"We're building Bitkey with a focus on security, resilience, and simple user experiences for a broad audience. Our system security choices mean Bitkey:"
- "Uses three keys instead of one, by default. Unlike in a single-signature setup, an attacker must be able to compromise more than one key in order to steal funds - compromising one key is not enough."
- "Incorporates secure hardware to keep one key stored offline. Storing one of the keys in a device that is not persistently connected to the internet helps reduce the attack surface available to malicious parties looking to steal keys - and thus your money."
- "Doesn't require customers to hold onto seed phrases, which are hard to hold onto and easy to get stolen."
- "Incorporates important platform security features, the details of which we'll cover in depth in future posts. We’re designing for considerations including, but not limited to:
- Safe key generation, storage, and management on each of the three platforms that store a key (mobile app and secure hardware - which hold 2 keys controlled by the customer; and Block servers, which hold only one key, not enough to move money in this 2-of-3 model).
- Secure authentication on each of the three platforms.
- Features that enable customers to ensure they're using the legitimate Bitkey mobile app and hardware.
- Finding and fixing security issues by inviting scrutiny in the open and investing in security patching and hardening."
The blog post promised to reveal more details on Bitkey's design in upcoming posts, elaborating on why it won't use seed phrases and why the signing device will not have a screen.
- "We’re looking forward to your feedback on these topics - let us know what else you want to hear about at email@example.com, on Twitter, or on nostr."