Originally written for Levain
―――――――――――――――――――――――――――――――
Provable self-custody is the most secure and transparent way for institutions to custodize their digital assets. Therefore, Levain’s self-custody wallet is rigorously built on the foundation of provability, empowering institutions with true control and oversight over their digital assets.
Unlike regular self-custody, provable self-custody equips institutions with a robust layer of transparency, enabling them to verify and audit the custody process themselves and on-chain. Provable self-custody is also designed as a simple-to-understand system that is easy to deploy, significantly enhancing accuracy and leaving no room for errors.
To this end, multi-signature is the gold standard for provability, as its M of N signature consensus takes place entirely on-chain and is fully verifiable.
As Levain ultimately prioritizes provability and security for managing digital assets, we thus chose multi-signature over MPC for our self-custody wallet solution. Specifically, we deploy the highest form of on-chain security for multi-signature, where Elliptic Curve Digital Signature Algorithm (ECDSA) signatures are gathered to execute transactions.
This article will delve into the heart of Levain’s multi-signature wallet technology, guiding institutions to understand how it bolsters their digital assets with the highest level of security.
―――――――――――――――――――――――――――――――
Levain’s multi-signature wallet is designed to be completely autonomous and transparent, with every step initiated and driven by your institution. This section breaks down the various stages your institution must take to securely store and transact with its digital assets.
Wallet Creation
Three unencrypted private keys are created during Levain’s wallet creation process, including:
-
Key #1: User signing key
-
Generated on the user’s browser, they own this key.
-
Levain creates an encrypted version of this key, encrypted with the wallet password chosen by the institution. We have no access to the actual key itself.
-
To elevate the user experience with increased efficiency, Levain keeps a copy of Encrypted Key #1. This encrypted key will be sent back to the final approver after all policies are met, following which the actual transaction will be signed.
-
-
Key #2: User backup key
-
Generated on the institution’s browser, they own this key.
-
As its name suggests, this key is intended for safe backups and is only utilized for wallet recovery.
-
Levain never keeps this key under all circumstances.
-
-
Key #3: Levain’s key
-
This key is generated on Levain’s server and facilitates an efficient transaction experience for institutions.
-
Levain uses this key to co-sign transactions initiated by the institution, which are then relayed to the blockchain to be broadcast.
-
Levain protects this key with institutional-grade security standards.
-
Keys #1 and #2 are generated through the user’s browser via crypto.randomBytes. This is the most secure way of generating private keys within a user’s browser.
As Levain utilizes a strict 2-of-3 signing quorum, Levain is thus unauthorized to move your institution’s digital assets independently. You must initiate all transactions via your user signing key (Key #1) while Levain co-signs the other part of the transaction with our key (Key #3).
Choosing a Password
After setting up their wallet, the institution will select a unique password. This password encrypts Keys #1 and #2, a process that takes place entirely on the user’s browser client-side, not server-side. Levain is not a participant in this process at any point.
After Key #1 is encrypted, it is moved to Levain’s server to be used when users later initiate transactions. As the encryption was performed on the user’s browser (client-side), Levain, despite holding Encrypted Key #1, will never know the details of the private key.
Key #2 remains safely in the institution’s possession, with its details stored on a Key Card and backed up according to the institution’s operational requirements.
Key Card Download
With their wallet and keys set up, the institution downloads a Key Card as a PDF file. This Key Card collates vital information on the encrypted private keys, Levain’s public key, and the encrypted wallet password as follows:
.png)
Transaction signing and execution
After setting up your wallet and storing your Key Card, your institution can now perform transactions. As every transaction is routed through Levain’s policy engine, it is thus essential for your institution first to configure various controls and align them with its internal policies:
-
Wallet-level users: By default, users are not automatically added to every wallet. Each wallet’s Wallet Approvers must first grant permission. Users can be assigned one of three roles on the wallet level:
-
Wallet Approvers
-
Wallet Initiators
-
Wallet Viewers
-
-
Approval quorum: The approval quorum enables your institution to configure an off-chain approval threshold requirement. With clear guidelines, your institution can use the user signing key to sign transactions. To configure an approval quorum, your institution must assign multiple Wallet Approvers in a given wallet. These Wallet Approvers will be counted towards the N factor in the M-of-N approval quorum.
-
Whitelisted addresses: Your institution must whitelist blockchain addresses at the wallet level before initiating transactions with them.
Once your institution configures its controls, it can perform transactions via Levain’s wallet. Here is how the transaction process works.
Encrypted Key #1 is sent to your institution’s browser during signing after passing all policies configured for that wallet. To illustrate, consider the following scenario:
Your institution initiates a transfer of 1 million USDT to wallet address 0xa1b2…c3d412345. Encrypted Key #1 is sent to your browser and decrypted using your chosen password. You then use decrypted Key #1 to sign the transaction, assuming all your institution's configured policies have passed.
The partially signed transaction is then sent to Levain, where we use Key #3 to co-sign the transaction (on-chain signing). With 2 of 3 signatures collected, the waller’s required threshold is met, and Levain will broadcast the transaction to the blockchain.
Wallet recovery
There may be scenarios where your institution needs to recover your wallet. Levain’s solution is designed such that your institution can perform the wallet recovery process autonomously.
Returning to the Key Card, this document contains encrypted versions of Keys #1 and #2, along with your institution’s encrypted wallet password. This crucial document is instrumental for wallet recovery, so we strongly urge you to print a copy and store it safely following your key ceremony procedures.
The encrypted version of your wallet password is stored in Box 4 of your PDF Key Card. Under normal circumstances, you do not need to decrypt this password unless you forget it. As Levain encrypts your wallet password with an RSA key, we can help you recover it when needed.
―――――――――――――――――――――――――――――――
This article has thus far provided your institution with a guide of how Levain’s multi-signature wallet works, from wallet creation to transaction signing.
As the steps described above demonstrate, your institution controls the entire custody process, with every detail made fully visible to you. The system is also set up such that you can prove your ownership over your keys, your unique wallet password serving as the fundamental tool that decrypts them to sign transactions.
Protect your institution’s digital assets with the highest form of on-chain security. Choose Levain today. Talk to us here.