Casa provides secure storage solutions for digital wealth, namely cryptocurrency in the Bitcoin and Ethereum ecosystems. Our flagship product is the Casa app, a software and expert service system designed to provide the highest level of cryptographic key security and usability.
Cryptocurrency security is a young domain. As we develop our products, we consider many different possibilities for storage best practices, making reasoned tradeoffs between different risks. Our goal in performing this work analyzing different solutions is to remove the burden of doing so from our customers.
In this document, we record our approach to key management and wealth security, including the tradeoffs and possible alternatives to what we’ve built.
The same features that give cryptocurrency its appeal make cryptocurrency storage hard.
Most digital coins feature immutable ledgers and lack a central authority to appeal to in case of theft. Bitcoin and Ethereum are digital bearer assets, like cash. Once sent, a transaction cannot be cancelled or reversed.
These features make the private keys that control a cryptocurrency wallet an appealing target for thieves. Stealing cryptocurrency keys offers a much more certain and direct route to profit than other data thefts, such as email or credit card credentials. Plausible attacks include phishing and social engineering, malware, fake software libraries and applications, malicious hardware, and network attacks. The rise of cryptocurrency marks a new era in information security for personal computing. Never before have the stakes been so high.
The importance of keeping private key information out of the wrong hands makes cryptocurrency owners cautious about where they store backups. They avoid storing backups on unencrypted clouds or common storage devices. But the precautions that protect against theft can open the door to the risk of loss. A failed disk drive, a lost hardware wallet, or a forgotten password can mean loss of cryptocoins with no possibility of recovery.
The storage of cryptographic keys violates the expectations that users might have developed from handling other pieces of sensitive data. If they forget their email password or lose their credit card, there are authorities to appeal to in order to restore their accounts to normal. If their credentials for a website are compromised, they can contact support to freeze their account and restore it to their control. These fail-safes are not available in the world of cryptocurrency.
Cryptocurrency storage requires new habits of thinking and action. With greater control comes great responsibility.
Risks can be separated into the risk of loss and the risk of theft. Some storage features will reduce one risk while raising the other, while others will reduce both. With Casa’s Wealth Security Protocol, implemented in the Casa app and our services, we’ve assembled the best known balance of features available with today’s technology to minimize risk of both loss and theft.
We have multiple levels of security offered within Casa, from a mobile wallet that uses a single private key on a phone, to multi-key vaults that utilize multiple private keys on different devices to secure larger amounts of money.
This setup allows Casa to act like a bank account where our members hold the keys, and therefore have sole control of the funds. Casa members can keep a small amount of everyday money in their mobile wallet (like a physical wallet), a larger amount of money in a 3-key vault (like a savings account), and even larger amounts in a 5-key vault (like a high security bank vault).
Because securing private keys inherently requires trade-offs between convenience and security, we believe the best security model is one that allows for easily distributing funds between multiple levels of security and convenience. This gives Casa members a simple way to balance their security portfolio.