One of the key propositions of blockchain technology is the high levels of security associated with protecting the assets of users on the blockchain. The responsibility to secure your assets on the blockchain is deferred to the individual instead of a central application such as an exchange. That is probably the reason is touted as a decentralised network. When creating an account on any decentralised blockchain network, users often go through an important step which is the creation and storage of private keys. This is similar to the conventional username and password stages of creating accounts on applications like Facebook, Twitter and Instagram. While conventional applications store your password in their database, blockchain projects do not store your private keys. Rather, users are forced to keep the private key in a secure place and confirm this on the network before the user account is created. You may see a warning like this when creating a blockchain wallet address
“Note: Write your secret key somewhere safe. You will always need it to access your funds. We don’t keep a copy, losing it means you have lost access to your funds”
For instance, on Algorand, creating an address requires the user to save the 25-word mnemonic phrase which is used to recover the wallet. The mnemonic phrase is a human-readable version of the Algorand private keys and they perform the same functions. The best way to secure your private keys is to save them offline. This could be on a piece of paper that is securely locked in a safe for future reference. The off-chain method of storing private keys is known as cold storage or cold wallet. This reduces the chances of the account being compromised by hackers or unauthorised access to the account. However, this comes with a huge risk since the document can still get missing. Another method of securing private keys is to use online tools like Dashlane, Google docs, emails or any other means that make it easy for online access. This is called hot storage and poses a huge security risk due to the activities of hackers who can gain access to our phones or computers.
There is a lot of security operational overhead involved in protecting your private keys whether on cold or hot storage. Users often cycle their assets across different wallet addresses when they suspect their account is at risk. This creates a trail of different addresses, which makes it difficult for users to keep track of their activities on dapps where they have used previous addresses to perform transactions. Also, multi-signature operations on a single account can be problematic. But do users have to create a new wallet address when they feel their account security has witnessed a breach?
Algorand Rekeying feature
The Algorand blockchain network found an innovative way to allow users to swap new keys for the same Algorand address or rekey a private key to a different address. What it simply means is that you can change the authorisation key to the same account without changing the address. This brings it the flexibility to secure your assets on the public Algorand address. Swapping or changing different Algorand keys for the same address is an innovation that brings more flexibility to security management on the blockchain. You can program it into a single-sign or multi-sig keys in the configuration process. It is very simple to perform rekeying on the Algorand chain. To configure this, there is an optional field in the Algorand transaction payload which is included in the headers. The configuration parameters are set out as below:
The field name is RekeyTo and it is optional. The transaction type is a rekey and the address field is where the user will specify the authorized address to be used for all future transactions. Users can perform rekey actions as often as they want. The rekeying feature also works very well with the Algorand stateless smart contract in determining the kind of transaction actions that each key can perform. With the multi-sig option on an address, you can limit how much each account can spend by deploying the configurations in a stateless smart contract. For instance, you can limit key 1 to spend up to only $200 while limiting key 2 to only $150. One cannot emphasise the benefits of the Algorand rekeying feature. It can power blockchain dapps in many ways.
It allows individuals and companies to keep their private keys cold and can also offer custom restriction policies on their accounts. It can power decentralised management of a corporate account by allowing customers access to the account and restricting the kind of actions each account can perform. This is good for introducing spending policies around the private key and account. The possibility to rekey after every transaction is a good way to keep your private keys cold all the time. Custody accounts can now keep a long-running public address by simply swap the keys after every transaction. There is no need to keep moving the funds a new public address and keys after making a transaction.
Novation is a concept in finance where there is a transfer of ownership of accounts on between parties. In financial settlements, instead of transferring assets and going through complex settlement processes, owners can reassign ownership of accounts as part of complex settlement transactions by rekeying the existing account to a differing private key. In the areas of non-fungible assets, the users can rekey ownership of properties to each other in a trustless process. Real estate owners can use rekeying to transfer assets to buyers on the blockchain.
User migration and onboarding from a different account to the Algorand chain have been simplified through rekeying. Instead of telling users to create new accounts, the app developers can create an existing account, set them up and rekey them to their users. Switching from a non-blockchain dapp or a blockchain dapp to Algorand has been simplified with Rekeying. The process becomes painless for the customers and the app developer also gets the chance to reduce user drop-off due to the migration.
The rekeying feature provides solutions to problems that affect the easy adoption of blockchain projects by simplifying and making it secure to perform transactions, transfer settlement ownerships and user migration. All these actions are executed while keeping the keys cold. It also opens the doors for potential defi applications in the areas of multi-sig rekeying for spending controls by companies. The ability to have different levels of access to a single Algorand account has benefits for corporate or group spending.