Double Encryption Storage Mechanism, or DESM, is a set of algorithms customized by BitKeep wallet for the encryption and storage of Mnemonic and Private Key. DESM further improves security by combining multiple encryption algorithms.
Three conventional encryption methods are most widely used at present:
1) Message Digest Encryption, a common irreversible encryption such as Message-Digest Algorithm 5 (MD5), Secure Hash Algorithm 2 (SHA256), and so on.
2) Symmetric Encryption, such as Data Encryption Standard (DES), Advanced Encryption Standard (AES) and so on.
3) Asymmetric Encryption, such as RSA designed by three mathematicians, namely Rivest, Shamir, and Adleman, as well as other encryptions. Transaction signatures in blockchain use asymmetric encryption.
BitKeep’s DESM uses both Message Digest Encryption and Symmetric Encryption, as well as a combined encryption method of SHA256+AES256+cloud authentication.
Why use a combined encryption method?
We need to understand several prerequisites before answering this question.
1) Wallet transactions have to involve Mnemonic or Private Key, so they must be able to be restored to the real text;
2) If the encrypted data is stored on a mobile phone, hackers can obtain the encrypted Mnemonic data on the user’s mobile phone;
3) Any App code has the risk of being leaked or cracked.
Based on the above three prerequisites, this article aims to analyze problems of current conventional encryption methods:
1) Using irreversible encryption like SHA256. Passwords of most accounts are stored in the cloud database using this encryption method. This encryption is highly safe but cannot restore real data;
2) An encryption key specified by the code is used for symmetric encryption. This encryption key can be disclosed entirely based on the previous three prerequisites. Some wallets do not need to enter any passwords for transactions. Thus, security is significantly low;
3) User enters a password for symmetric encryption. Every time when the Mnemonic is needed, the user enters the password again for decryption. The software does not store the user’s password, which is the current resolution of other wallets. The security is moderate with potential risks. The passwords set by the user are generally simple or short, so hackers can obtain the data and perform exhaustive traversal to hack the original data.
The specific encryption process of BitKeep’s DESM algorithm is as follows:
1) User sets the transaction password: BitKeep stores it in the cloud with SHA256 (password + seed) and returns a new seed based on the BitKeep account password;
2) Calculate the Key required for symmetric encryption through SHA256 (password + account seed + specific rules);
3) Then encrypt with AES256 (Mnemonic or Private Key + Key). Similarly, the user also follows this principle when fetching Mnemonic.
After being encrypted by DESM, the security problem can be fundamentally solved because even hackers or BitKeep employees cannot crack users’ Mnemonic or Private Key data. The only case for successful hacking that will hardly occur is decrypting the user’s mobile phone data, knowing the user’s transaction password and account password simultaneously, as well as the encryption rules of the BitKeep cloud.
As a non-custodial decentralized wallet, BitKeep ensures asset ownership so that only users can control their assets. In terms of security technology, BitKeep guarantees that the user’s Private Key and Mnemonics are not stolen by third parties through cracking algorithms and provides more secure and convenient transaction services for all Web3 users.