SWORD makes digital wallets more accessible and secure. This short guide will help you integrate SWORD within your project.
Key Idea
SWORD provides passwordless authentication and account recovery. Instead of relying on trusted cloud backups, Kryptik distributes shares of an encryption key to a group of shareholders; k of n shares are required to reconstruct the original secret. The encryption key creates an encrypted version of the wallet.
Whenever a user wants to regain access to their wallet, the shares are reassembled, and the wallet is decrypted.
Account management is distributed across a group of shareholders.
Favorable Properties
SWORD has several favorable properties.
Quick recovery. Account recovery takes seconds instead of days. Just login like you would for any other app. Creating a new shareholder is also fast.
Multi-factor Authentication. Verify ownership of your account with a combination of any standard authentication scheme like 2fa.
Many Accounts. The same device can support multiple accounts. However, only authenticated users can unlock their encrypted wallet.
Client Vaults
Wallets are persisted between sessions in software vaults. Vaults are locked by default and can only be unlocked with a valid set of shares. The standard vault interface is shown below.
interface VaultContents {
// ciphertext of encrypted seedloop
seedloopSerlializedCipher: string;
// version: default is 0
vaultVersion: number;
// share of the encryption key
localShare: string;
// timestamps stored as...
// number of milliseconds since the epoch
lastUnlockTime: number;
createdTime: number;
// user id generated by wallet app
uid: string;
// if unlock correct, should read "valid"
check: string;
}
Vaults should be held in long-term client storage. The reference browser implementation uses local storage. Multiple vaults can be held on the same device.
Recover Wallet
SWORD requires two-of-three shares for wallet recovery. An external database manages one share; separate user devices store the remaining shares. The two-of-three threshold provides fault tolerance in case one of the shareholders becomes unresponsive.
| Shareholder | Purpose | Holds Ciphertext? |
|---|---|---|
| Primary User Device | Distributes shares and initiates transactions. | Yes |
| Secondary User Device | Used for wallet recovery if the external database refuses to respond. | Yes |
| External Database | Authenticates share requests. Release share if the request is authorized. | No |
When a new user session begins, Kryptik retrieves the database share and combines it locally to recover the original encryption secret. The wallet is then decrypted and made available for use. Work still needs to be done to allow users to unlock vaults using the share held on a secondary device.
Sync Device
Sync enables anyone to share their wallet between devices in under sixty seconds. There are three primary steps.
-
Initialize. A new set of shares is generated on the primary device. A single share is included in the data payload, which will be broadcast to a secondary device. The payload also contains an encrypted version of the wallet.
-
Scan. The payload is displayed in a sequence of QR codes. The QR codes automatically update once a new code has been scanned.
-
Confirm. The payload pieces are assembled on the secondary device. Each device displays a confirmation code. If the confirmation codes match, the sync was successful.
Keep Reading
Explore more ideas from the frontier of online ownership.
SWORD
Digital wallets store sensitive secrets and billions of dollars. SWORD uses threshold cryptography to improve wallet security.
Digital Wallets
Every blockchain application requires a wallet that can send and sign transactions.
Secret Sharing: The Power of Polynomials
Polynomials are a powerful tool for sharing secrets.
Asymmetric Cryptography
Public-private key pairs give everyone access to privacy and ownership.
