Introducing Coinsafe
*This article has been written in collaboration with Tarun Gupta*
The days of lost private keys are over. Never again will you have to go to your favorite spot on the beach and cry your heart out just because you lost the private key of your bitcoin wallet.
“Wait what! How does this work?”
Using cryptography, your private key can be encrypted and safely saved in parts in your various trusted devices so that, if you ever lose your key or your phone, you can safely use some of your other trusted devices to completely recover your key. The process works in such a way that you and only you are in control of the recovery process and there is no way your key can ever be retrieved by someone else.
Here’s the process explained in detail in three parts :
Part A : Setting up key recovery
Part B : Understanding data stored by Coinsafe
Part C : Recovering forgotten key
Part A : Setting Up Key Recovery
Step 1 : Email Authentication
Within your Coinsafe app, you can click on the “Recovery” icon to initiate the key recovery process. You would first need to provide your email address and confirm the OTP received on your email address. This way we will really know it’s you who’s trying to recover your mnemonic if you ever lose it.
Step 2 : Adding Trusted Devices
Once done with authenticating yourself in step 1, you can now add usernames of your trusted devices and select the type of sharing scheme. A trusted device can be a phone of your spouse, your mom, your trusted friend or any other spare device that’s sitting in your drawer. You would need to install the Coinsafe app on every additional device but don’t worry, you won’t have to go through the entire wallet setup process on these devices. You can just initiate the app in ‘Become a Trusted Device’ mode and get started.
“How does this work technically?”
Private keys to your Bitcoins and other cryptocurrencies on Coinsafe are all generated from your twelve word BIP 39 mnemonic. This mnemonic serves as the “root” of the tree and it can be algorithmically converted into the all private keys used in the wallet. In order to access private keys of all your cryptocurrencies you need to enter the mnemonic on the Coinsafe app and you’ll gain access to your funds.
From here on we’ll use mnemonic interchangeably with your private key.
Coinsafe didn’t want any data associated with your original mnemonic to ever leave your phone. Therefore, your original mnemonic (M) is encrypted using a symmetric key (X) to obtain an encrypted text (M’).
Following is how the encrypted text (M’) is created :
A signature is calculated first using your wallet private key and sent to Coinsafe’s database. This signature is the symmetric key (X).
Pseudo-code for the above step looks like :
var salt = SHA 256 hash (walletPrivateKey);
const X = calculateSymmetricKey (salt, walletPrivateKey);
X obtained above looks like : MFEwDQYJYIZIAWUDBAIDBQAEQMTWsMfOhZWvjcPdwoucjvKqYbiTitQzb7qJk72s4//lt6/O+n/3J4+CaNcJUfDpHoY3q5AhLVUahPkb4RB3lgY=
Mnemonic (M) is converted into encrypted text (M’) using symmetric key encryption (with X as symmetric key).
M (original mnemonic) +X (symmetric key) → M’ (encrypted text)
M looks like :
bracket foil legal income neutral drive stone cloth rate tide idle clip
M’ looks like : 7acea6103e315cac9ea31df1b4724a724115ab810900228a15d82236b7e13d5f1d659784ad730aebad3e7e40cec86ed9f58f561464e6392ae0d218cada25840c0b057c61edd489e63b77b63742f184eab0ea0974a419f6e75b9264
Step 3 : Sharing Secrets With Trusted Devices
Shamir secret sharing algorithm is applied on the encrypted text (M’) to generate the secrets. Secrets are asymmetrically encrypted to the public keys of the trusted devices and shared with them.
Following is how the above step looks like:
M’ (Encrypted text) -> Shamir secret sharing -> S1, S2, S3, S4, S5 (Secrets)
S1 — — Asymmetric encryption — ->S1’ (shared with Trusted device 1)
S1’ — — Decryption — ->S1 (Trusted device 1)
Similarly for the secrets S2, S3, S4 & S5, they are shared with trusted devices 2,3,4,5 respectively!
Part B : Understanding Data Stored by Coinsafe
Side note — Our technical architecture regarding how we mitigate the attack vector related to Coinsafe has changed slightly after this article was written, for an updated version of the same checkout this article.
The first couple of questions that come to the mind of any technical person when we explain Coinsafe’s architecture for key recovery are along these lines:
Can Coinsafe see who are my trusted devices? Can’t Coinsafe just send recovery requests to trusted devices on behalf of the user? Isn’t Coinsafe unsafe because it uses a centralised database? What if my trusted device loses their phone?
Let’s try to answer the common theme of all the questions by walking through one of Coinsafe’s tables. For a more descriptive read on our technical architecture, stay tuned for our next blog post.
Table tb_trust contains information of all wallet public keys who have been added as a trusted device.
What happens when you add trusted devices for key recovery?
- Rows are added to the tb_trust table corresponding to each trusted device.
- The device_public_key column contains data regarding wallet public key of the trusted device.
- The trust_data column contains the asymmetrically encrypted secret (S1’, S2’, S3', S4', S5') of the respective device_public_key.
- The trust_data can only be decrypted by the wallet private key of the trusted device.
- Since the trust_data is stored encrypted on our database, even if the trusted device loses their phone, they can download the Coinsafe app on a new phone, retrieve the encrypted secret data from Coinsafe’s database and decrypt it using their wallet private key.
- No one knows (including Coinsafe!) who added the wallet public key in the user_public_key column as a trusted device. Therefore, no one knows who added whom as a trusted device and as a result can’t send recovery requests on behalf of someone else.
This is what we call a P2P mapping:)
Coinsafe can’t send key recovery requests to trusted devices on behalf of a user.
As the front-end code is going to be open sourced, one can easily verify the functionalities of the app and the data being sent through it.
Don’t Trust. Verify.
Part C : Recovering Forgotten Key
Now suppose, you lost your Coinsafe BIP 39 mnemonic and as a result you can’t generate the private keys to your coins, here’s what you need to do:
Step 1 : Verify Your Email
- You authenticate yourself by verifying the OTP sent to your email.
- You get back your old wallet public key.
- A new public, private key pair is generated for you.
Step 2 : Select Trusted Devices and Get Back Shared Secrets
- You add your trusted devices for key recovery and encrypt your old wallet public key on the public keys of trusted devices.
- A request is sent to all trusted devices to share their secrets.
- Trusted devices decrypt their trust_data from the tb_trust table locally.
- If your old public key is found in the trust_data then a trusted device retrieves the shared secret and encrypts it onto your new public key.
- You decrypt the data shared by all the trusted devices locally using your new private key.
- You are able to get M’ back.
Step 3: Recreate The Original Mnemonic!
- As an additional security step, you again need to verify your email by entering the correct OTP.
- Coinsafe’s server encrypts the symmetric key (X) onto your new public key and sends it to you.
- You decrypt the data sent by the server using your new private key.
- You are able to get X back.
- By decrypting M’ using X ,you get your original mnemonic (M) back.
As a result you can generate private keys of all your cryptocurrency wallets.
M’ (encrypted text) + X (symmetric key) — — Decryption —-> M (original mnemonic)
Voila!
Coinsafe App Beta version :
Android
iOS
We will be releasing more updates for the Coinsafe app soon in preparation of our mainnet launch!
For now, follow our blog and twitter page to stay on top of our latest posts.
