$500
1stPrize
$250
2ndPrize
$250
2ndPrize
$250
2ndPrize
$250
2ndPrize
ARCHIVE
Mihail Nikulin
Creator

The competition and voting have completed. Winners were determined by the citizens of Lykke City.

  • Registration

    Mar 2 - Apr 15

  • Submissions

    Mar 10 - Apr 15

  • Voting

    Apr 15 - Apr 24

Our method of private keys backup:

  1. Digital key converted to 12 words.
    Risk: Client may forget to save them.
  2. The key is stored on Lykke server.
    It is protected by the encryption client’s password so Lykke’s staff can’t steal it.
    Risk: The client can forget his / her password.
  3. The key is stored on client’s device.
    Risk: The device can be stolen or broken. 

 

Requirements for your solution 

Private key backup should be distributed over the Lykke's clients network.

It has to be: 

  1. Secure for clients
  2. Protected against hacking
  3. Realised in our system
  4. Easy to use for clients
  5. Stored only on the client’s side (otherwise, it should be securely encrypted)

No one should have access to the key or to any part of it. Even Lykke itself. 

 

Try to imagine all the ways of client's activities and fails.
And try to think as a smart hacker: how would you protect your own solution?

 

We are waiting for a description of a technical solution that will give us full answers to the following questions:

  1. How to make a distributed backup
  2. How to recover the key from a backup step by step

 

Future opportunities

Next Lykke Streams project will be to implement the winner's idea. You will be able to participate and have greater chances to win.

The best participant can be hired by the Lykke Team as a developer.

 

About Lykke Wallet 

Lykke is building a global marketplace where all asset classes and instruments can be traded. The exchange went live in June 2016 and is now in beta mode. Tradable assets include FX, bitcoin and Lykke coins (equity of Lykke). Lykke Exchange is using semi-centralized architecture. Matched orders are settled on the Bitcoin blockchain, where each successful trade between parties appears as a set of atomic colored coins swap transaction. The exchange does not take possession of the traded coins but needs to be trusted to match trades correctly.

For more details see Lykke Exchange white paper and Terms of Use.

 

Some tips

  1. A private key can be divided into pieces and distributed over the Lykke customers network. How to make it safe? 
  2. Think of a system of incentives for customers: How to motivate them to help other customers make backups and participate in a password recovery.

 

We will only grade solutions that meet the following formal requirements:

  1. The solution is to use the existing "mobile client-server" architecture of Lykke.

  2. Private key backup should be distributed over the Lykke clients network
  3. A private key or its part should never be disclosed either on the side of the Lykke server or on the side of the clients who help with the recovery.

  4. The keys can be stored and forwarded through Lykke only in an encrypted form.

  5. Please provide flow charts clearly describing the process of 1) key backup and 2) key recovery.

  6. Please provide quantitative assessment and recommendations on the key distributed storage depending on the number of clients involved.

  7. Please provide your assessment of the possible rewards for customers helping to restore the keys of other clients.

Username Registration date Result
Artem
March 08, 2017 06:54
Carlos Octavio Chida Suarez
March 18, 2017 05:02
Kenneth Olumor Ejechi
March 06, 2017 02:50
Garrett MacDonald
March 26, 2017 03:04
Kamil Brejcha
April 06, 2017 05:37
Jose Aguinaga
March 08, 2017 10:38
Larissa Nerous
March 07, 2017 09:57
Roman Gelsi
March 04, 2017 04:40
Ruben Waterman
April 12, 2017 08:06
Sarveshwar Geetha
April 13, 2017 04:17
Steve Gybels
March 31, 2017 12:49
Please login to leave a comment
Iuliia Anferova moderator · 10:24 AM April 25, 2017

Dear participants, Thank you for taking your time to learn more about the Lykke Wallet’s Private key distributed backup.
Nevertheless, we decided not to award two-second prizes as none of the works fully meets the criteria of the project.
The results uploaded will need further improvement for Lykke to be able to use them. Therefore we will start a second round of Project.

