Inspiration

Private key management has remained an unsolved problem in the Web3 world. Most ordinary users do not have the ability to properly keep the private keys to their Web3 assets and identities. Based on research by ChainAnalysis, the number of lost bitcoins due to account loss reached 3.79 million($150 billion).

We believe private key management will become a more and more important topic in the Web3 world with the mass adoption of Web3.0. Thus, we aim to build Keysafe as the private key management solution that is able to keep private keys in a safe, alive and easy-to-use way.

What it does

Keysafe is a decentralized protocol for private key backup, retrieval, and access management. Keysafe allows users to register their Web3.0 keys with multiple Web2.0 authentications (SMS, email, etc.) and use their keys from anywhere in the world securely without carrying any device.

How we built it

The Keysafe protocol uses Secure Multi-party Computation (MPC), Threshold BLS Signatures, and Trusted Execution Environment (TEE) technology to manage private keys and allows owners to access with a customized combination of Web2 third-party authentication services including SMS, email, Google, and even Web3 address.

When the user's private key is registered, the private key is divided into multiple fragments in the user's local device. Each fragment is bound to the user's Web2.0 authentication info, such as SMS, email, Google authentication, etc. The private key fragments and the Web2 authentication info will be stored in Keysafe's decentralized network of TEE nodes.

When the user needs to recover the private key or use the private key to sign transactions, the node's TEE will initiate authentication for the user's Web2.0 account, such as sending a verification SMS or email. The user provides verification SMS or email. After passing the verification, the node's TEE will cooperate with the user to perform a BLS signature or private key recovery.

Challenges we ran into

The first challenge is to embed the MPC and BLS threshold signature algorithms into the TEE so that the process of the user calling Keysafe to sign happens inside the TEE of different nodes. This ensures the confidentiality and security of users' private keys. The second challenge is interacting with the nodes via smart contracts and implementing Kaysafe decentralized.

Accomplishments that we're proud of

We developed a demo dApp based on Godwoken within only one month. The demo dApp has all the basic features, including the TEE-based private key management ready, so that users' private keys can be stored decentralized and secure.

What we learned

As development progressed, we realized that Nervos is a robust blockchain network. Nervos can bring Keysafe more possibilities. Now we are planning to implement AML or similar compliances within nodes' TEE, so that Keysafe can provide crypto asset custody for institutions besides for individuals.

What's next for Keysafe

  1. We will design and implement an on-chain tokenomics system to incentivize necessary parties in the protocol.
  2. Support more TEE implementations, such as Trusted Zone of ARM, SEV of AMD;
  3. Explore more possibilities as Keysafe Lego, including AML integrations, Web3 social graph, and decentralized access management.

Built With

  • secure-multi-party-computation
  • threshold-bls-signatures
  • trusted-execution-environment
Share this project:

Updates