Security

Authentication

Signing into your cluster starts with verifying wallet ownership using off-chain authentication via signature signing. All users must sign an off-chain signature to prove they own their cluster.

Passphrase: Users may choose to opt in for an additional layer of security by adding a passphrase. We recommend users enable this feature when storing significant amount of funds on generated wallets.

Clusters does not store this passphrase. It is impossible to recover if lost and will result in forfeiting the ability to recover private keys of wallets generated on the users account.

Passphrases are used as the encryption key for private key shards.
Users will need to enter their passphrase in order to export their wallet's private keys.

Private Key Storage

Key's are split up into 3 different shares using the Shamir's secret sharing. It is split between user and cloud encrypted storage. In order to reveal the private key, 2 out of the 3 shares need to be present. Full keys are never sent over the air or stored in Clusters infrastructure.

User device share — Stored on the users device via local storage. This share will be stored encrypted using the passphrase if opted in.
Recovery share — This share is encrypted at rest by default and stored by Clusters. This share is encrypted using the users passphrase if they opt in for this additional security later.
Backup share — Encrypted at rest and stored by Clusters. It's used, in conjunction with the recovery share, to generate an additional compatible user device share if it's lost or moving to another device.

PreviousChain Support NextJavascript SDK

Last updated 1 month ago