5-Key Vault

Target Use and Audience

Casa’s flagship premium key management scheme is the 5-key vault. It is the highest security product offered by Casa, designed for clients with large balances and with the strongest security needs. Like all Casa products, the 5-key vault is a sovereign storage system. Casa does not have the ability to control the client’s funds.

System Details

Three keys are needed to sign a transaction. The five total keys are typically distributed as follows:

  • 1 key on the client's mobile phone

  • 1 hardware key kept at home

  • 1 hardware key at a separate location, such as an office

  • 1 hardware key kept in a third location, such as a safety deposit box

  • 1 emergency backup key kept by Casa

Features available include:

  • Emergency Recovery Service - Casa offers an assisted recovery service in case the client loses two of their keys.

  • Mobile Key Backup - An encrypted copy of the mobile key is kept in the cloud storage offered by the client’s mobile provider (iCloud or Google Drive). The decryption key is kept by Casa. This allows a client to recover their mobile key if it is lost, for example by dropping their phone off a boat. At the same time, neither Casa nor the mobile provider have access to the key.

  • 24/7 Support with Casa Advisor - We provide both email and video support from a Casa Advisor, who can also call in dedicated engineering support to help solve even the most complicated issues.

  • Sovereign Recovery Instructions - Casa provides clear instructions for how to transfer funds to a new wallet at any time without relying on Casa software. Casa clients get the best of both worlds with a fast, full-support user experience while also maintaining full control.

  • Casa App for iOS and Android - The Casa app provides a simple, beautiful interface for managing your keys and funds.

  • Device Health Check - Periodic health check protects from loss of keys due to bitrot.

  • Emergency Lockdown - The Emergency Lockdown button shuts off access to the app and API for a client, preventing unauthorized access. If a client is ever under attack, they can press this button to lockdown their account. Because the client holds most of the keys, the client is never fully locked out of their funds, but without access to our easy to use multisig interface an attacker will be slowed down significantly.

Threat Mitigation

The 5-key vault is designed to mitigate most sources of theft and loss.

  • Disaster - Multi-location key storage and emergency backup reduce risk of loss due to natural disaster such as a flood, fire, or tornado.

  • Inheritance Errors - Our highest-tier of service offers an inheritance plan, though we can assist other clients in setting up self-guided inheritance.

  • Data and Credential Loss - There are no passphrases or seeds that the client needs to manage. The nature of 3-of-5 provides redundancy that protects against key loss. New keys can be swapped in for lost or compromised keys at any time and very quickly. The emergency backup key and mobile key backup provide additional layers of safety against loss due to user error.

  • Malware - The vault uses heterogeneous hardware and software platforms to protect against malware. Four out of five keys are stored offline, preventing remote key theft.

  • Credential Theft - Four out of five keys are kept on devices that cannot be accessed through user account credentials alone. The remaining mobile key is guarded by two sets of credentials (mobile account login + Casa login) or two biometric/PIN gates (the phone lock screen and the Casa app lock screen).

  • Network-based attacks - If Casa’s servers were compromised, the client’s private keys would still be safe because they are stored offline or on their mobile phone. No private keys are stored on Casa servers.

  • Phishing - All the details of signed transactions are confirmed independently on each hardware device, protecting against fake Casa apps or websites.

  • Supply Chain Attack - The vault does not rely on a single hardware or software vendor, so clients are protected against a supply chain attack. A thief would have to compromise multiple independent supply chains at the same time to attempt an attack.

  • Physical Coercion - Multi-location storage mitigates the risk of physical coercion. Clients could still be attacked, but any attacker will need to travel to multiple locations or stay with the client while client travels to multiple locations. The increase in actions, travel and time required to gain access to funds drastically increases the chances that an attacker will be detected and caught. By increasing the cost to attack Casa clients, many potential thieves will be deterred from even attempting an attack.

  • Code Dependency Attack - Mitigated by heterogenous software and hardware.

  • Official Seizure - Because Casa is a sovereign storage system, there is no centralized point that can be attacked for seizure. If officials wanted to confiscate the assets of Casa clients, they would have to go to each Casa client individually.

Last updated