Wealth Security Protocol
Wealth Security Protocol
Go to Casa Home
Overview
💜Casa vs. Alternatives
Introduction
Option #1: Do-it-yourself
Option #2: Custodial Storage
Option #3: Commercial Systems
🔑System Design Principles
Introduction
Minimal Knowledge
High Security
Usability is Security
Expert Support
Redundancy
Sovereignty
Incentive Alignment
Bitcoin First
🚨Threat Overview
Introduction
Data and Credential Loss
Phishing
SIM Hijacking
Network Attacks
Malware
Supply Chain Attack
Physical Coercion
Child/Pet Attack
Internal Service Provider Attack
Platform / Hosting Provider Attack
Code Dependency Attack
Official Seizure
Inheritance Failure
🔐Chosen Features
Introduction
Hardware Wallet Signing
Multi-signature
Multi-location
Heterogeneous Hardware and Software
Seedless Hardware Wallets
Emergency Recovery Key
PIN or Biometrics for Mobile Key only
PIN for every device
Sovereign Recovery Instructions
Emergency Lockdown Button
Health Check
Identity Verification for Account Recovery
✅Chosen Key Schemes
3-of-5 Key Shield
2-of-3 Basic Multisig
Mobile Key
❌Rejected Key Schemes
Key Sharding (Shamir’s Secret Sharing)
2-of-2
1-of-2
❌Rejected Features
Biometrics General Usage
Seed Phrase Backups
Financial Products and Services Integration
Brain Wallet -- Memory Based Solutions
Web-Based Key Management
Hardened Addresses
🔧Remaining Attack Vectors
Address Spoofing
Malicious Insider Key Theft
Extreme disaster scenarios
Extortion
👨‍🚀Future Improvements
Taproot/MAST
Schnorr Signatures
Powered by GitBook

2-of-3 Basic Multisig

Target Use and Audience

Casa 2-of-3 Basic Multisig is designed for clients holding smaller amount of bitcoin for whom the added cost and difficulty of a 3-of-5 system is too costly. A typical client of the Casa 2-of-3 basic multisig system is expected to hold between $1k and $100k worth of bitcoin.

System Details

Two keys are needed to sign and send a transaction with Casa Basic Multisig. The keys are distributed as follows:

  • 1 key on the client’s mobile phone

  • 1 hardware key kept by the client

  • 1 emergency backup key kept by Casa

Features provided with 2-of-3 Basic Multisig include:

  • Recovery Service - Casa offers an assisted recovery service in case the client loses one of their keys.

  • Mobile Key Backup - An encrypted copy of the mobile key is kept in the cloud storage offered by the client’s mobile provider (iCloud or Google Drive). The decryption key is kept by Casa. This allows a client to recover their mobile key if it is lost, for example by dropping their phone off a boat. At the same time, neither Casa nor the mobile provider have access to the key.

  • Email Support - 2-of-3 Basic Multisig comes with email support.

  • Keymaster App for iOS and Android - Keymaster provides a simple, beautiful interface for managing keys and funds.

  • Device Health Check - Periodic healthchecks protect from loss of keys due to bitrot.

Threat Mitigation

2-of-3 Basic Multisig is designed to provide an intermediate level of security against threats:

  • Data and Credential Loss - There are no passphrases or seeds that the client needs to manage. The emergency backup key and mobile key backup provide additional layers of safety against loss.

  • Malware - Basic multisig uses heterogeneous hardware and software platforms (Hardware Wallet + mobile OS) to protect against malware. 2 of 3 keys are kept offline, preventing remote key theft.

  • Credential Theft - Two of three keys are kept on devices that cannot be accessed through user account credentials alone. The remaining mobile key is guarded by two sets of credentials (mobile login + Casa login) or two biometric/PIN gates (the phone lock screen and the Keymaster app lock screen).

  • Network-Based Attacks - If Casa’s servers were completely taken over by attackers, the client’s private keys would still be safe because they are stored offline or on their mobile phone. No private keys are stored on Casa servers.

  • Phishing - All the details of signed transactions are confirmed independently on each hardware device, protecting against fake Casa apps or websites.

  • Supply Chain Attack - The hardware wallet or the mobile device alone being compromised would not be enough to steal the client’s funds. An attacker would have to compromise both hardware platforms.

  • Code Dependency Attack - Mitigated by heterogenous software and hardware (mobile code + hardware wallet).

  • Official Seizure - Because Basic Multisig is a sovereign storage system, there is no centralized point that can be attacked for seizure. If officials wanted to confiscate the bitcoin of Casa clients, they would have to go to each Casa client individually

✅Chosen Key Schemes - Previous
3-of-5 Key Shield
Next - ✅Chosen Key Schemes
Mobile Key
Last updated 5 months ago
Contents
Target Use and Audience
System Details
Threat Mitigation