Keyless security in a nutshell

Keyless security

Security is the fundamental building block of any crypto wallet. As pioneers of a new approach to security, we want to share how we designed our best-in-class system so that everyone can understand. 

Using threshold signatures, we’ve replaced the traditional private key with two independently created “mathematical secret shares.” One share is stored on your mobile device and the other on the ZenGo server. With no single point of failure, even if something happens to one of the shares, your assets are always safe.

Unlike with exchanges, only you can initiate a transaction. ZenGo cannot access your funds. To send funds, you initiate a process in which the server and device shares communicate to sign the transaction without ever revealing their secrets to each other.

Backing up your wallet is just as simple. An encrypted copy of your device share is stored on the ZenGo server, and the decryption code is stored separately in your personal iCloud account. Only with your 3D biometric face map can you access the encrypted share.

It only takes a few seconds to restore your wallet if you delete the app, lose your phone, or want to use ZenGo on a new device. Simply scan your face which will match with the 3D biometric face map you created during backup. This allows the encrypted device share to be decrypted on your device. Now your wallet is restored!

Our keyless security model removes the single point of failure of traditional cryptocurrency management solutions and frees you from ever having to worry about private keys again. And we also made sure it was easier to use than any other option.

For those interested in diving deeper, here’s a more technical explanation of our security model.

Passwordless authentication

Just like you don’t have to worry about your private keys with ZenGo, you also don’t have to remember any passwords. We use several mechanisms to achieve this level of convenient security:

Magic link authentication. When you register and verify your email, a magic link is sent to you to authenticate.

Device-based authentication. We require you to authenticate with your built-in mobile device biometric capabilities (e.g. Face ID and Touch ID) to authorize transactions.

3D biometric face map. Because wallet backup and recovery must be cross-device compatible, we use ZoOm – 3D Face Authentication. You can read more about our biometric authentication approach here

 

Our commitment to open-source

At ZenGo, we are deeply committed to open-source. We want best-in-class code while, at the same time, not compromising on our customers’ security. 

Open-sourcing our code allows us to collaborate with our community and welcome brilliant contributions from the best developers, but it also provides opportunities for adversaries to introduce faults or exploit our app. Young projects are also more vulnerable to this kind of malicious activity. That’s why we decided to take a progressive approach, open-sourcing at first some of our work and then gradually releasing more as our project grows and our confidence in our open-source procedures increases. 

All of our threshold cryptography code is available on our GitHub. In addition, we have completed additional third-party security audits to reinforce the integrity and security of our code 

You can read all about our open source policy and the reasons behind our decision here.  

Guaranteed access

At ZenGo, we know that strong security means planning for every scenario. That’s why we implemented Guaranteed Access. This first-of-its-kind approach ensures that even if ZenGo, the company, were to stop operating, your funds would still be accessible. 

Here’s how it works: 
  1. We use an established Escrow and Trustee;
  2. The Trustee monitors ZenGo while the escrow stores a master decryption key, 
  3. If the Trustee discovers that ZenGo is not operational, they will request that the escrow post the decryption key to a dedicated GitHub account;
  4. Upon startup, the app automatically checks the GitHub account and detects when it should enter recovery mode. The user will then be able to export their wallet to another service.
  5. The ZenGo user is now able to move funds to any destination they desire
  6. To read more about this service, read our recent blog post. We are always dedicated to protecting you and your assets no matter what the circumstance. That’s why we created Guaranteed Access and why we will continue to invest in this area moving forward.

Our recovery agents

Security audits

All our cryptography is open source so it can be publicly audited by anyone. We’ve also hired independent third party auditors to validate the security of the cryptography in our system.

The security of the mobile app and server were also successfully audited and tested by an independent auditor. We routinely and continuously run security checks on all our systems and we plan on future audits which will be reported to our community.

AppSec audit: June 2019
Kudelski audit: March 2019

ZenGo challenge

Don’t take our word for it; test our security yourself. We’ve put 1 BTC in a ZenGo wallet just waiting for you. All you need to do is break into the wallet and take it. If you can, the bitcoin is yours. Get all the details here

You’ve got one month (ending on July 25, 2019). Ready…set…go!

 

Notify me when ZenGo is available for Android