Coinsafe has zero knowledge of its users. Here’s how.
The first couple of questions that come to mind of any technical person when we explain Coinsafe’s architecture for key recovery are along these lines :
1) Can Coinsafe reclaim part of a secret from one or more trusted devices?
2) Can Coinsafe see who are my trusted devices?
3) Can Coinsafe send recovery requests to trusted devices on my behalf?
4) Can Coinsafe see the secrets shared with the trusted devices?
In this article, we’ll walk you through the data sent by you to Coinsafe when using the key recovery functionality and, as a result, try to answer all the questions stated above in two parts:
Part A: Setting up key recovery
Part B : Recovering forgotten key
We take user data privacy seriously and hugely value our reader’s feedback and insights.
After reading this post, please get in touch on @coinsafeapp or join our telegram community to share any feedback you have for us.
Part A : Setting up key recovery
How Does Secure Communication Work On Coinsafe
Let’s first walk through how Coinsafe uses public-key cryptography for establishing a secure communication between you and your trusted devices.
All Coinsafe users have a 12 word BIP39 mnemonic associated with their wallets. This mnemonic is used to generate a wallet public, private key pair which is used for the secure communication.
Let’s understand the above through an example:
When setting up recovery:
1) You need to share secret data with your trusted device.
2) You do this by asymmetrically encrypting the secret data on the wallet public key of the trusted device.
3) This encrypted secret data gets stored in Coinsafe’s database.
When recovering your forgotten key:
1) You are assigned a new wallet public, private key pair.
2) You send a request to the trusted device to share the secret data to you.
3) The trusted device retrieves the secret data from the Coinsafe’s database, decrypts it locally using their private key to obtain the secret and pushes new secret data to Coinsafe’s database by asymmetrically encrypting the data on your new public key.
4) This secret data is then retrieved by you and decrypted locally using your private key.
1) Can Coinsafe reclaim part of a secret from one or more trusted devices?
The secure communication architecture answers the first question.
Answer #1 : Since only an encrypted secret travels outside of the user’s device and it only gets decrypted locally on the trusted device, Coinsafe can’t reclaim part of the secret.
Now, let’s step by step walk through the data that goes from your front-end when you are setting up recovery:
Step 1 : Adding Trusted Devices
When setting up key recovery, you add your trusted devices via their wallet public key. You can assign a nickname to them to easily identify which public key belongs to whom and this data is only stored locally on your device.
When you click on the add button, the following data is sent from the front-end to Coinsafe’s server:
{ “device_public_key_hash”: “ae7785412b8e029c197c8a5a176f365a238d7a12a47f6af22587fe7df3051a04”}
The hash of the trusted device’s public key is sent to the Coinsafe server to check whether the trusted device is a valid Coinsafe user and not an incorrect string. Coinsafe uniquely identifies its users using the hash of the wallet public key as a user’s wallet public key and private key never leaves their device.
Step 2 : Sharing Secrets With Trusted Devices
Once the number of trusted devices required for the selected secret sharing scheme are added, you need to click ‘Send Secrets’ to encrypt the secret data on the respective public key of trusted devices and push this data to the database. The following JSON object is sent from the front-end:
Let’s try to understand what does each field in this JSON object mean:
“user_api_token” — Token for user session management.
“trust_data” — Trust data contains an array of objects and the size of this array is equal to the number of trusted devices added by you.
Let’s walk through one of these objects as all other objects are similar to this:
“device_public_key_hash”: “”,
“encrypted_trust_data”:
{“user_public_key_hash”:,
“secret”: “”}
“device_public_key_hash” — Hash of the wallet public key of the trusted device.
“encrypted_trust_data” — Data encrypted on the wallet public key of the trusted device.
“user_public_key_hash” — Your public key hash asymmetrically encrypted on wallet public key of the trusted device.
“secret” — Secret data asymmetrically encrypted on wallet public key of the trusted device.
This is how the encrypted_trust_data actually looks like:
2) Can Coinsafe see who are my trusted devices?
3) Can Coinsafe send recovery requests to trusted devices on my behalf?
4) Can Coinsafe see the secrets shared with the trusted devices?
Answer #2: Since you only send the hash of the wallet public key of the trusted device, Coinsafe can’t see who your trusted devices are.
Answer #3: For a key recovery service to be successful, it is important that the service provider doesn’t know trusted devices added by you and is not able to send recovery requests to them on your behalf to gain access to the shared secrets as a result.
Since, Coinsafe can’t identify your trusted devices (we only know the hash of their wallet public keys), we can’t send recovery requests to them on your behalf.
Answer #4: The secret is asymmetrically encrypted on the wallet public key of the trusted device. Hence, only your trusted device can see the secret shared with them.
Part B : Recovering forgotten key
When you initiate the process of recovering your forgotten key, you are assigned a new wallet public, private key pair for securely communicating with the trusted device. The trusted device sends the secret data to you by asymmetrically encrypting it on your new wallet public key.
Step 1 : Selecting Trusted Devices
As a first step for recovering your lost key, you select your sharing scheme and add your trusted devices for key recovery, this process is exactly similar to step 1 of ‘setting up key recovery’. The following data is send from the front-end:
{ “device_public_key_hash”: “ae7785412b8e029c197c8a5a176f365a238d7a12a47f6af22587fe7df3051a04”}
This is done to make sure that the trusted devices added are valid Coinsafe users.
Step 2: Sending Recovery Request & Getting Back Shares
You send a request to the trusted devices to send you the secret data back. The following JSON object is sent from the front-end in this step:
As in Part A, let’s try to understand what does each field in this JSON object mean:
“user_api_token” — Token for user session management.
“trust_data” — Trust data contains an array of objects and the size of this array is equal to the number of trusted devices in the sharing scheme.
Let’s walk through one of these objects as all other objects are similar to this:
“device_public_key_hash”: “”,
“encrypted_trust_data”:
{ “user_old_public_key_hash” : “”,
“user_new_public_key”: “”}
“device_public_key_hash” — Hash of the wallet public key of the trusted device.
“encrypted_trust_data” — Data encrypted on the wallet public key of the trusted device.
“user_old_public_key_hash” — Your old wallet public key hash asymmetrically encrypted on wallet public key of the trusted device. This is used by the trusted device to uniquely identify which user is sending them a recovery request, as there can be multiple users who would have added the current device as a trusted device.
“user_new_public_key” — Your new wallet public key asymmetrically encrypted on wallet public key of the trusted device. Trusted device sends the secret back to you by asymmetrically encrypting it on your new public key.
This is how the encrypted_trust_data actually looks like:
The trusted device accepts your recovery request and sends you the encrypted secret data, you decrypt the data locally using your new wallet private key.
Once, the required number of trusted devices accept your request and send you the secret data, you can recreate your original mnemonic.
Coinsafe’s architecture only requires us to take minimalistic user data and is the answer to all the privacy and security questions one can think of!
Previous Post : Introducing Coinsafe
Coinsafe App Beta version :
Android
iOS
We will be releasing more updates for the Coinsafe app soon in preparation of our mainnet launch.
For now, follow our blog and twitter page to stay on top of our latest posts. We welcome feedback from the community and are open to collaborations, so please join our telegram community.
