Security, Privacy, Usability, and Convenience
A short moment ago, we announced two new features would make their way onto the first mainnet version of Particl’s Open Marketplace: multi-wallets and a private-by-default escrow system. Today, we’d like to dive deeper into the upcoming multi-wallet capabilities of Particl Desktop.
What are Multi-Wallets?
Multi-wallets are not new to Particl. In fact, they have been available on Particl-Qt ever since Particl forked to codebase version 0.15. We are, however, now bringing this important feature onto our most popular client: Particl Desktop.
What if you could manage multiple wallets within the same Particl Desktop instance? What if you could do it without breaking a sweat? This is exactly what this multi-wallet feature allows you to do! It enables the ability to securely manage multiple wallets from a single Particl Desktop instance without requiring you to restart the wallet or mess with the wallet files (wallet.dat).
When using multi-wallets, your identity, transaction history, and any other Particl-related data (i.e. listings, contact information, messages, etc) are perfectly isolated from the other wallets hosted on your Particl Desktop. This makes it impossible for this information to leak into another wallet.
Multi-wallets serve multiple purposes within the Particl ecosystem and will be an important feature moving forward. As time goes by, and as the Particl infrastructure expands, they will become truly indispensable.
Security & Privacy
Multi-wallets are first and foremost a security and privacy feature. The reason why is that all the data from a wallet (i.e. transaction details, listings, contact information, messages, votes, listing flags, etc) is perfectly isolated from other wallets installed on the same Particl Desktop. All multi-wallets are also encrypted independently and have their own password.
In computer security, this ability can be compared pretty closely to the security by isolation model. This model proposes that one of the best and most effective ways to secure data from multiple environments is by isolating them from each other. Particl Desktop achieves similar results by completely isolating the wallet files (wallet.dat) from each other.
In other words, if you are managing two (or more) different wallets from the same Particl Desktop instance, it is as if you were managing them from different computers entirely. Wallet data cannot leak out into another wallet, just like data from a computer cannot leak out into another computer by itself.
Note: This doesn’t mean your data is safe if your computer gets hacked into. While the wallet files themselves are isolated on the Particl Desktop client, they are not isolated inside your computer itself. They are still stored in the same place in your Particl configuration folder. The only way to secure your funds against hackers that would breach into your computer is to store them on a hardware device like the Ledger Nano S (1, 2, 3).
Security — Eliminating Human Errors
Of course, managing multiple wallets has always been kind of possible to do, but it’s definitely never been convenient. In fact, if you want to switch wallets on Particl Desktop without using multi-wallets, you can actually go through a painful manual routine that goes as follow:
- Create a folder containing all of your wallet files (named differently)
- Shut Particl Desktop down
- Navigate to your Particl configuration folder
- Backup your wallet.dat file and move it to the wallet folder you just created
- Give it a different name (i.e. wallet_spending.dat)
- In your wallet folder, pick the wallet file of the wallet you want to switch to
- Move it into your Particl configuration folder
- Rename it to wallet.dat
- Start Particl Desktop
- Rinse and repeat every time you want to switch wallet
Almost cringeworthy, right? Not only is this very tedious set of steps a serious obstacle to regularly using multiple wallets, but it’s also a bit of a security risk. That’s because, on a long enough timeline, we are all guaranteed to make mistakes. Indeed, research suggests that the great majority of information leaks and incidents are due to human errors, not hacks or malicious breaches.
“There is a tendency to assume incidents exposing sensitive, regulated data occur as a result of an organization being “under attack.” Seasoned privacy professionals, however, know that in reality, the majority of incidents are inadvertent and unintentional, and can be classified as human error.” — Mahmood Sher-Jan
Who’s to say you won’t ever forget to back a wallet file up before manually switching? That you won’t overwrite a file by mistake? With multi-wallets, you don’t need to worry about these human errors anymore. This feature makes switching between wallets safe, quick, and easy.
Privacy — Address Association Prevention
You probably know by now that you shouldn’t reuse deposit addresses for privacy reasons. In fact, anyone that knows an address of yours can look it up on a block explorer and analyze the transactions you’ve made with it in the past. What’s worse is that, not only can anyone look up your address on the blockchain, they can also do the same to all of the addresses associated, directly or indirectly, with it. To keep it simple, an address is “associated” with another address if it has received or sent payments to it.
This is why using new deposit addresses when accepting payments is the recommended behavior for the great majority of cryptocurrencies. To increase the number of users doing just that, more and more crypto wallets have started generating brand new addresses by default when requesting payments. This type of wallet is called a Hierarchical Deterministic (HD) wallet. It is what Particl uses for its wallet clients.
There are, however, other privacy-related issues that still stand unresolved. Even when receiving payments with new addresses, you can still easily reveal your other ones. That’s because unused addresses get associated with any other address to which it sends a payment to. It also gets associated with any address further down the transactional chain, meaning “associated addresses of associated addresses”.
