Smart contracts as a core of Linen Wallet
Linen’s mission is to empower individuals to self-custody their crypto assets and provide access to the ever-growing Decentralized Finance (DeFi), without the hassle of managing seed phrases. A seed phrase is a list of words that only the wallet owner knows and is required to recover a crypto wallet if the device with a wallet app installed becomes inaccessible. With that in mind, we designed an autonomous crypto wallet that lives on the Ethereum blockchain. In future releases, Linen Wallet will be accessed from multiple interfaces, and Linen App is just one of those. As long as the Ethereum blockchain is up and running and you have access to your wallet’s private keys, you can access your funds.
In the first version of Linen Wallet (August 2020), we use Gnosis Safe smart contracts as a core of Linen Wallet. Several factors led us to choose to build Linen Wallet on a Gnosis smart contract. First, Gnosis contracts have been in production since 2017, and the latest deployment of Gnosis Safe smart contracts secures more than $218 million of crypto assets as of July 24, 2020. Second, the core smart contracts have been audited by three independent security experts and are formally verified, which is the highest security standard in the industry.
Gnosis Safe contracts can be extended via the framework of modules, which allows adding new logic on top of the basic wallet functionality after the initial deployment. To decrease the time to market, the first version of Linen Wallet doesn’t have any modules integrated because a separate security audit is needed for each new piece of logic integrated with the smart contract wallet.
Another benefit of using Gnosis Safe smart contracts is that in the unlikely event Linen App is removed from the Apple App Store or Google Play, users can access the wallet with the interface already provided by Gnosis Safe.
The initial implementation of Linen Wallet has three private keys for each user’s smart contract wallet. To execute any transaction, such as depositing digital assets to the Compound liquidity pool, a user needs access to at least two of those three private keys. The keys are distributed in the following manner:
User operational key. Stored on a mobile device and never leaves the device. This private key is used during normal wallet operations, such as sending funds and initiating deposits and withdrawals to and from DeFi liquidity pools.
User recovery key. Stored on the user’s cloud storage (iCloud Drive or Google Drive). This private key, along with a user authentication, is required to recover the wallet if Linen App is reinstalled or a user’s phone is lost or becomes inaccessible.
Linen Agent key. Resides on Linen Mobile, Inc.’s secure software infrastructure. The purpose of this key is to assist users with wallet recovery if they uninstall the app or lose their mobile device. Users are required to authenticate with one-time passcode verifications using their email and SMS.
Based on the distribution of private keys outlined above, Linen Mobile, Inc., the company developing Linen Wallet, cannot access or recover user funds without either the operational or recovery keys possessed by the user. In the current implementation of Linen Wallet, Linen Mobile, Inc. must be around for users to have access to their funds. However, in future wallet implementations, Linen Mobile, Inc. will be removed as one of the signatories, and users can access their wallets using third-party interfaces without relying on Linen Mobile, Inc.
Using cloud drives to store a recovery key
In the previously mentioned private keys management system, the recovery key is stored as a backup file on the user’s personal cloud drive. Some crypto wallets, such as Coinbase Wallet, require only one private key to sign transactions and store a backup file encrypted by the user’s password in cloud storage. In the Linen Wallet setup, no password is required for the backup file. This choice was made for the following reason: when a password is required for a wallet recovery and the user forgets it, access to the wallet and the funds in it are lost forever. Thereby, this password needs to be backed up reliably, and this problem is equivalent to writing down a seed phrase and securely storing it. This is the original issue facing self-custody (non-custodial) wallets – seed phrase management. Moreover, having a password that can’t be restored breaks one of our UX principles – simplicity.
Instead, we chose a different approach. The recovery key (backup file) alone is not enough to access Linen Wallet. At least one of the other private keys and authentication using email and SMS are needed. That other private key is protected by its own authentication mechanisms. The user operational key is protected by a phone password or biometrics, and the Linen Agent key is securely stored within Linen Mobile, Inc.’s software infrastructure.
Nevertheless, a user’s recovery key (backup file) stored on cloud storage must be protected in the case of the unlikely event that a potential attacker gains control of the user’s email and phone number at the same time. Today, both Google and Apple offer enhanced security by enabling two-factor authentication (2FA) for an Apple ID and Google accounts. A 2FA setup for cloud storage using Authy or Google Authenticator significantly reduces the risk of account hijacking. 2FA using Authy and Google Authenticator also combat email account takeover attacks.
Future research and developments
The wallet outlined in this document is the first iteration of Linen Wallet and provides usability for retail crypto investors with no compromise to security. In future versions of the wallet, we will release enhanced security mechanisms for private keys management for those investors who have stricter security requirements due to higher-value transactions. Here is our roadmap:
This first version of the wallet requires two of three private keys to process transactions. The number of private keys, as well as the threshold, can be increased (e.g., three of five keys) for transactions that require enhanced security.
The private key custody mechanism outlined here involves the user’s mobile device, user’s cloud storage, and Linen Mobile, Inc’s infrastructure for private keys storage. In future versions of Linen Wallet, additional storage options will be available. Some of the options could be – cryptocurrency hardware wallets (e.g., Ledger or Trezor), other crypto wallets (e.g., MetaMask), additional devices that users already have (e.g., smartwatches), and password management software (e.g., 1Password or LastPass).
Social recovery is an important recovery mechanism that we are excited about. Social recovery means that your family member or friend can store one of the private keys needed for your wallet recovery on their mobile device. You can request your trusted party to assist you in wallet recovery when needed. All they need to do is to tap into their Linen App.
Privacy solutions will be integrated into Linen Wallet because it is important to keep wallet balances and the transaction history private from members of the social recovery circle and other users who interact with the owner’s Linen Wallet.
If you are interested in learning more about the Linen Wallet design process, check out this paper written by our CTO Alex Bazhanau. He designed the security model for Linen Wallet.