ALGORAND REKEYING
In this article, we will discuss “enabling the Security, Flexibility, and Operational Efficiency of Private Spending Keys.”
NOTE: The term “spending key(s)” is used throughout this article to signify that generally, either a single key or a set of keys from a Multi-Sig account may authorize from a given public address. The address itself cannot distinguish how many spending keys are specifically required.
Algorand’s Rekeying in Layer-1 offers a seamless, easier experience for users and custody providers by allowing flexible changes of Private Spending Keys anytime without changing Public Addresses, giving Public address more continuity, and reducing operational overhead with the changes of Private Spending Keys.
Many digital transactions need a secure, seamless way to transfer currency, and digital wallets or digital accounts require a Public Address as the account address and Private Spending Key as the account secure key to unlock that account.
Rekeying enables key unique functionalities wherever a digital wallet or account is enabled with Algorand’s blockchain feature that unlocks many possibilities for greater security, fast private key changes, low operational overhead for custody providers and much more.
Rekeying is a powerful protocol feature which enables an Algorand account holder to maintain a static public address while dynamically rotating the authoritative private spending key(s). This is accomplished by issuing a “rekey-to transaction” which sets the authorized address field within the account object. Future transaction authorization using the account’s public address must be provided by the spending key(s) associated with the authorized address which may be a single key address, Multi-Sig address or Local-Sig program address.
Rekey-to Transaction
A rekey-to transaction is a payment type transaction which includes the rekey-to parameter set to a well-formed Algorand address. Authorization for this transaction must be provided by the exisiting authorized address.
The rekey-to transaction workflow is as follows:
- Construct a payment transaction which specifies an address for the rekey-to parameter
- Add required signature(s) from the current authorized address
- Send and confirm the transaction on the network
Algorand Rekeying solves for the existing Public Address and Private Spending Key friction by enabling the security, flexibility and operational efficiency of Spending Keys.
Key management is an important concept to understand and Algorand provides tools to accomplish relevant tasks securely.
With Algorand’s Rekeying many users have the:
- Flexibility
- Continuity
- Operational Efficiency
Flexibility
Algorand’s Rekeying reduces risks and inefficiencies with more flexibility that are secure.
Rekeying, a feature of Algorand, solves for the existing Public Address and Private Spending key friction by allowing users to change their Private Spending key without the need to change their Public Address. Unlike before, regularly changing the Public Address and Private Spending Key means that there is no consistent identifier for that user in a system or with an institution they use. Every time a user wants to initiate a transaction, they must provide the new information (Public Address) to peers and institutions they interact with in order to transact, therefore, any recurring transactions with peers or institutions do not have permanence, as their address is lost each time they change their Private Spending Key. Public Address continuity of use and permanent identifier with less overhead when changes to the Private Spending key occurs.
This leads to interruptions of automated recurring transactions with peers or institutions and additional back office work for those institutions, peers, and vendors to keep track of the changing public address. Custody providers, as an example, encounter significant operational issues today as they often move customer funds from one public address to another in an effort to keep the spending keys cold.
Public Address and Private Spending Key combos are used to protect accounts in blockchain.
Public Address are publicly known and used for identification of an account, where Private Spending Keys are for security purposes and used for authentication and encryption of the Public Address.
Continuity
It enables Public Address continuity of use and solidifies it as a permanent identifier for less operational overhead with each change of the Private Spending Key.
With the ability to continue using the same Public Address and keeping the assets in the same Public Address, Rekeying makes transactions faster, easier, better and more secure.
Operational Efficiency
Operational Efficiency to maintain existing Public Address as identifiers for other people and custody providers that continuously transact with the Public Address, lowering operational burdens.
UNIQUE FUNCTIONALITIES
Rekeying: Algorand’s Unique Key Management Approach.
- Flexibility to maintain a single Public Address as desired and change the Private Spending Key at any time
- Operational Consistency and governance and control of account by users and custody providers
- The ability to change the security posture of an account
KEY BENEFITS OF REKEYING
Algorand’s Rekeying is unique and different because no other blockchain offers a way to change Private Spending Keys so easily, where it is:
- A fast and seamless way to preserve account permanence
- Secure existing accounts with a new Private Spending Key at any time, including with a hardware wallet, a multi-sig account, or smart contract-based key
MOST USE-CASES OF REKEYING
- Custody Providers (that includes banks, exchanges, savings associations, registered broker-dealers, and futures commission merchants) can benefit from Rekeying by: a. Keeping their user’s Private Spending Keys cold at all times while only needing to manage one Public Address key b. Eliminate the chain of old Public Address keys from having to move funds after using the Private Spending Keys. Eliminate complex off-chain solutions created to maintain a single Public Address key but give more control over the Private Spending Key. c. Enable standardized key rotation schedules depending on security posture (i.e. a company can institute a monthly key rotation if desired)
- Novation with the ability to reassign ownership of a contract. This is often done in the form of reassigning ownership of a contract and often done in a larger settlement context. With blockchain, accounts can now have ownership re-assigned trustlessly and in the context of atomic transfers/settlement.
- Onboarding large user bases for projects that are moving to Algorand from another blockchain or more traditional technology, making it easier to get users set-up and ensuring as little friction as possible is passed to them during the transition. Rekeying allows organizations to create and set-up accounts for their users ahead of time and trustlessly reassign them when needed
- Any high security scenario in which the Private Spending Key must be kept cold, but a transaction is needed from the account
KEY ATTRIBUTES AND BENEFITS TO YOUR BUSINESS
Rekeying is an important feature for businesses/corporations in using Algorand Blockchain.
The ability to change ownership and proxies ensures securities of assets and information. This is critical for mass adoption of Blockchain by businesses. Thus, making this a competitive adoption for Algorand.
Built into Algorand’s layer-1 protocol, it offers:
- Decentralization
- Security
- Scalability
- Flexibility in changing Private Spending Keys
- Preserving account Permanence
- Account Novation, Governance and control over Accounts
- Enables low operational overhead
- Secures accounts with hardware wallet, a multi-sig account, or smart contract-based key
- Ensures “contract address,” where the “smart contract” becomes the authorized signer
Will features like private key “rekeying” make Algorand a DeFi leader?
CONCLUSION
In this article, we discussed how Alogrand’s Rekeying enables security, flexibility and operational efficiency of Private Spending Keys.
With Algorand’s Layer-1 protocol, we have seen how beneficial Rekeying can be for Businesses and Corporations who adopt the use of Algorand.
Algorand Inc. built the world’s first open source, permissionless, pure proof-of-stake blockchain protocol for the next generation of financial products. This blockchain, the Algorand protocol, is the brainchild of Turing Award-winning cryptographer Silvio Micali. A technology company dedicated to removing friction from financial exchange, Algorand Inc. is powering the DeFi evolution by enabling the creation and exchange of value, building new financial tools and services, bringing assets on-chain and providing responsible privacy models.
https://twitter.com/AlgoFoundation
written By
Naphtali Dabuk
