Abstract
Cypherock Cover is a non-custodial, non-KYC, censorship-resistant hardware-based security service offered by Cypherock that allows recovery of digital assets in two of the most frequent unintended situations in which the user may lose their assets - PIN loss and death.
Cypherock Cover launched in Q’4 2024.
Protect your crypto with Cypherock Cover – Get started with a plan today.
Background
Self-custody is imperative to web3’s success. Today, centralized exchanges secure a staggering amount of assets, and there exists a fundamental belief that these exchanges will eventually succumb to the same set of bureaucratic processes and regulations already present in the banking industry. This would make finance enabled through web3 not much different than finance enabled through traditional banking.
For self-custody to succeed, it is necessary to address and solve Crypto loss. Hardware wallets, considered today’s gold standard for self-custodying a wide variety of digital assets, still fall short in safeguarding against various ways a user may lose their assets - including wallet backup compromise, physical attack, insider attack, and even human death.
To solve the Crypto loss problem, Rohan Agarwal & Vipul Saini established Cypherock in 2021 and launched its next-gen hardware vault, Cypherock X1, in private beta in 2022. By leveraging state-of-the-art Shamir’s Secret Sharing technology, Cypherock X1 split the Cryptocurrency private key into 5 Cryptographic parts, each stored on tamper-proof hardware further protected by a user-set PIN. The user needs any two but at least two out of the five to authorize a transaction. Since the parts never permanently reside in the same place, the resistance against theft vastly surpasses that of classic single-point-of-failure wallets.
Because Cypherock X1 stores private keys in a decentralized manner, it uniquely solves many issues around key management present in other single-point-of-failure wallets:
Physical Attacks - Making any system 100% secure is impossible. The only way to ensure optimal security is by increasing the cost of attacking the system, making it financially unfeasible for the hacker. Current wallets store private keys in one place, so if a physical attack(1) compromises the system, the private keys also become compromised. Cypherock X1 addresses this by never permanently storing the private keys in one location.
Seed phrase backup compromise - Currently, users must create a wallet backup in the form of a 12 or 24-word seed phrase, exposing the private keys on a piece of paper. Even if a user’s wallet is offline and safe from hackers, the digital assets can be easily compromised through this seed phrase. The recent Lastpass hack(2), which compromised users’ Crypto assets through a seed phrase, demonstrated this vulnerability. Users either attempt to make multiple copies of the seed phrase, increasing the theft probability, or split it and distribute it into different locations, increasing loss chances. Cypherock X1 eliminates the need for backing up the seed phrase, making it extremely difficult for users to lose private keys. As long as the user has two out of the five parts and remembers the PIN, their digital assets are always accessible.
Insider attack - Despite decentralized networks tending to be trustless, users ultimately still trust the wallet provider. An insider attack could occur if a malicious actor within the wallet company pushes a malicious software update that performs an unauthorized transaction or worse, extracts the private keys. To make the wallet more trustless and protect against insider attacks, X1 cards, once shipped, are never upgradable. Since the X1 vault never permanently stores the complete private keys, executing an insider attack becomes extremely difficult. Additionally, the X1 vault is open source, and WalletScrutiny scrutinizes its firmware builds.
Billions of dollars in digital assets have been lost due to the owner’s death, mainly because solving this problem has been one of the most challenging issues in the digital assets space.
To prevent Crypto loss due to human death, the industry has explored multiple approaches over the years, none of which have proven widely adoptable so far:
On-chain inheritance protocol - Attempts at solving the problem on-chain, specifically on blockchains that support smart contracts, have so far been futile due to the high learning curve for the nominee and the lack of a homogeneous solution that works for all of the user’s digital assets.
Seed phrase in a legal will - Many users today write down their seed phrase in their will and assign a nominee as the rightful owner, but the risks are too high for this to be a viable solution. The biggest risk is the lawyer compromising the assets.
Seed phrase access to family - This approach carries similar risks to the legal will. Additionally, even if the family members do not have malicious intent, giving them access increases the hackers’ probability of targeting them, who may not have the same sophisticated security setup as the user for their assets.
Custodial recovery service - Service like Ledger recover(3) is an interesting approach for many people looking for secure recovery services. However, it involves custodying the user’s seed phrase & KYCing the user, becoming a total non-starter for many people who opted for self-sovereignty. The idea of keeping assets on centralized exchanges free becomes more appealing than paying a subscription fee for the service.
