Wealth Security Protocol
Wealth Security Protocol
Go to Casa Home
Overview
💜Casa vs. Alternatives
Introduction
Option #1: Do-it-yourself
Option #2: Custodial Storage
Option #3: Commercial Systems
🔑System Design Principles
Introduction
Minimal Knowledge
High Security
Usability is Security
Expert Support
Redundancy
Sovereignty
Incentive Alignment
Bitcoin First
🚨Threat Overview
Introduction
Data and Credential Loss
Phishing
SIM Hijacking
Network Attacks
Malware
Supply Chain Attack
Physical Coercion
Child/Pet Attack
Internal Service Provider Attack
Platform / Hosting Provider Attack
Code Dependency Attack
Official Seizure
Inheritance Failure
🔐Chosen Features
Introduction
Hardware Wallet Signing
Multi-signature
Multi-location
Heterogeneous Hardware and Software
Seedless Hardware Wallets
Emergency Recovery Key
PIN or Biometrics for Mobile Key only
PIN for every device
Sovereign Recovery Instructions
Emergency Lockdown Button
Health Check
Identity Verification for Account Recovery
✅Chosen Key Schemes
3-of-5 Key Shield
2-of-3 Basic Multisig
Mobile Key
❌Rejected Key Schemes
Key Sharding (Shamir’s Secret Sharing)
2-of-2
1-of-2
❌Rejected Features
Biometrics General Usage
Seed Phrase Backups
Financial Products and Services Integration
Brain Wallet -- Memory Based Solutions
Web-Based Key Management
Hardened Addresses
🔧Remaining Attack Vectors
Address Spoofing
Malicious Insider Key Theft
Extreme disaster scenarios
Extortion
👨‍🚀Future Improvements
Taproot/MAST
Schnorr Signatures
Powered by GitBook

Multi-location

We encourage our users to keep their hardware wallets in multiple locations. A common configuration is storage in separate safes at home, work, and at a bank or private safe-deposit box service. This adds redundancy that helps to protect against both accidental loss, disaster and theft.

Multi-location protects against theft by making the thief's job much more difficult - now they have to visit multiple locations to retrieve a signing quorum of keys. If three keys were kept in one location it would be easy for a thief to coerce a user to giving over their bitcoin. With a multi-location system a single robber with a gun will no longer be successful since the user is not physically capable of handing over their bitcoins. The robber would either have to transport the client under duress to a second location (a highly risky maneuver) or coerce the client into giving up the location details on another hardware device and then break into the second location as well (another risky maneuver).

In a typical Casa setup, the user will have no more than two keys at any one location at a time (at home they would have Home device and the key on their mobile phone). That means the Casa client needs to travel to an additional location to finish signing a transaction with a third key. This adds some friction and cost to using the system, but we think it’s worth it in exchange for extra safety and redundancy.

Additionally, by storing keys in multiple locations (and sometimes different cities or countries), users are protected from a catastrophic key loss due to natural disaster. If a hurricane or flood or fire affects the Home of a client, then only 1-2 keys would be lost at maximum, allowing recovery with the remaining 3 keys.

🔐Chosen Features - Previous
Multi-signature
Next - 🔐Chosen Features
Heterogeneous Hardware and Software
Last updated 5 months ago