💜Casa vs. Alternatives
🔑System Design Principles
🚨Threat Overview
🔐Chosen Features
✅Chosen Key Schemes
❌Rejected Key Schemes
❌Rejected Features
🔧Remaining Attack Vectors
👨🚀Future Improvements
Multi-location
We encourage our users to keep their hardware wallets in multiple locations. A common configuration is storage in separate safes at home, work, and at a bank or private safe-deposit box service. This adds redundancy that helps to protect against both accidental loss, disaster and theft.
Multi-location protects against theft by making the thief's job much more difficult - now they have to visit multiple locations to retrieve a signing quorum of keys. If three keys were kept in one location it would be easy for a thief to coerce a user to giving over their bitcoin. With a multi-location system a single robber with a gun will no longer be successful since the user is not physically capable of handing over their bitcoins. The robber would either have to transport the client under duress to a second location (a highly risky maneuver) or coerce the client into giving up the location details on another hardware device and then break into the second location as well (another risky maneuver).
In a typical Casa setup, the user will have no more than two keys at any one location at a time (at home they would have Home device and the key on their mobile phone). That means the Casa client needs to travel to an additional location to finish signing a transaction with a third key. This adds some friction and cost to using the system, but we think it’s worth it in exchange for extra safety and redundancy.
Additionally, by storing keys in multiple locations (and sometimes different cities or countries), users are protected from a catastrophic key loss due to natural disaster. If a hurricane or flood or fire affects the Home of a client, then only 1-2 keys would be lost at maximum, allowing recovery with the remaining 3 keys.
Copy link