Managing private keys securely is critical to the safety of user assets. Capsule employs advanced distributed Multi-Party Computation (MPC) leveraging distributed key generation (DKG) and distributed signing to ensure that user keys are never all stored in a single location susceptible to attack, as well as that neither applications nor Capsule have access to user private keys. This also allows Capsule to be able to perform key refreshes & rotation.

Capsule's key management system relies on a 2-of-2 MPC system comprised of a Device Key and a Cloud Key. In addition to these, an Enclave Key is also generated.

MPC Keys

The Device Key(s) are custodied by the user, acting like a hot wallet and are accessible in the browser. These keys provide the user with immediate control over their assets while interacting with crypto applications.

The Cloud Key is managed by Capsule and stored securely in cloud hardware-security modules (HSMs). This setup provides a secure off-device backup of the user's key, safeguarding the assets even in the event of device loss or compromise.

Capsule also uniquely supports flexible backup mechanisms and a key-based permissions system (for more information on this, get in touch).

The Enclave Key

Most modern smartphones come standard with hardware secure enclaves, a dedicated area within the device's main processor used for storing and protecting sensitive data. However, keys generated in these enclaves primarily support the secp256r1 elliptic curve, contrasting with the secp256k1 curve used by most modern blockchains.

To navigate around this issue, Capsule generates a separate Enclave Key. This key is used to authorize access to the Cloud Key, enabling biometric authentication and signing on the secp256k1 curve. This process ensures users can leverage their device's hardware security features while interacting seamlessly with blockchain networks.