What’s the problem with seed phrases?
In crypto you use a cryptographic key where you, as the wallet holder, have a public key that represents your address. Much like an email address. This is called a public key since there is no risk in someone accessing the funds in your wallet if you share it publicly. Though, as the wallet holder you need a way to access the funds in your wallet or account → in order to do this we have a secret key, or mnemonic phrase that represents this secret key. It’s like a password that’s really strong and you can never change it (unless you get a completely new wallet). This is explained very well in this thread by the Solana Spaces.
This is a very valid method, but the age old problem is where do we store this secret key? It’s a large bunch of random words or letters, good luck remembering them all by heart!
If you take a photo, someone could access your phone or cloud account and use it → They will have full control over your crypto.
What if you write it down? That’s super secure, but then if you lose that piece of paper you will not be able to access that wallet again and your funds are lost. There are estimates that more than 20% of Bitcoin’s total supply has been lost due to seed phrases being lost.
Generally speaking, there is a strong tradeoff between safety and convenience of use.
How do we handle this in the Decaf Wallet?
Decaf uses a well known cryptographic method to split secrets into parts using a threshold scheme based on Shamir’s secret sharing. That’s a lot of complex words yet it’s a fairly simple but extremely powerful method of splitting up the key into multiple parts. If you’re interested, check out the paper on Shamir’s Sharing. For a simple explanation check out the technical deep-dive below.
When creating a new wallet in Decaf, we take the secret key and split it into 3 parts. You will need 2 of these parts to access your wallet. We store one, you get 2. What this means is if you ever lose one of your shares, we can assist you in accessing your wallet. But Decaf will never be able to access your wallet alone.
Great. But where do these shares go?
We save one (minority) share at Decaf and it is encrypted multiple times to ensure it can only be accessed when really needed. Access to the wallet requires a majority of the split keys, therefore Decaf cannot ever access your wallet. Only the user themselves holds the 2/3 (majority) encrypted parts of the keys.
But then I have the responsibility of keeping the 2 keys right?
We make this super easy with the way we design our secret sharing. One is saved encrypted on the device, meaning that you don’t have to deal with it directly. The other is your pin or password to access Decaf. It’s that simple.
What this means is if you need to log in to a new device all you need is a pin + your Google/Facebook/Email login.
If you ever forget your pin, you can simply reset it when logged into a trusted device.
If that’s not enough and you want more security or even greater contingency, the beauty of sharing the secret is that we can always change the threshold and split it up into more parts.
What does all this mean?
Secret sharing is extremely flexible and allows us to completely tailor the experience and security to your needs. We can add a security question in case you forget your pin, or extra multi-factor authentication, or a spare backup key that you can keep under your bed!
Maybe you’re extra cautious and want your wallet to only be accessible with at least 3 different methods. We can always combine and re-split your shares into more parts or require a higher threshold. The level of security will progress and adapt with your needs.
But our job is to make the experience so good that it doesn’t feel any different to an easy web2 experience. Our goal at Decaf is to create the easiest way to access the benefits of crypto. We want to be able to onboard our grandparents into crypto.
Technical dive
Note that the explanation here is extremely simplified and omits certain aspects of the theorem. If you would like a more complete explanation please refer to the resources in the index.
Imagine you have a secret. It can be anything, a phone number, a bunch of words, your secret key to your wallet. Imagine we can turn this secret into a line on a graph. To create this line/secret you only need 2 points on this line to draw it. These points represent the shares of the secret i.e. the parts we split the secret into.
If we were to provide 3,4,5 points on the line, it does not provide any extra information. You still only need 2 to create the line. This is how the threshold scheme works.
But if we were only to provide 1 point, we cannot guess the line any better than if we had 0 points. As such, losing or exposing one share doesn’t help any adversary from accessing the secret (the line). Making this method extremely secure.
(especially as compared to just splitting the secret directly into 3 equal parts, as if someone else has access to the share it becomes far easier to guess the remaining part of the secret)
If you would like a higher threshold, instead of just 2 parts, we then represent the secret as a curve or polynomial instead of a line.
FAQs
How are we different to other solutions?
There are other solutions and protocols that use this method. Like Taurus/web3 auth. We think the teams behind them are exceptional and have forged the path in this space. But for us, their effort to generalise and adapt for many use cases resulted in too much overhead and not an ideal UX. These solutions compromised our goal of making it super super simple for Decaf wallet users. And so, we have used a similar approach but tailored it to our mission.
What risk do I have?
If you’re a Bitcoin Maxi you probably won’t like this. Why? Well our key is stored (even though extremely securely securely) in a centralised database. All that means, is if Decaf as a company disappears tomorrow, we shut down our servers and you’ve deleted the app from your mobile you won’t be able to access your funds.
So really, there’s not a risk. Since at any point in the wallet. In your user settings, you can take your secret key and move to any other wallet. But we hope it never comes to that!
We believe you should be in control of your money, we just want to do it in the easiest way possible.
References: