Wealth Security Protocol
Go to Casa Home
  • 🗺️Overview
  • 💜Casa vs. Alternatives
    • Introduction
    • Option #1: Do-it-yourself
    • Option #2: Custodial Storage
    • Option #3: Commercial Systems
  • 🔑System Design Principles
    • Introduction
    • Minimal Knowledge
    • High Security
    • Usability is Security
    • Expert Support
    • Redundancy
    • Sovereignty
    • Incentive Alignment
  • 🚨Threat Overview
    • Introduction
    • Data and Credential Loss
    • Phishing
    • SIM Hijacking
    • Network Attacks
    • Malware
    • Supply Chain Attack
    • Physical Coercion
    • Child/Pet Attack
    • Internal Service Provider Attack
    • Platform / Hosting Provider Attack
    • Code Dependency Attack
    • Official Seizure
    • Inheritance Failure
  • 🔐Chosen Features
    • Introduction
    • Hardware Wallet Signing
    • Multi-signature
    • Multi-location
    • Heterogeneous Hardware and Software
    • Seedless Hardware Wallets
    • Emergency Recovery Key
    • PIN or Biometrics for Mobile Key only
    • PIN for every device
    • Sovereign Recovery Instructions
    • Emergency Lockdown Button
    • Health Check
    • Identity Verification for Account Recovery
    • Inheritance
  • ✅Chosen Key Schemes
    • 5-Key Vault
    • 3-Key Vault
    • Pay Wallet
  • ❌Rejected Key Schemes
    • Shamir's Secret Sharing
    • 2-of-2
    • 1-of-2
  • ❌Rejected Features
    • Biometrics General Usage
    • Brain Wallet -- Memory Based Solutions
  • 🔧Remaining Attack Vectors
    • Address Spoofing
    • Malicious Insider Key Theft
    • Extreme disaster scenarios
    • Extortion
  • 👨‍🚀Future Improvements
    • Taproot/MAST
    • Schnorr Signatures
Powered by GitBook
On this page
  • Target Use and Audience
  • System Details
  • Threat Mitigation

Was this helpful?

  1. ✅Chosen Key Schemes

3-Key Vault

Target Use and Audience

Our 3-key vault is designed for clients holding a level of assets for whom the added cost and complexity of a 3-of-5 system is too costly.

System Details

Two keys are needed to sign and send a transaction. The keys are distributed as follows:

  • 1 key on the client’s mobile phone (which can be switched out for a hardware key)

  • 1 hardware key kept by the client

  • 1 emergency backup key kept by Casa

Features provided include:

  • Recovery Service - Casa offers an assisted recovery service in case the client loses one of their keys.

  • Mobile Key Backup - An encrypted copy of the mobile key is kept in the cloud storage offered by the client’s mobile provider (iCloud or Google Drive). The decryption key is kept by Casa. This allows a client to recover their mobile key if it is lost, for example by dropping their phone off a boat. At the same time, neither Casa nor the mobile provider have access to the key.

  • Email Support - The 3-key vault comes with email support.

  • Casa App for iOS and Android - Casa provides a simple, beautiful interface for managing keys and funds.

  • Device Health Check - Periodic health checks protect from loss of keys due to bitrot.

Threat Mitigation

Our 3-key vault is designed to provide an intermediate level of security against threats:

  • Data and Credential Loss - There are no passphrases or seeds that the client needs to manage. The emergency backup key and mobile key backup provide additional layers of safety against loss.

  • Malware - Basic multisig uses heterogeneous hardware and software platforms (hardware wallet + mobile OS) to protect against malware. 2 of 3 keys are kept offline, preventing remote key theft.

  • Credential Theft - Two of three keys are kept on devices that cannot be accessed through user account credentials alone. The remaining mobile key is guarded by two sets of credentials (mobile login + Casa login) or two biometric/PIN gates (the phone lock screen and Casa App lock screen).

  • Network-Based Attacks - If Casa’s servers were completely taken over by attackers, the client’s private keys would still be safe because they are stored offline or on their mobile phone. No private keys are stored on Casa servers.

  • Phishing - All the details of signed transactions are confirmed independently on each hardware device, protecting against fake Casa apps or websites.

  • Supply Chain Attack - The hardware wallet or the mobile device alone being compromised would not be enough to steal the client’s funds. An attacker would have to compromise both hardware platforms.

  • Code Dependency Attack - Mitigated by heterogenous software and hardware (mobile code + hardware wallet).

  • Official Seizure - Because Casa is a sovereign storage system, there is no centralized point that can be attacked for seizure. If officials wanted to confiscate the assets of Casa clients, they would have to go to each Casa client individually.

Previous5-Key VaultNextPay Wallet

Last updated 1 year ago

Was this helpful?