're going to lose all the keys until more than half of them are gone, and then you're out of luck. That's what's going to happen if you don't verify. If you're verifying, though, every night your phone is talking to their phones, it verifies that you have the secrets, that they have your shares of your secret. And if there is one that is down, it will try again tomorrow. And if it still does done, try again the next day. If it's still down, it'll tell the user, hey, you thought Alice was one of your helpers? But for the last three days I haven't been able to get a hold of Ali's. You might want to go talk to Ali's. Maybe Ali's lost her phone, and you should go offer to become her helper again. And you'll actually be helping her to recover. Maybe she forgot you were one of her helpers. You should go tell her. That's nice, because it's symmetric. If I'm your helper, you're my helper. You'll be able to go in and disable actually sending shares to the person. But it's secret. They don't know that. As far as people can tell, everybody is symmetric. And so you can help out Ali's if your phone discovers she's no longer helping and then after a week, say, if you've ignored it, then your phone says, well, I used to have 10 helpers, but one of them is gone. I now going to change my set of helpers to just be the remaining nine. I'm going to give everybody a one night, share. You'll now have to have half of 9 to recover and we'll just ignore that 10th one. And so it silently automatically reshuffles things so that you're back to a full set. So now all nine are your helpers, and if one of them loses their phone, eventually they'll go down to eight, and then it only takes four people to recover rather than five. So it'll automatically take care of you. And if you get down to too few helpers, it'll start giving you warnings. Hey, we don't have very many helpers. We need to go get more helpers. This is critically important. There is no way that Web3 is going to change the world. If all of your life is tied up in secrets that can easily be lost, this is the way to make them not be easily lost. Of course, we can then recover our lost secrets. If somebody loses it, we can get it back in the way that I said. You just go find helpers one by one, adding them. And as soon as you've added half of your original helpers, you magically see the list of all the rest and you're set and it actually connects to them. You don't have to do anything, you just connects to them automatically. You're set. You can also do decentralized custody. It's exactly what I just said. Except you could say that I don't have my secret. You can have a secret that your helpers all have shares of it, but you yourself don't even have the secret. And when it comes time to say it's a key to let you do a transaction on a network, maybe pull tokens out of an account, you can't even do it. If somebody captures your phone, they cannot do it with what's on your phone. You don't have the keys. No one can coerce you into doing it because you can't do it. The only way to pull your money out of the Cold storage is for you to go to all your helpers and say, here's the transaction I need signed. I am really neat. You convince them you're really you, and then they push a button on their phone and they each do a piece of the signature. You aggregate them and. Get your signature back. There are ways of doing that as well. Cryptographically and so then no one ever knows your secret. You don't know your secret and your helpers just have shares of your secret. And can we go from 10 shares of a secret to nine shares of the same secret without recovering the secret? Yes, we can actually implement that on Hedera as well, but we're going to put this in our Free Library and release it to the world. And this will be part of direct. This is so important. So derech is not just decentralized recovery, it's also decentralized custody. This is what the world needs. And it is so important you could start having businesses like helper as a service. Why shouldn't your local bank? They offer safe deposit box boxes, which may be one employee could get into, I don't know. But this they could do they could be a helper and then one employee couldn't get into it because they're not all your helpers, they're just one of your helpers. And so every time you go to the bank, you prove that you are you, and then they help you do whatever it is you want to do. So you could have banks as helpers, you could have attorneys as helpers, you could have companies that are currently doing custody that say, hey, we'll do normal custody. We'll also do direct custody, and we will also do helper as a service for a small fee. We will become your helper and we will only help you. When you convince us that you are really. We'll get to know you well enough that you can convince us are really. We want to make this where you have to be in person to recover. And in person to connect to someone. Although possibly we could allow you to recover without being in person. But I really like saying you have to be in person. We want to be very, very safe. So decentralized recovery, I think the world is going to go to decentralized custody as part of dreck. This is what the world needs. We absolutely need this for our hot wallets. We need to have decentralized recovery and for our cold wallets, we need to have decentralized custody. This idea of just storing your 24 word demonic in a bank vault is better than nothing. But we can do a lot better than that. So we need to write protocols and we are talking about we are in the process. We actually written part of writing these as actual internet protocols. RFC is IETF. These are real protocols. We're going to end up joining with other people in other organizations, other ledgers, other blockchains. We want to join together to create some internet protocols. Why? because when you add a new helper and when you recover your lost secret, that is a way that you are talking to their phone. Your phone is talking to their phone. It should be a standard so that different people can write programs that all interoperate. We want every wallet, every game, eventually every operating system to be able to play as one of your helpers. And they should be different. You use one wallet, you use one operating system, you use one game, and they all have this built in. And so they all can be my helpers. They all interoperate. So we need a protocol for how you become someone's helper and how you recover the lost secrets when you become their helper. We also need a protocol for distributing those secret shares and redistributing them. When you add a person or remove a person, we need to redo all the shares for everybody. This is important. We also need to be able to do that daily check that the helpers still exist. Critically important. We have to have that and I really am hoping this will someday be built into every operating system. We've got to make standards so actual RFC standards that we're working on. And if you want to join us, work with us. We really want everyone to be involved in this. And then we can join these sign transactions. That's the decentralized custody, which I think is also critical for the things you don't use every day. But you want to keep extra safe, you know, like the bigger amount of your money, you decentralize custody and you actually have your helpers helping you any time you want to withdraw from it. And then you have the smaller amount of your money that you keep as decentralized recovery where you can just spend it any time you want, but if you lose your phone, your helpers can help you. These are the protocols, the four protocols that are needed. So in summary, what is dreck? It's a way to save any secret it can be keys. I keep talking about keys on an account, on a ledger, but it can also be passwords. So your password manager one password or Apple does password managers or Chrome does password managers. They should be able to play in this game. They should be able to do dreck to protect your password list so that no one steals it and uses it and you don't lose it, which would be very inconvenient. It could also be used to protect Diddy's decentralized identity. Things that are keeping track of your identity. This is a new thing in the Web3 world, and I believe that it's going to take over everything. Even in the United states, driver's license are starting to become electronic and passports. Hopefully, someday, we will have driver's license and passports. Just be something in your phone. I really want that. But ultimately, I want to make sure I don't lose it. And that no one steals it. And so derech is what we might use for that. And then any other secret, just take notes to yourself and keep those secrets. We want it to work with any ledger, any blockchain, but not just that, any software. When you have vr, metaverse worlds where people are playing the game and they're buying assets or getting assets, they're NFTs. Oh, there's actually a key involved. And you really don't want someone to steal your account. You want to protect it. You can use a password that's not very secure, especially as these things get valuable. You should be using dreck, so even games should have it built in. Metaverse should have it built in. It should be invisible. It should automatic. All it should be is that when you first start, it nags you every couple of days saying, you know, you need some helpers, why don't you go get some helpers? And this needs to be widespread. So everybody has software that they could become your helper. You just pick people you trust, or maybe your banker and your lawyer, or maybe just your friends, whatever people in your bridge club, whoever your friends are, you could get them to be helpers. We are going to build, we are building and we will release open source libraries to do all of this. A demo app. We've gone through several versions of it. Now we're going to keep working on it. I'll record videos to show you at some point, demo app that shows how all this works. It's pretty cool. And then of course, there's protocol standards that talked about this is direct. I'm excited about it. We are putting real money into it and don't plan to make any money at all off of it. The whole point here is that it is something that our industry desperately needs. And we want to work with everyone from every ledger and even from outside the blockchain industry to make this happen. Well Yeah. Thank you. And I will look forward to talking to you again. Thanks