Technical FAQ

Capsule uses the DKLS19 MPC algorithm and leverages an open source implementation for core functions like distributed key generation and signing ceremonies. This ensures a robust and auditable foundation for Capsule’s key management system.

Capsule uses the EIP712-specified transaction signature interface. Additionally, Capsule publishes an EIP-1193 Provider, which is most commonly used via the Wagmi Connector. This ensures compatibility with a wide range of Ethereum-based applications and tools.

Capsule uses sessions as a security measure when signing transactions. By default, session length is 90 minutes. Developers can implement session refresh logic in their applications to maintain longer sessions if required.

While Capsule primarily uses MPC for key management, it is designed to work with ERC-4337 (Account Abstraction) out of the box. This allows developers to leverage Capsule’s security features while also taking advantage of AA capabilities if desired.

As long as the cloud key sent during onboarding is not deleted by the user, they can always refresh keys, export, or sign transactions independently. This design ensures that Capsule cannot censor transactions and provides a robust fallback mechanism.

Capsule offers SDKs for: - TypeScript/React for web developers - React Native for mobile developers - Flutter for cross-platform mobile development These SDKs provide a consistent interface for wallet management and transaction signing across different platforms.

The biometric key is stored on-device in a secure enclave. For Ethereum-based transactions, Capsule uses secp256k1 curve signatures. However, the secure enclave supports the secp256r1 curve. Capsule generates a secp256r1 key, which is used to authorize a secp256k1 curve signature for ECDSA signatures, bridging this compatibility gap securely.

All UI elements and copy in the Capsule flow are fully configurable. Developers can whitelabel the product to match their application’s look and feel. While Capsule aims for a somewhat consistent user experience, copy, colors, and sizes are fully customizable. Refer to the Customize Capsule Section for detailed configuration options.

Capsule supports sign-in via Google, Apple, Twitter/X, Discord, and Facebook. This allows developers to offer a range of authentication options to their users, potentially increasing adoption and ease of use.

Capsule’s multi-app architecture allows the same wallet to be used across different applications while maintaining security. It uses a permissions scheme that specifies what types of transactions an application can perform and which ones require user approval. This is implemented through encrypted User Shares specific to each application and an allow-list mechanism managed by Capsule.

Capsule implements a robust recovery mechanism involving: 1. A recovery secret generated during wallet setup 2. Option to add backup devices 3. Two-factor authentication for additional security 4. A key rotation process after recovery to ensure security The recovery process is managed through the Capsule Portal, reducing the implementation burden on individual developers.

Capsule’s architecture is designed to be blockchain-agnostic. It offers native support for: - All EVM-compatible chains - Cosmos ecosystem - Solana Developers can integrate Capsule with popular libraries like ethers.js, viem, and CosmJS for interacting with these networks.

Wallet portability in Capsule is achieved through:

1. Associating wallets with user identities (typically email addresses) rather than individual applications
2. Using MPC for secure key sharing across applications
3. Implementing a permissions framework for granular access control
4. Providing seamless authentication when users access new applications

Developers can leverage these features through Capsule’s SDKs and APIs to enable users to access their wallets across different applications seamlessly.