in the recent nash blog post about the MPC implementation, Nash claims that Nash can be made as secure as hardware wallets. Does this mean having a Nash wallet is as secure as having funds on a Ledger or Trezor once implemented? Maybe even more secure? What exactly makes it as secure?
Say I have a withdraw limit set using MPC, can that be changed? Or is the only way to go around the limits (say to make a big purchase) is to use the private keys to get around the MPC system? Is that possible? Guess I am just looking for a technical explanation of the practical process of user MPC.
The claim that Nash is more secure is based on the fact that limits can be placed on how much can be withdrawn. With hardware wallets e.g. on a ledger, once your 4-8 digit pin code is known, an attacker can immediately drain the wallet to 0 and there’s nothing you can do about it.
With Nash however, you can whitelist certain addresses or limit how much can be withdrawn in a 24 hour period e.g. 5 ETH worth. So say for example your login details are compromised e.g. phishing, an attacker is unable to drain the wallet because none of his wallet addresses are on your approved list and the maximum he could withdraw is 5 ETH worth of crypto. This way, you’ll have time to act by revoking this login’s access entirely with your 12 word seed.
Simplest way to think about this is you have a user key (login) and an admin key (12 word seed).
The idea is your everyday login is protected, but you are still in sole control of your funds through your 12 word seed which is ideally kept somewhere safe. For purchases larger than this self-imposed limit, it would be impractical to expect users to remember another set of credentials to override this but there are some ways to overcome this.
Wow its amazing. I’ve a feeling this will attract a lot of institutions. Thanks for your knowledge
Also, realistically, the limit you can set should match the amount you will be using for Nash Pay in the 24hr period. After all, Nash is like a decentralised bank. You’ll have no reason to withdraw so many funds unless buying a car or house
Okay that makes sense, thanks for the reply. How about the fact that hardware wallets are secure because your private key is always stored offline, how does that work for Nash I wonder? If your computer gets hacked/infected with a virus, can they get your private keys in any way (assuming the only place your private keys have been written down on a piece of paper)? Also, assuming someone gets access to your account, sure they can be limited by what they can withdraw, but if they have your login info can’t they also just get your 12 words/private keys off of Nash and bypass that? Because right now it is the same process to login to your account as it is to show your recovery keys (I also assume MPC may possibly be fixing that issue).
The current login is like the admin key so it makes sense that it would enable access to the seed words/pvt keys.
With the planned MPC upgrade, in the future I believe we will be able to issue new logins and these will have restricted access. During the July quarterly report in Boston, I remember Fabio saying you will be able to share your Nash account with someone else (e.g. spouse) - it is the logins with restricted functionality that you will be able to share, similar to how an institution will make unique API keys for each trader.
sMPC is very powerful and you can do a lot of cool stuff with it. The team at Nash are very smart so I’m excited to see what future developments bring.
Very cool thanks that makes more sense now, also, if you are like me you have majority of your cryptocurrency on a hardware wallet. If you do, will you be moving all of your funds from there to Nash with sMPC?
I got mostly all my funds in Ledger and Trezor Hardwallet… If they do that upgrade, will you be moving all of your funds from there to Nash with sMPC?