In other words, if someone sends you a payment to an unused address, and then after some time you send that payment to your main stash, you effectively reveal your main stash information (number of coins, who you’ve made and received payments to, who they’ve sent and received payments to as well, and etc) to the person that paid you. Of course, blockchain analysis can reveal public addresses that receive and send payments. It can’t, however, tell ‘who’ exactly the addresses belong to unless it is already known that an associated address belongs to a certain entity (i.e. by sending funds to an exchange).
Would you want a stranger to know how much you own? Would you want an exchange to know everything you do with your personal coins not stored on their platform? Would you want any person, organization, or company associated with blockchain data analysis firms to be able to mine all of your data?
Last week, cryptocurrency industry giant Coinbase sparked outrage when it announced that it had purchased a small startup called Neutrino.Normally, such an acquisition wouldn’t make many waves, but Neutrino isn’t your average startup. The company was founded by three former employees of Hacking Team, a controversial Italian surveillance vendor that was caught several times selling spyware to governments with dubious human rights records, such as Ethiopia, Saudi Arabia, and Sudan. — Lorenzo Franceschi-Bicchierai
With these technologies becoming increasingly effective AND accessible, we need more diverse and solid solutions to protect our digital privacy.
Privacy — Stop Mixing UTXOs
What’s more, there is another privacy concern when making transactions after your received payments. Let’s say you accept two 10 PART payments (20 PART total, deposited on two different unused addresses). Then, for some reason, you need to make a payment worth 15 PART AFTER receiving your two 10 PART payments. Even though both payments were received on different addresses, making a 15 PART payment would use outputs from both addresses, effectively linking them together. That’s because these addresses have less than 15 PART, so coins from both addresses need to be used.
This would effectively link both addresses since the party you send the payment to will see the funds coming from two different addresses. This is a big privacy issue (and the reason why the Coin Control feature of Particl-Qt is so powerful)!
Note: In the example above, TX 6 used outputs from both TX 4 and TX5 (two different addresses) to fund its inputs. Although both TX 4 and TX 5 were already linked together because of TX 0 and TX 2, one of the output used to send funds to TX 6 could have also come from a fictive TX 7 — an output not previously associated with any part of that chain of transactions. This would link TX 7 and TX 6 together, as well as all outputs and inputs directly or indirectly associated with TX 7 and TX 6.
By using multi-wallets, you can create new wallets every time you want to accept payments or use different wallets per types or categories of transactions (i.e. a wallet to receive marketplace payments, another to receive staking rewards, another to deposit and withdraw coins from exchanges, and etc).This method of securing your privacy by isolating the wallets from each other mix really well with the privacy protocols of the PART coin. In fact, you can achieve much stronger privacy by combining RingCT/CT transactions to a solid wallet isolation strategy.
Convenience — How Do I Change Wallets?
As with everything Particl Desktop, convenience and ease-of-use is a big focus, but there are no compromises made on the security end of things. Multi-wallets are directly in line with this approach and make switching between different wallets as easy as it can possibly be. Remember the tedious 9-step process for switching wallets mentioned above? It’s been reduced to only one easy step:
- Click on the tab of the wallet you want to use
That’s right, as simple as clicking a button! Ain’t that security made easy? No need to rename or even mess with wallet.dat files, no need to restart Particl Desktop every time you want to switch wallets, and most importantly, no need to pass on benefiting from security through isolation because the process of doing so is too annoying! 🎉
Cold Staking & Multi-Wallets — A Match Made in Heaven
This new multi-wallet feature is certainly a great security and privacy add-on to Particl Desktop, but its usefulness doesn’t stop there! In fact, each wallet hosted under the same Particl Desktop instance can be linked to its own cold staking key. That means you can have multiple wallets staking from different sources, with different addresses to receive (or send) your staking rewards.
Let’s say you have three different wallets and want to set your staking setup with failsafe capabilities. You could then create three cold staking node, and link each of them to a different wallet. If one node goes down, then only a part of your coins stop staking, not all of them. Even better, you could set up a node on an RPi, one on a VPS, and use the public key of a cold staking pool as your third node. This way, you would be staking from three different cold staking nodes hosted under three very different environments. This adds a bit of redundancy to your staking setup and is a failsafe measure in case an issue arises with one of the nodes.
Perhaps even more interesting, though, is the ability to better manage staking rewards. With the possibility to stake on multiple nodes within the same Particl Desktop instance, multi-wallets enable a whole range of new possibilities. What if you don’t want to keep all your staking rewards in PART? What if you only want to keep 50%, have 25% sent to an address used for trading and the other 25% as donations? What if you wanted to set multiple addresses up, each having its own purpose (i.e. spending, saving, trading, vacations, joint address with a loved one, purchases on the marketplace, health fund, and etc).
Doing exactly this has always been possible, of course. All you needed to do was to set up multiple wallets and cycle through them using the tedious 9-step process mentioned above. But now, with multi-wallets, it’s going to be as easy, accessible, and quick as it’s ever been!
Multi-wallets bring added privacy, security, and convenience to Particl Desktop and open a lot of possibilities for almost every type of users. This feature is going to make its way onto Particl’s testnet within a few days, and you’ll have the chance to play with it on mainnet as early as when the first mainnet version of the Open Marketplace is released.
Stay tuned for more articles and blog posts coming soon on Particl’s blog!