Wealth Security Protocol
Wealth Security Protocol
Go to Casa Home
Overview
💜Casa vs. Alternatives
Introduction
Option #1: Do-it-yourself
Option #2: Custodial Storage
Option #3: Commercial Systems
🔑System Design Principles
Introduction
Minimal Knowledge
High Security
Usability is Security
Expert Support
Redundancy
Sovereignty
Incentive Alignment
Bitcoin First
🚨Threat Overview
Introduction
Data and Credential Loss
Phishing
SIM Hijacking
Network Attacks
Malware
Supply Chain Attack
Physical Coercion
Child/Pet Attack
Internal Service Provider Attack
Platform / Hosting Provider Attack
Code Dependency Attack
Official Seizure
Inheritance Failure
🔐Chosen Features
Introduction
Hardware Wallet Signing
Multi-signature
Multi-location
Heterogeneous Hardware and Software
Seedless Hardware Wallets
Emergency Recovery Key
PIN or Biometrics for Mobile Key only
PIN for every device
Sovereign Recovery Instructions
Emergency Lockdown Button
Health Check
Identity Verification for Account Recovery
✅Chosen Key Schemes
3-of-5 Key Shield
2-of-3 Basic Multisig
Single-Key Wallet
❌Rejected Key Schemes
Key Sharding (Shamir’s Secret Sharing)
2-of-2
1-of-2
❌Rejected Features
Biometrics General Usage
Seed Phrase Backups
Financial Products and Services Integration
Brain Wallet -- Memory Based Solutions
Web-Based Key Management
Hardened Addresses
🔧Remaining Attack Vectors
Address Spoofing
Malicious Insider Key Theft
Extreme disaster scenarios
Extortion
👨‍🚀Future Improvements
Taproot/MAST
Schnorr Signatures
Powered by GitBook

Sovereignty

Many popular key storage systems attempt to bypass the user-experience problems involved with managing keys directly by relying on a trusted third-party organization to hold keys.

It’s easier to make a custodial product. Development costs are less and timelines are shorter. Centralized key storage also makes it much easier to add features that mimic the existing financial system, which makes it easier to onboard new users.

At Casa, we don’t do this for several reasons.

First, as Nick Szabo once said “trusted third parties are security holes”. There is a long and dark record of exchange hacks and scams. Even sophisticated and well-funded entities have found themselves victims of malicious actors, both internal and external. Customers of custodial services are also frequent targets of social engineering attacks designed to gain access to their accounts.

A certain big tech company famously had the slogan of “don’t be evil”. For the crypto-asset space, this motto should be “can’t be evil”. The only way to ensure this is by maintaining user sovereignty. The user should be the only one who has control over their funds. It should be impossible for the service provider, through malice or negligence, to unilaterally create transactions or block the creation of transactions.

For Casa, this is a matter of principle. Bitcoin was created to give people control over their money. Individual sovereignty is the idea that brought us into the cryptocurrency space. We make products for the sovereign individual. This is in Casa’s DNA.

🔑System Design Principles - Previous
Redundancy
Next - 🔑System Design Principles
Incentive Alignment
Last updated 10 months ago