Multisig-based non-custodial recovery service - Services like keys.casa and Nunchuk wallet offer recovery & inheritance service for Bitcoin. However, they face issues scaling the solution across chains in the space, and due to their operation-intensive approach, the pricing structure does not work for most users in the space.
MPC-based non-custodial recovery service - Services like Zengo legacy transfer are expected to launch soon at the time of this writing. The approach seems plausible for most web3 users; however, the lack of interoperability with other wallets, digital assets being wallet-locked, and a pure software solution with closed-source code does not work for most of the digital assets in the industry protected either through multisig wallets or hardware wallets.
At Cypherock, we are introducing a new approach to solving the recovery & inheritance problem with digital assets. Through Cypherock Cover, the user can set up a non-custodial recovery process that allows transferring assets from the user to the nominee set up by the user, without Cypherock ever being in a position to compromise the user’s assets. Essentially, we offer the industry’s first secure hardware-based, multi-chain, non-custodial, non-KYC & interoperable inheritance-style solution for crypto assets.
Cypherock Cover
Cypherock X1 Architecture
Cypherock X1 launched on the premise of creating a secure hardware wallet that eliminates single points of failure in private key storage. By leveraging Shamir’s Secret Sharing (SSS) cryptography, Cypherock X1 became the first native SSS hardware wallet in 2022. To date, Cypherock X1 remains unhacked and has become the highest-rated hardware wallet by Coinbureau(4).
Technically, Cypherock X1 splits the master seed into 5 cryptographic parts, each stored on 5 tamper-proof hardware such that you need any two but at least two parts to reconstruct the master seed. A blockchain transaction requires deriving a specific private key from this master seed, which occurs in real-time in the RAM itself and gets deleted once the transaction is signed. Thus, the sensitive key material never touches any permanent memory storage, making the private keys much more secure by design than any other hardware wallet in the World. The user optionally can set a PIN over these 5 hardware components as an additional layer of security, preventing unauthorized access to the digital assets even if someone obtains 2 of the 5 hardware components. Cypherock X1 still provides the option for the user to back up the seed phrase separately if they desire (5).
Design Requirements for Digital Asset Recovery
Due to Cypherock X1’s architecture, the user is not required to back up the seed phrase separately. This eliminates the need to store the seed phrase securely in traditional wallets, replacing it with just the PIN. However, in the worst case, a user may still forget the PIN. In the current state, the user may back up the PIN separately, which remains an exponentially safer option than backing up a seed phrase. If someone steals the PIN, they must still physically locate 2 out of the 5 hardware components, whereas if they steal the seed phrase, it results in a total compromise of the assets.
For an optimal experience, it is imperative to solve both forgotten PIN and inheritance problems. The digital asset recovery should then meet the following requirements:
There should not be a single point of failure apart from the users themselves. Otherwise, hackers will find it relatively easy to target.
It should be user opt-in, and the seed phrase should never leave the secure hardware wallet environment.
It should be non-KYC. A KYC’ed approach does not work for users who want to keep their real identity separate from their web3 identity.
It should be architected such that the user can choose to have the nominee part of the legal system, who could essentially be a lawyer, or even have the nominee completely segregated from the legal system, who could essentially be a family member.
It should be non-custodial. A custodial approach defeats the purpose of self-custody of the digital assets in the first place. A user would be better off keeping the digital assets on a centralized exchange rather than centralizing the wallet recovery of a self-custody wallet.
It should be multi-chain. The recovery should work for all of the coins and tokens that the user currently owns. Ideally, it should even recover the keys if they are part of a multisig setup.
The service should be architected in such a way that atleast most hardware wallet users can afford it.
It should allow the recovery of the digital assets currently managed by other hardware wallets. There should not be a vendor lock-in of the user’s digital assets, and it should allow the user to transfer all of their digital assets between Cypherock X1 and other wallets through BIP39 compatibility.
It should also be compatible with any new Cypherock X1 that a user uses for the same seed phrase as an older Cypherock X1. The recovery process should not be bound to a specific set of the X1 vault and X1 cards.
It should be protected against nation-state intervention. The setup should be such that even if a nation-state subpoenas Cypherock, it should not jeopardize the user’s digital assets.
It should protect against Cypherock being in a position to compromise the user’s digital assets in case there is a malicious insider attack.
Implementation
To fulfill the design requirements, Cypherock has launched its own recovery service called Cypherock Cover. It offers two different plans for the user:
The Silver plan covers PIN recovery - Learn More.
The Gold plan covers both PIN recovery and Estate recovery - Upgrade to gold today.
