Comment on page
In today's digital world, the security of our assets has become a significant concern for everyone. With the rise of cryptocurrencies, the need for secure and reliable wallets to store them has become even more crucial.
At Banana, we have taken a step forward by introducing a unique recovery mechanism that ensures the safety of your assets, even in case of a lost or stolen device.
The Banana Wallets recovery mechanism combines offline multi-party computation (MPC) and social recovery.
Secure multi-party computation (also known as secure computation, multi-party computation (MPC) or privacy-preserving computation) is a subfield of cryptography with the goal of creating methods for parties to jointly compute a function over their inputs while keeping those inputs private.
During the setup of the recovery process, a recovery key is generated and sharded into three parts. The recovery key is distinct from the transaction key stored in the hardware security module and can only be used to initiate the recovery process. This ensures that your assets remain secure even if your device is lost or stolen.
Banana Wallet uses the Shamir secret-sharing technique to break the private key into three shards.
Shamir secret sharing is a cryptographic algorithm that allows a secret to be divided into multiple shares, where each share is given to a different participant. The secret can only be reconstructed when a minimum number of shares are combined, which is determined during the setup of the recovery process.
The user must prove their access to at least two of the three shards to initiate the recovery process. The three shards are stored in different locations to ensure the security of the recovery process.
Shard 1 is saved to the user's Google Drive, and the authentication mode is Google sign-in.
Google authentication for shard1
Shard 2 is stored on Banana Wallets' server in an encrypted manner. The user provides an alternative email id, which will receive an OTP. Upon successful authentication, the second shard is stored on our server. The second shard is encrypted and cannot be accessed by the Banana server, ensuring the user has complete control over their assets.
OTP over alternate email
Shard 3 is stored in the local storage of the user's friend or guardian device as a QR code. The shard is encrypted and converted into a QR code. To encrypt the shard, Banana Wallets asks the user some questions to create an encryption key. These questions can be related to the user's life, such as their mother's birthdate or the last four characters of the hash of their social security number etc.
Third QR shard
Once all the shards are saved, the recovery setup is complete and the account is secured.
Recovery Setup complete
Banana Wallets' recovery mechanism ensures that the user has complete control over their assets, even in case of a lost or stolen device. The multi-party computation and social recovery mechanism make it difficult for an attacker to access the user's assets. The recovery process is simple and straightforward, with minimal risk of losing access to their assets.
Shard 1: The user must complete the Google authentication process to claim access to the first shard. Only the user who has access to their Google Drive can retrieve the first shard.
In the next step, the user can prove access to any one of the shards
Shard 2 is encrypted and cannot be used by Banana Servers, ensuring users have complete control over their assets. To claim access to the second shard, the user must complete OTP (One-Time Password) based authentication, where the OTP is sent to their other email address.
Alternate email confirmation
OTP over alternate email
Shard 3 To claim access to the third shard, the user must ask for the QR code from his friend/guardian and upload it.
QR code upload
Once the user provides any of the other two authentications to retrieve the shards, the recovery is initiated, and the user can access their wallet after a cooldown period of 48hrs.