iCloud-based backup & restore solution
As we all know, the private key is the most critical thing in managing and using crypto assets because it determines the ownership of the blockchain asset. In other words, the private key is the only way to control the corresponding crypto assets. If you lose your private key, you can never get to your crypto assets again. So how to keep and restore the private key is the most important for the wallet.
The traditional backup solution is complicated to let users keep the private key and mnemonics in plaintext or QR code. In addition, if something unexpected happens, such as a wrong copy of a letter, you can’t recover your private key.
How to back up wallet using Jade Wallet?
"Is there a simpler and more user-friendly backup & restore solution?" With this in mind, we chose an iCloud-based backup recovery solution when we designed Jade Wallet.
Let's imagine what would happen if we use the traditional solution. Since Jade Wallet uses MPC-based threshold signature scheme, the invisible private key is split into multiple keyshares. If we back up these “keyshares” according to the traditional solution, it means that each keyshare holder needs to write down the complete contents of the keyshares separately or convert the contents into QR codes and print them out ......
Our solution: After the keyshare is successfully generated, a high strength password (EncKey) is randomly generated in the App to encrypt the keyshare. The encrypted copy of keyshare is uploaded to the Jade Wallet server, and EncKey is backed up to your iCloud. Users can easily complete the backup with just a few clicks.
"Is there a security risk?" If you have such question in mind, I wish the following explanation of some technical concepts will be helpful to you; if not, you can skip to the next step "How to restore wallet using Jade Wallet?".
The EncKey is a 256 bit random number stored only in your iCloud after generation, with almost zero chance of being "guessed” . Meanwhile we use the highly secure AES GCM encryption algorithm to encrypt the private keyshare. In this case, no one else can decrypt the encrypted private keyshare unless they have access to the EncKey, so even if Jade Wallet's server is hacked and the hacker gets a copy of your keyshare, they can't decrypt it without the EncKey.
The only scenario that could lead to your keyshare backups being cracked is if the hacker gains control of your iCloud account and gets your keyshare backups at the same time. So we suggest that the email address associated with your Jade Wallet account is preferably not the same as that associated with your iCloud account to avoid this small possibility.
But what if the hacker really gets both your keyshare backup and EncKey, can he transfer your assets? Don't forget that Jade Wallet uses a MPC-based threshold signature scheme that requires multiple people authorizations to sign transactions. A hacker who wants to transfer your assets will need to gain control of at least threshold - 1 keyshare(s).
How to restore wallet use Jade Wallet?
Suppose a user gets a new iPhone. After he logs into his Jade Wallet account, the system prompts “your wallet needs to recover the keyshare in order to continue using it”. Please submit a request to recover a keyshare first, Jade Wallet will use Face ID to verify the user's identity and prompt “sign in to the same iCloud account as before to synchronize the previously backed up EncKey”. After the other members (keyshare holders) agree the request, Jade Wallet will use the EncKey backed up in iCloud to decrypt the encrypted keyshare backed on the Jade Wallet server. We will also verify whether the recovered keyshare is valid in the recovery process , similar to the case when signing the transaction, a threshold number of members are required to perform a multi-party computation to ensure the correctness of the signature.