Wealth Security Protocol
Go to Casa Home
  • 🗺️Overview
  • 💜Casa vs. Alternatives
    • Introduction
    • Option #1: Do-it-yourself
    • Option #2: Custodial Storage
    • Option #3: Commercial Systems
  • 🔑System Design Principles
    • Introduction
    • Minimal Knowledge
    • High Security
    • Usability is Security
    • Expert Support
    • Redundancy
    • Sovereignty
    • Incentive Alignment
  • 🚨Threat Overview
    • Introduction
    • Data and Credential Loss
    • Phishing
    • SIM Hijacking
    • Network Attacks
    • Malware
    • Supply Chain Attack
    • Physical Coercion
    • Child/Pet Attack
    • Internal Service Provider Attack
    • Platform / Hosting Provider Attack
    • Code Dependency Attack
    • Official Seizure
    • Inheritance Failure
  • 🔐Chosen Features
    • Introduction
    • Hardware Wallet Signing
    • Multi-signature
    • Multi-location
    • Heterogeneous Hardware and Software
    • Seedless Hardware Wallets
    • Emergency Recovery Key
    • PIN or Biometrics for Mobile Key only
    • PIN for every device
    • Sovereign Recovery Instructions
    • Emergency Lockdown Button
    • Health Check
    • Identity Verification for Account Recovery
    • Inheritance
  • ✅Chosen Key Schemes
    • 5-Key Vault
    • 3-Key Vault
    • Pay Wallet
  • ❌Rejected Key Schemes
    • Shamir's Secret Sharing
    • 2-of-2
    • 1-of-2
  • ❌Rejected Features
    • Biometrics General Usage
    • Brain Wallet -- Memory Based Solutions
  • 🔧Remaining Attack Vectors
    • Address Spoofing
    • Malicious Insider Key Theft
    • Extreme disaster scenarios
    • Extortion
  • 👨‍🚀Future Improvements
    • Taproot/MAST
    • Schnorr Signatures
Powered by GitBook
On this page

Was this helpful?

  1. ❌Rejected Key Schemes

Shamir's Secret Sharing

Key sharding can function as an alternative to multisig, but after testing we rejected the use of key sharding because it exposes clients to higher security risks.

Key sharding is achieved by splitting a single key into multiple pieces and copies of those pieces, such that some subset of the pieces can be recombined to recover and use the key for a signature and transaction. This key splitting or sharding can be used to provide a similar experience to true multisig.

However, key sharding has many drawbacks that caused us to reject it in favor of multisig.

Drawbacks:

  • Single point of failure - The single private key exists on a single device at creation and it is reconstructed onto a single device in order to sign transactions. If the key is compromised either at creation or during reconstruction, a user’s funds can be stolen.

  • No key invalidation - With multisig, the user can invalidate a single lost key and replace it. The other keys can be kept and used with the new key to construct a new multisig setup and set of addresses. With key sharding, all the shards must be replaced whenever one is compromised. This makes rapid recovery from an attack or even just a simple system update difficult. All shards/pieces must be replaced each time there is a change to the setup, where with multisig a client can replace just a single key.

  • Poor auditability - If a key is reconstituted from secret shares, it’s not possible to tell which secret shares were used to recreate the key. Whereas with on-chain multisig, the “identity” of each signing key is stored on the blockchain and can be useful for forensic analysis in the case of compromised keys.

PreviousPay WalletNext2-of-2

Last updated 1 year ago

Was this helpful?