Key Management System
An in-depth look at Capsule’s innovative approach to secure key management using MPC and hardware secure enclaves
Capsule’s Key Management System forms the core of its security architecture, employing advanced cryptographic techniques to safeguard user assets while ensuring usability across various platforms and blockchain ecosystems. At its heart is a distributed Multi-Party Computation (MPC) system that leverages distributed key generation (DKG) and distributed signing. This innovative approach ensures that user keys are never stored in a single vulnerable location, and neither applications nor Capsule itself can access users’ private keys, providing a robust foundation for secure, non-custodial wallet management.
Key Components
s Capsule’s key management system relies on a 2-of-2 MPC system comprised of three main components:
- MPC Key 1: User Share
- MPC Key 2: Cloud Share
- Passkey
User Share
The User Share is custodied by the user and acts like a hot wallet. It is accessible in the browser or on the user’s device, providing immediate control over assets while interacting with crypto applications.
Cloud Share
The Cloud Share is managed by Capsule and stored securely in cloud hardware-security modules (HSMs). This setup provides a secure off-device backup of the user’s key, safeguarding the assets even in the event of device loss or compromise.
Passkey
The Passkey is a unique feature of Capsule’s system, designed to bridge the gap between device security capabilities and blockchain requirements.
Most modern smartphones come with hardware secure enclaves, which are dedicated areas within the device’s main processor used for storing and protecting sensitive data. However, these enclaves primarily support the secp256r1 elliptic curve, which differs from the secp256k1 curve used by most modern blockchains.
To address this, Capsule generates a separate Passkey. This key is used to authorize access to the Cloud Share, enabling biometric authentication and signing on the secp256k1 curve. This process ensures users can leverage their device’s hardware security features while interacting seamlessly with blockchain networks.
Key Generation and Management Process
-
Distributed Key Generation: When a user creates a wallet, Capsule initiates a DKG process. This generates the User Share and Cloud Share without ever assembling the full private key in one place.
-
Passkey Creation: Simultaneously, an Passkey is generated and stored in the device’s secure enclave.
-
Cloud Share Storage: The Cloud Share is securely stored in Capsule’s HSMs.
-
User Share Protection: The User Share is protected by the user’s authentication method (e.g., passkey, biometrics) and stored securely on the device.
Security Benefits
This key management system offers several security advantages:
- No Single Point of Failure: Since the private key is never fully assembled, there’s no single point of vulnerability.
- Phishing Resistance: Even if a user’s email or social login is compromised, an attacker would still need physical access to the user’s device to initiate transactions.
- Device Loss Protection: If a user loses their device, they can still recover their wallet using the Cloud Share and proper authentication.
- Censorship Resistance: Users have the option to export their Cloud Share, ensuring they maintain control over their assets even if Capsule's services are unavailable.
Flexible Backup Mechanisms
Capsule supports flexible backup mechanisms and a key-based permissions system, allowing for customized security setups based on specific application needs. These can be configured in the Developer Portal
By leveraging this advanced key management system, Capsule provides a secure, flexible, and user-friendly solution for embedded wallets, balancing robust security with seamless user experience across various blockchain ecosystems.
Was this page helpful?