PIN Recovery
Before explaining PIN recovery, it’s important to understand another architectural innovation that Cypherock X1 offers today. We believe the industry is not just going multi-chain but also multi-wallet. A user uses software wallets like Metamask for frequent interactions with EVM chains, wallets like Phantom for interacting with Solana, and a hardware wallet to keep digital assets for long-term hodling. Cypherock X1 uniquely allows the user to secure up to 4 different wallets in a single product, each created with a different master seed and protected by a separate PIN. Because it becomes a wallet aggregator, it provides the user with two additional use cases.
A user can also use their Cypherock X1 as a seed phrase backup(6). They can import the seed phrases of other wallets they have, and Cypherock X1 will secure the seed phrases in the same decentralized way through Shamir’s secret sharing scheme. In case they lose their other wallet, they can still recover the digital assets through Cypherock X1 by tapping one X1 card on the X1 vault, entering the PIN (if set), and viewing the seed phrase to reinitiate it on another wallet.
Once the user imports all the seed phrases into Cypherock X1, they can sync the X1 vault with the cySync desktop app and manage all their Crypto wallets through a single interface(7).
As discussed, most people buy a hardware wallet to hold Crypto assets for the long term. They generally use a software wallet or an exchange if they plan to do more frequent trading of assets. Hence, it is quite probable for users to forget their PIN if they have not used their hardware wallets for a long time.
Here is a high-level overview of how PIN recovery will work in Cypherock Cover:
The user has the 4 X1 cards, 1 X1 vault, and the PIN setup over each of the wallets inside Cypherock X1. They can set a different PIN recovery plan for each of those wallets. For simplification, we will consider the process for just one wallet.
The cySync desktop app will have the Cypherock cover setup option in which the user sets the email address for authentication purposes.
Once set, the user needs to connect the X1 vault with the cySync desktop app and enter the PIN of the wallet on the X1 vault. The user then taps any one of the X1 cards on the X1 vault. The PIN gets symmetrically encrypted inside the X1 card by an AES private key individually stored on each of the 4 cards. This AES private key is generated from one of the derivation paths of the seed phrase of the wallet itself during wallet initialization. This ensures that even if the user shifts to a new Cypherock X1 product, as long as the seed phrase is the same, the user will be able to generate the same private key.
The encrypted PIN is then sent from the X1 vault to the Cypherock server.
Next, the user sets the number of years intended to set up the PIN recovery process and completes the plan purchase. The initial setup is now complete for the user.
Now in case the user wants to recover the PIN for their wallet that can be done on-demand using the Cypherock Cover dashboard in the cySync app.
The user completes the authentication process by tapping any one X1 card on the X1 vault and email OTP verification. After successful authentication, the encrypted PIN is received from the server.
Note- Only the 4 X1 cards that the user has can decrypt this message, not even Cypherock, and not even any other Cypherock wallet user.
The encrypted PIN is sent to the X1 vault. The user taps the X1 card on the X1 vault. Then encrypted PIN is sent to the X1 card. The AES private key decrypts the PIN and sends it back to the X1 vault. The PIN is then correctly displayed to the user on the X1 vault.
The PIN recovery is complete and the plan stays valid for the years that the user had set up the PIN recovery process for.
Important characteristics
No single point of failure except the user in the setup who could access the digital assets.
- No KYC is required.
- The seed phrase never leaves the Cypherock X1.
- It is non-custodial.
It works even in the case the user is using Cypherock X1 as a seed phrase backup for their other wallets.
- It is protected against any nation-state intervention.
Estate Recovery
Today, the industry has no simple and secure solution for self-custodial inheritance: When a user stops engaging with their digital assets, whether due to absence, injury, or death (physical or digital), their digital assets become inaccessible unless they made some complex arrangements with a seed phrase ahead of time. Cypherock solves this problem with the estate recovery feature.
Estate Recovery is an extended version of the PIN recovery process. Here is a high-level overview of how estate recovery works in Cypherock Cover:
The user has the 4 X1 cards, 1 X1 vault, and the PIN setup over each of the wallets inside Cypherock X1. They can set a different estate recovery plan for each of those wallets. For simplification, we will consider the process for just one wallet.
The user first taps the X1 card on the X1 vault for setup initiation and then sets the email address on which the user will be checked for inactivity.
The user then selects a nominee. The nominee is the ultimate beneficiary of the digital assets. If the user wants to go through the legal system, they may choose a lawyer or a trust as a nominee, but if the user doesn’t want that, then they can choose a family member as a nominee. The user gives one card to the nominee. The user then sets the email address for the nominee. This is the email address on which the nominee will receive email about Estate recovery and the process of recovering assets.
