Security Analysis: Libra lacks the basic components of encryption key security

Steven Sprague is one of the main evangelists in the field of trusted computing technology applications. Steven served as president and chief executive of Wave Systems Corp. for 14 years before moving on to the board.


Image source: pixabay

Recently, Facebook launched the cryptocurrency project Libra, with the goal of “changing the global economy”.

This is a lofty goal. However, after reviewing the technical documentation describing the ecosystem in the Libra protocol and its plans, I believe that the company missed the basic components of user security:

  1. Protection private key
  2. User consent certificate
  3. Decentralized compliance
  4. Global privacy

As a technology leader, our job is to provide a vision and architecture that integrates true protection and evidence into the consumer experience; provides a new model for provable compliance, reducing costs and laying the foundation for global automation .

"Internet of Money" must support a primary goal of ensuring that all transactions on the Libra network are purposeful, intentional and compatible. I envision that in the future, the quality of intentional records for online transactions is as good as the quality of physical store purchases.

The currency Internet should be cross-border, open, and global. It should contain transactions from everyone and everything. To achieve this goal, you will need to build a community or community around the required compliance and control. Proving that these controls are appropriate should be that each instruction is sent to a part of a chain and is always recorded in the math of the blockchain. Then, those who need to know can be provided with evidence to prove their compliance.

The new model of consumer compliance should work like today's doctor's prescription. A trusted third party analyzes my child's real-time health data and provides the school with a compliance result that proves that my child is sick from illness. If the school uses the same size as the Internet, they will be able to access children's medical data directly in real time and use artificial intelligence to determine if your child should stay at home. The decentralized model of the slip allows the global market to thrive with built-in privacy.

I believe that the permission bar on the blockchain is a hash of the list of controls that are executed before an instruction is sent to the chain. This list is a Merkle tree of controls, ensuring that each step can be proved by hashed evidence. The power of the Merkle tree simplifies the evidence to a few bytes and is easy to package in a transaction.

This list can then be safely shared with the recipient or those who need to know the complete evidence of the required controls.

Global currency, group-based compliance

Regardless of whether Libra can successfully fulfill its mission of “money internet,” cryptocurrencies represent the ability to have a borderless currency that can rely on compliance based on real-time transactions. In the end, there may be only a few global currencies with unalterable transactions. However, there will be countless different levels of groups built around compliance issues, building global cross-border business virtual networks, and conducting secure and provable businesses in specific markets.

The privacy and auditability of business networks is very important, and the “money internet” needs to provide an open platform to meet the needs of everyone. Using intelligent instructions to provide provable evidence of identity, compliance, and control provides a flexible, scalable model.

Evidence of compliance can be shared securely.

Decentralized control is in the hands of private key owners, providing multiple independent services to meet market and regulatory needs. By separating identity control and compliance, it provides the market with the choices and competition needed to drive innovation. It then lays the foundation for automated and artificial intelligence-based systems to provide monitoring and evidence-based compliance, reducing the need for any real personally identifiable information or data leakage. Governments and regulators will retain the authority required to enforce rules and reporting requirements.

Who really controls your key?

In cryptocurrencies, we sometimes get lost. To make the service easier to use, we put the user's key on a server or other centralized storage system to provide an easier experience.

However, in the spirit of innovation, I believe that we must abandon the old form of customer protection in order to thoroughly reform an extremely outdated system.

Storing keys locally and giving any consumer the opportunity to back up, restore, and maintain keys with multiple devices is the first step toward progress.

What impressed me in Libra's proposal was that the storage private key was not redundant. Our job is to minimize the risk of the supply chain. To maximize user protection, the private key should be stored and used in a way that minimizes the impact of security subsystem failures.

I believe that consumers will need to have multiple redundancy protections for their private keys.

For example, Rivetz worked with Telefonica to develop a CLIP program that defines and promotes a method of cryptographically combining multiple hardware elements to provide a separate supply chain for protection that is used to collaboratively protect consumer privacy. key.

Call for security

The future is decentralized, and the technology of blockchain will bring "money internet." "Secure devices and trusted computing will provide users with the protection, compliance, control, privacy and freedom needed for the digital future. The private compliance community will provide digital evidence as needed.

As an industry, I hope that we can unite and provide true consumer protection for every digital citizen. Huge security is intangible and we can provide a simpler and safer experience for everyone.

We will continue to update Blocking; if you have any questions or suggestions, please contact us!


Was this article helpful?

93 out of 132 found this helpful

Discover more


$100 Million Trading Volume Fuels Cardano's 3% Surge Is it the Beginning of a New Bull Market?

Fashionista Alert Cardano (ADA) on the Rise – Breaking Resistance Level May Indicate Bull Market, But Poor Fundamenta...


Bitcoin ETFs See Strong Inflows as Bitcoin Bulls Charge Ahead 💪🚀

Bitcoin and several other altcoins have successfully surpassed their previous overhead resistance levels, demonstrati...


Cardano Price Surges 8%: Here’s Why ADA Could Reach New Highs in 2024

In the past 24 hours, the Cardano price has experienced a significant increase of over 8% and is currently at $0.6202...


Is Bitcoin’s Uptrend at Risk? Analyst Issues Witty Warning as Altcoins Surge

The future of BTC price is uncertain due to the decline in crypto market dominance. A major reversal for Bitcoin is p...


Analysis and Commentary: The Fate of Bitcoin ETFs and Cryptocurrency Performance

After a period of significant growth in the crypto market, traders were briefly shaken by a report causing a halt in ...


Cardano Price Soaring: Is ADA on the Verge of a New High?

Cardano's value has experienced a significant 11% increase in the past 24 hours, reaching a price of $0.5311. This su...