Announcing the Casa Wealth Security Protocol
Today we are releasing the Casa Wealth Security Protocol.
This paper outlines the full thinking and testing that went into creating Keymaster—our flagship secure key storage and management system for Bitcoin.
We cover the threats to your Bitcoin (and how the Keymaster system mitigates these threats), the features that enhance security for our clients, the principles that guide our design, and the many rejected features that we decided not to include because of specific risks. At each step, we discuss our rationale for the decisions we made.
The design of Keymaster is deliberate. We set out to make the most usable and secure key management system on the market. Cryptocurrency security is a young domain, so there’s no playbook of best practices that we could follow by rote. Instead, we had to make informed decisions between various possible features and designs, later iterating on those decisions in light of client feedback.
From Glacier Protocol to
At the birth of Casa a few short years ago, the Glacier Protocol was the most advanced Bitcoin cold storage solution. This open source protocol is still influential today, either being used directly by bitcoin HODLers looking for a high level of personal security or influencing the design of other key storage solutions.
When my team released Glacier Protocol in early 2017, it represented a major step forward for the knowledge base of the Bitcoin community. It documented in step-by-step detail a do-it-yourself cold storage system secure against most threats. But it is not without drawbacks. Operating the Glacier Protocol is cumbersome, requiring hours of time and many technically sophisticated steps.
The Casa team dreamed of a product with the security of Glacier, but with professional support and supreme ease-of-use. Keymaster occupies a unique niche at the intersection of high security and usability. Setup and use of Keymaster takes minutes instead of hours, while still offering 3-of-5 multi-signature security. Over time, we continue to improve Keymaster based on customer feedback and our own research.
Design Principles of Casa Keymaster
There are many different ways to build a key management system. In developing Keymaster, we identify a set of principles that guide our development. Some of these principles reflect good technical security design (such as Redundancy) and others, our company DNA (such as Sovereignty and Incentive alignment).
Our design principles are listed below. For more details, see the Casa Wealth Security Protocol document.
- Minimal Knowledge
- High Security
- Usability is Security
- Expert Support
- Incentive Alignment
- Bitcoin First
Threats to Your Bitcoin
We consider a large array of threats in designing Keymaster, listed below. In the Casa Wealth Security Protocol, we discuss them in more detail, including ways that the Keymaster system mitigates them.
- Data and Credential Loss
- SIM Hijacking
- Network Attacks
- Supply Chain Attack
- Physical Coercion
- Child/Pet Attack
- Internal Service Provider Attack
- Platform / Hosting Provider Attack
- Code Dependency Attack
- Official Seizure
- Inheritance Failure
Chosen Features and Key Schemes
With guidance from our Design Principles and factoring in the above listed threats to your Bitcoin, we’ve chosen several important features.
The following features are discussed in detail in the Casa Wealth Security Protocol paper:
- Heterogeneous Hardware and Software (Multi-Device)
- Seedless Hardware Wallets
- PIN or Biometrics for Mobile Key only
- Sovereign Recovery Instructions
- Emergency Lockdown Button
We offer several different key schemes. We discuss the target use and audience, system details, and various threat mitigations achieved by each:
- 3-of-5 Key Shield multisig
- 2-of-3 Basic Multisig
- Mobile Key
Rejected Features and Rejected Key Schemes
During our research and development of Keymaster, there are many features and key schemes we rejected because they pose significant risk to customers.
In an attempt to educate our current and future clients, we’ve decided to outline these specifically.
Rejected alternative key schemes include:
- Key Sharding (Shamir’s Secret Sharing),
- a 2-of-2 multisig scheme, and
- a 1-of-2 multisig scheme.
Rejected features include:
- General biometrics usage
- Seed phrase backups
- Financial products and services integrations
- Brain wallets (memory based solutions)
- Web-based key management
- Hardened addresses
For more details on rejected key schemes and rejected features, please read the full Casa Wealth Security Protocol paper.
Remaining Attack Vectors and Future Improvements
We have mitigated many attack vectors and loss scenarios with Keymaster, but there are still some remaining, including address spoofing, malicious insider key theft, extreme disaster scenarios, and extortion.
We offer several mitigations to these attack vectors and make sure our clients are aware of the risks. We believe sharing these attack vectors and our full security model publicly is the best way to educate the community, and also the best way to set an expectation for the Casa team to upgrade and improve our systems.
Two major updates we are planning for are Taproot/Mast and use of Schnorr Signatures.
We will update the Casa Wealth Security Protocol periodically and will announce publicly anytime we do so.
Read the full Casa Wealth Security Protocol document
Ready to read the full protocol document?
Download it now here:
Or on Casa's Github:
Secure Your Bitcoin with
How confident are you in your key security system?
And if you’re not holding your keys directly, who is?
Casa Keymaster’s hardware-based multisig is the most secure, resilient, and error-proof solution for securing your bitcoin and removing single points of failure.
Email us at firstname.lastname@example.org with your most in-depth questions or to book a free demo of 3-of-5 multisig.
If you’re ready to use Keymaster multisig, you can sign up here today!