Now, user writes down the last message they wants to send to the nominee in case they become inactive. The message should at least contain the location of another card.
Next, the user sets up a reminder time, which is the interval at which Cypherock follows up with the user to check if the user is inactive.
Once set, the user needs to connect the X1 vault with the cySync desktop app. The message is then sent from the cySync app to the X1 vault. The user then enters the PIN of the wallet on the X1 vault and taps any one of the X1 cards on the X1 vault. The message and the PIN together gets symmetrically encrypted inside the X1 card by an AES private key individually stored on each of the 4 cards. Let’s call this combination of message and PIN as message #2. This AES private key is generated from one of the derivation paths of the seed phrase of the wallet itself during wallet initialization. This ensures that even if the user shifts to a new Cypherock X1 product, as long as the seed phrase is the same, they will be able to generate the same private key.
The encrypted message #2 is then sent from the X1 vault to the Cypherock server. The initial setup is now complete for the user.
The Cypherock server will then email the user in accordance with the reminder time set by the user to check if the user is still active. If the user replies, the reminder resets. In case of inactivity, there is a cool-down period in which the user is emailed every day for the next 30 days.
If the user does not reply even in the cool-down period then the email will be sent to the nominee from Cypherock having info about Estate recovery and the process of recovering assets.
Note - The nominee needs to purchase an X1 vault if they doesn’t have any.
The nominee completes the authentication process by tapping one X1 card on the X1 vault and email OTP verification on which the email was received for recovery. After successful authentication, the encrypted file is received from the server.
Note- Only the 4 X1 cards that the user has can decrypt this message, not even Cypherock, and not even any other Cypherock wallet user.
The encrypted message #2 is sent to the X1 vault. The user taps the X1 card on the X1 vault. The encrypted message #2 is sent to the X1 card. The AES private key decrypts it to the message and PIN and sends it back to the X1 vault. The PIN is then correctly displayed to the nominee on the X1 vault, and the message with the card location is sent back to the desktop app and displayed to the nominee there.
The nominee already had one card. They now also have the location of second card and the PIN, which is enough to recover the digital assets.
Important characteristics
No single point of failure except the user in the setup who could access the digital assets. Neither Cypherock can compromise the digital assets alone nor can the nominee.
No KYC is required. Neither the user’s nor the nominee’s KYC is required to set up estate recovery. All that is required is the user’s and nominee’s email to send the reminders and recovery process.
The seed phrase never leaves the secure hardware environment of Cypherock X1.
The Cypherock cover estate recovery acts as an infrastructure layer below the legal layer. Since Cypherock never has custody of the user’s digital assets, the user is free to choose a nominee either from the legal system or from their close acquaintance.
It is completely non-custodial. Cypherock never controls or holds the user’s digital assets.
It is protected against any nation-state intervention. Even if a nation-state subpoenas Cypherock, the worst that can happen is Cypherock is forced to give away the email and the encrypted message.
It works even in the case the user is using the Cypherock X1 as a seed phrase backup for their other wallets. In fact, estate recovery can be extremely useful even if the user is accustomed to using other wallets. The setup is completely complimentary to a user’s existing wallet setup.
Estate recovery only becomes possible because the X1 cards are offline, non-upgradable, & have physical locations that no one knows about. Hence, Cypherock can’t track them even if hypothetically it goes rogue. If this was a software-based solution that is cloud-based and upgradable, it would be very unlikely that a user would trust the service.
Since the access of the seed phrase of a specific wallet is being transferred, the recovery is multi-chain by default.
Even if the user switches either the X1 vault or the X1 cards, as long as the seed phrase is the same, they will be able to edit the recovery setup.
The user will be able to customize certain elements of the recovery setup. They will be able to set the reminder time & recovery setup years. And will also be able to define up to two nominees. Nominee #2 receives the encrypted message 3 months after Nominee #1 receives it, which allows Nominee #1 to take precedence in estate recovery but still ensures recovery in case Nominee #1 is also deceased. Additionally, the user can also define an executor as part of the setup who does not have any financial stake but can be assigned as a helper by the user in the estate recovery process for the nominee.
If the user’s cySync app is reset, the user will still be able to edit the estate recovery setup details by recalling the encrypted message #2 from the Cypherock server. To ensure that the right person has recalled this encrypted message #2, Cyphrock will rely on digital signatures done by the user through a private key derived from the wallet seed phrase and email verification.
Protect your crypto with Cypherock Cover – Get started with a plan today.
References