Keyless Wallet ™: ZenGo's security in a nutshell

Security is the fundamental building block of any crypto wallet. As pioneers of a new approach to security, we want to share how we designed our best-in-class system so that everyone can understand.

Using threshold signatures, we’ve replaced the traditional private key with two independently created “mathematical secret shares.” One share is stored on your mobile device and the other on the ZenGo server. With no single point of failure, even if something happens to one of the shares, your assets are always safe.

Unlike with exchanges, only you can initiate a transaction. ZenGo cannot access your funds. To send funds, you initiate a process in which the server and device shares communicate to sign the transaction without ever revealing their secrets to each other.

Backing up your wallet is just as simple. An encrypted copy of your device share is stored on the ZenGo server, and the decryption code is stored separately in your personal iCloud (iOS) or Google (Android) account. Only with your 3D biometric face map can you access the encrypted share.

It only takes a few seconds to restore your wallet if you delete the app, lose your phone, or want to use ZenGo on a new device. Simply scan your face which will match with the 3D biometric face map you created during backup. This allows the encrypted device share to be decrypted on your device. Now your wallet is restored!

Our keyless security model removes the single point of failure of traditional cryptocurrency management solutions and frees you from ever having to worry about private keys again. And we also made sure it was easier to use than any other option.

For those interested in diving deeper, here’s a more technical explanation of our security model.

ZenGo
Centralized Wallets
Decentralized Wallets

	ZenGo	Centralized Wallets	Decentralized Wallets
	No private key. Self-custodial	The wallet operator manages a private key on your behalf	The private key is stored on your device
No KYC Required
Funds Are Non-Custodial You have full control of your fund and they are verifiable at all times on the blockchain		Your funds and private keys are in custody in a central system and are not verifiable
Keyless Security No possible attack on the private key	No private key. MPC / Threshold Signatures
Fast Setup < 10 sec		Often time requires a long sign up process, KYC and / or downloading additional software for 2FA	At a minimum requires writing down a 12-24 word mnemonic phrase and storing it somewhere "safe". it's the only way to recover
Fast Recovery < 10 sec	Very Fast	Recovery only possible if you remember your password and have access to your 2FA app	Recovery only possible if you saved your seed phrase
Distributed Security Model Versus single point of failure	Even if ZenGo is hacked, the attacker cannot access your funds	If the operator is hacked, your funds may be jeopardizes	If your device is hacked, your funds may be jeopardized
Password-Free Security	Doesn't require to write, remember, or store any password or text
Owner Guaranteed Protection	Guarantees only the owner can access funds	Wallet operators are routinely hacked and customers funds are lost	Whomever has your private key can spend your funds
Systemic Guaranteed Access	Guarantees 100% of your funds are available if ZenGo stops operating	FeatureSome operators offer minor fractional insurance, never 100%	Only if you have your backup, no guarantee, no insurance
SIM-Jacking Resistant		Often times account is protected by SMS 2FA which makes it susceptible to SIM jacking	Often times users store their seed phrase or password in a software like Gmail or Dropbox which is vulnerable to SIM jacking
Recovery Protection Guarantee	Backup is mandatory before any deposit		You can skip backup and still deposit funds
So Simple, Even Your Grandparents Can Use It
	Buy Now	Buy Now	Buy Now

Passwordless authentication

Just like you don’t have to worry about your private keys with ZenGo, you also don’t have to remember any passwords. We use several mechanisms to achieve this level of convenient security:

Magic link authentication. When you register and verify your email, a magic link is sent to you to authenticate.

Device-based authentication. We require you to authenticate with your built-in mobile device biometric capabilities (e.g. Face ID and Touch ID) to authorize transactions.

3D biometric face map. Because wallet backup and recovery must be cross-device compatible, we use ZoOm – 3D Face Authentication. You can read more about our biometric authentication approach here. To learn more about liveness detection, go here.

Additional face map. You can use a close family member or friend’s face to restore your wallet. Simply get them to add a biometric face scan to your account and you’re all set. Adding an additional face map guarantees that your crypto is safe even if your face changes.

Our commitment to open-source

At ZenGo, we are deeply committed to open-source. We want best-in-class code while, at the same time, not compromising on our customers’ security.

Open-sourcing our code allows us to collaborate with our community and welcome brilliant contributions from the best developers, but it also provides opportunities for adversaries to introduce faults or exploit our app. Young projects are also more vulnerable to this kind of malicious activity. That’s why we decided to take a progressive approach, open-sourcing at first some of our work and then gradually releasing more as our project grows and our confidence in our open-source procedures increases.

All of our threshold cryptography code is available on our GitHub. In addition, we have completed additional third-party security audits to reinforce the integrity and security of our code

You can read all about our open source policy and the reasons behind our decision here.

Guaranteed access with ZenGo's Chill Storage™

At ZenGo, we know that strong security means planning for every scenario. That’s why we implemented Chill Storage™.

Chill Storage ™ is a first of it’s kind e-wallet service that ensures that even if ZenGo, the company, were to stop operating, your funds would still be accessible.

Here’s how it works:

We use an established Escrow and Trustee;
The Trustee monitors ZenGo while the escrow stores a master decryption key,
If the Trustee discovers that ZenGo is not operational, they will request that the escrow post the decryption key to a dedicated GitHub account;
Upon startup, the app automatically checks the GitHub account and detects when it should enter recovery mode. The user will then be able to export their wallet to another service.
The ZenGo user is now able to move funds to any destination they desire
To read more about this service, read our recent blog post. We are always dedicated to protecting you and your assets no matter what the circumstance. That’s why we created Guaranteed Access and why we will continue to invest in this area moving forward.

Our recovery agents

Security audits

All our cryptography is open source so it can be publicly audited by anyone. We’ve also hired independent third party auditors to validate the security of the cryptography in our system.

The security of the mobile app and server were also successfully audited and tested by an independent auditor. We routinely and continuously run security checks on all our systems and we plan on future audits which will be reported to our community.

AppSec audit: June 2019
Kudelski audit: March 2019
Kudelski audit: October 2019
Scorpiones audit: February 2020

ZenGo challenge

Don’t take our word for it; test our security yourself. We’ve put 1 BTC in a ZenGo wallet just waiting for you. All you need to do is break into the wallet and take it. If you can, the bitcoin is yours. Get all the details here.

You’ve got one month (ending on July 25, 2019). Ready…set…go!

Update:

The ZenGo Challenge is officially over and no one succeeded in claiming the 1 BTC. We never really thought that anyone would successfully steal the Bitcoin, but it is a good reminder that our system is as safe as we hoped.