Ethereum wallet? [part 1/2]

Before starting with code, it seems useful to understand what is a wallet and why it is important. Basically, a wallet is the digital object that allow you to interact with the others Agents of the Blockchain ecosystem: it permits you to store value but also to talk to Smart Contract or other accounts.

Wallets are software applications and we are not going down on their technical properties (we actually don’t, yet, have the skills to, but if you are curious you may want to have a look at Ethereum documentation), but from a legal point of view is very useful understand which kind of wallet you are using and how to chose the best one that suits your need.

Before talking a little bit about wallets, we need to make a fast resume of what is the asymmetric cryptography and in particular private a and public keys: in fact, Ethereum addresses are a derivative from public key of the owner – using a peculiar hash function (Kecak-256) – serving as unique identifiers of a particular Agent on the Blockchain. One of the scope of the wallet is to manage your keys in order to make interactions between your account and the Ethereum network.

The topic is a little bit complex, but what you need to know right now is that in asymmetric cryptography there are two keys straightly linked to each other because one (the public key) is used to digitally encipher a message and the other (the private key) is used to digitally decipher the same message.
They two keys are defined as “pairs”, as the public key is derived from the private one at their genesis. These keys are generated in a way that it is very easy to create them but – without any information about one of the factors – it is almost impossible to calculate their reverse. So for example even if it is very easy to multiple two prime numbers and obtain a mathematical result (x), it is very hard to take that (x) and guess which are the numbers that generated it.

This approach solved so many problems in the cipher world, for example the key sharing problem: in symmetric cryptography you may need a way to safe deliver the secret key to your mate. With asymmetric cryptography, instead, your mate already has a private key to decipher the message, which have been encipher with his/her public key. Funny think is that there is no encryption meant to hide anything in the Ethereum network, so why do you want to use this technology? Well because the asymmetric cryptography is so awesome that can be used to digitally sign a file: instead of make the others use your public key to hide secret messages, you can use your private key to sign a message and let the others use your public key to verify the origin of the message.
The second awesome (from a legal point of view) think about is that – if it is correctly configured – the private key is used to generate a digital signature which cannot be repudiated: for a signature, this is a perfect feature.

A wallet works with your private key, so it is very important to use a wallet application that are some how trusted: for a lawyer this is a first point of attention. In fact, there is this huge hype around the no need of trust in Blockchain solution: this seems to be a soft lie, you still have to trust the technological solution, which means that liabilities hide behind wallets builders. Chose a wallet provider means that you chose someone to trust in order to give them the control over your private key, which means the control over your account. From a simple point of view it is no different from giving to an e-mail client the control over your e-mail password: on the Blockchain the huge difference is that your wallet doesn’t control “only” your correspondence but also your money and your whole interaction with platforms.

There is a wide list of type of wallets, each of one has its own legal implication which we are covering further on. For now, we think that it is useful to have at least an idea of the most common used type of wallets.

• Web based wallet. This typo of wallets run on cloud, so on someone else computer. They are very useful if you don’t want to spend time in configuration: you just need to access the service (most of the time it is free of charge) choosing a passphrase and the application itself is giving you a private and public key
• Mobile wallet. These are mobile application that directly interact with your phone: from a certain point of view they can considered safer than the web base wallet, in most of the cases. Here the security problem lies on your capability of keeping your phone safe and running: if you compromise your device, your wallet is gone.
• Desktop wallet. They are almost the same as the mobile wallet: they can be downloaded and installed on your machine, which therefore become a very sensitive object.
• Paper wallet. These are something that look very safe at first, because they are simply peaces of paper with your wallet address and private key printed on it, but on the other hand it is like going around with a paper with your bank PIN printed. Interaction on this type of wallet are made possible by a QR code.
• Hardware wallet. Hardware wallet are the most secure one: they are offline and – depending on the configuration – they can be activated only when plugged in a deveice.

It is also useful to understand another feature of wallets: hotness or coldness. An hot wallet is any type of wallet which is connected to the Internet, on the other hand, a cold wallet is something that is off the grid, so for example an hardware wallet or a paper wallet. We are not giving any advice on security (here you can find some good ones), but common sense wants that you don’t keep all your money/capacity to interact with the Blockchain in a single point: so try to have both an hot wallet to everyday transaction and a cold one for “storage”.

In part 2/2 we are going to discuss how to install and use a widely used web-based wallet: Metamask.