Keyless Security Model
Managing private keys is difficult and risky. We’ve eliminated the private key flaw in blockchains and created a keyless wallet.
A typical crypto wallet, stores your private keys. Without your private keys, you cannot access your bitcoin and other cryptocurrencies, no matter how much you try. This simply means that if you lose your private key, you’ve lost your coins.
A keyless wallet that uses Multi-party Computing and Threshold Signatures
We’ve built a wallet that does not use private keys. You don’t need to worry about remembering or storing a private key, because you don’t have one. We have replaced the traditional private key using an advanced cryptography protocol, Multi-party Computation (MCP). The basic idea is that two or more non-trusting parties work jointly to compute a key, each using its own unique input, while keeping these inputs private from each other. With MPC we compute private keys, which are used to sign cryptocurrency transactions. At no point are the computed private keys stored on a device.
We create two key shares using a distributed key generation protocol. One is stored on the user’s mobile device and the other on our servers. When the user initiates a transaction, a distributed signing protocol starts and uses the key share on the user’s device with the one on our servers, to compute a private key and sign the transaction.
The transaction gets signed without any of the parties revealing their key share to each other. With no single point of failure, even if something happens, for example if we were hacked, your assets are always safe. If you lose your wallet, because your phone was stolen, lost or because by mistake you deleted our app, your assets are always safe. Your assets are always safe no matter what happens.
Simple Wallet Backup and Restore
We have developed an easy backup and recovery process that guarantees the user can access their funds. Using advanced facial recognition technology we authenticate the user, quickly and securely, and restore the user’s wallet on their mobile phone. It’s that simple.
When the user creates a wallet, we do a couple of things. First, we encrypt and store the key share from the user’s mobile phone to their personal cloud (Google Drive for Android devices). Second, the user scans their face, taking a selfie, from which we generate a mathematical representation of the user’s face (3D biometric face map). The 3D biometric face map, along with the encryption key that was used to encrypt the user’s key share, are stored on Kryptonio’s servers. The user is the only one that can access the encryption key, by scanning their face. The user’s encrypted key share is stored on his personal cloud and the encryption key used to encrypt the key share is stored separately on our servers.
When the user needs to restore their wallet, all they need to do is take a selfie. We generate a 3D biometric face map and compare it to the one that was created when the user registered. If there is a match, we send to the user’s mobile phone the encryption key, the mobile app retrieves from the user’s personal cloud the encrypted key share and the user’s wallet is restored.
No passwords to remember
When a user creates a wallet, they do not need to set or remember any passwords. We require the user to use the device-based authentication, including fingerprint and facial recognition to access their wallet and authorize transactions.
Key takeaway about Kryptonio’s security model
Kryptonio approaches security on multiple levels. Firstly, we share security responsibilities between the user’s mobile phone and our own servers. Secondly, facial recognition is only one of the three security factors we use for authentication. The others are email verification and the user’s access to his personal cloud. All three are required to gain access to an account.