1ST prices go to Jose Aguinaga and the 2ND winner is Ruben Waterman. We have some questions for you and we will be in touch by email.
Kamil Brejcha, Roman Gelsi, Steve Gybels, Thank you for participation!
Unfortunately, Your solution does not meet the requirements.

We wish you all good luck in your future endeavours!

Kamil Brejcha · 06:04 PM April 06, 2017

Submitted my proposal which is probably similar to some other previous ones.
Anyway just to make my part of the proposal public.

There is no safer solution on the market than hardware wallet for offline private key management using BIP39 https://github.com/bitcoin/bips/blob/master/bip-0039.mediawiki#Wordlist in form recovery 12/24 word seed.

Digital key converted to 12 words.
Risk: Client may forget to save them.
You need to inform the client form the first touch of the wallet, that he has to store these words on a safe place offline. Just a matter of adding this to your UI.

The key is stored on Lykke server.
It is protected by the encryption client’s password so Lykke’s staff can’t steal it.
Risk: The client can forget his / her password.
Storing keys on your server is to be proven is not very good idea.
What is online is hackable no matter what encrypting software you are using.
Only HSMs hardware modules in your hardware stack as secure signing element adding the additional secure and trust element to your infrastructure. Again, there is no safer solution at the moment than Hardware token. Even companies like Google, Dropbox are rolling support for secure passwordless logins into their services.

The key is stored on client’s device.
Risk: The device can be stolen or broken.
The key can be anytime recovered using compatible wallet. This is the beauty of the recovery passphrase.

Iuliia Anferova moderator · 07:36 PM April 05, 2017

Steve Frans Gybels, thank you for your interest!
Please provide flow charts clearly describing the process of 1) key backup and 2) key recovery and read one more time the terms at the bottom

Iuliia Anferova moderator · 09:44 AM April 03, 2017

Dear Steve Gybels,
Thank you for your ideas and taking your time to learn more about the Lykke Wallet app!
Unfortunately, your proposal doesn't match the formal requirements of this project.
Please read the Description more attentive.

Steve Frans Gybels · 11:36 AM April 03, 2017

Hello Luliia

What exactly do you mean with formal requirements? I think my solution matches your requirements:

It is:

Secure for clients
Protected against hacking
Realised in your system
Easy to use for clients
Stored only on the client’s side (otherwise it should be securely encrypted)
No one should have access to the key or to any part of it. Even Lykke itself.

Even the distribution of my solution is easy? The data can be distributed over the net anywhere. Does the problem lay in the circling idea? I might have a solution for that?

Jose Aguinaga · 12:48 PM March 21, 2017

In the “Requirements for your solution” section you state "(...) No one should have access to the key or to any part of it. Even Lykke itself.”, however, later on the “Some Tips” section, you hint about distributing pieces over the Lykke customers network.

Should we assume that we can indeed split the key (if a secure solution can be achieved), but that only the initial owner of the key is able to access it? In other words, it doesn't matter who has the key or pieces of the key, as long as it's encrypted and only viewable by the original customer?

Mihail Nikulin creator · 06:34 PM March 23, 2017

Dear Jose Aguinaga,
Yes, absolutely right! We've put clarifications into requirements regarding encryption of the private key. Thank you for your remark.

Roman Gelsi · 05:06 PM March 20, 2017

Will do thanks :)

Iuliia Anferova moderator · 12:30 PM March 20, 2017

Roman Gelsi, thank you for your submission! Your idea is good, but it doesn't match the requirements of this project - we do not plan to use other devices for the backup.

You can try to describe a different solution.

Username reg. and Subm. Date Result Score Vote
Kamil Brejcha
April 06, 2017 05:54 0/100 0
Jose Aguinaga
April 07, 2017 11:04 0/100 3
Roman Gelsi
March 14, 2017 02:36 0/100 1
Ruben Waterman
April 14, 2017 02:48 0/100 1
Steve Gybels
March 31, 2017 01:04 0/100 0
Your Feedback