[Research] Custodial Service Providers for Shamir Secret Share Storage

[axatbhardwaj]

Research Context:

We're exploring security enhancements for our web3-based wallet platform using Shamir's Secret Sharing scheme. Our primary objective is to prevent the platform from having direct access to the user's wallet key unless explicitly authorized. We're investigating the use of custodial service providers to securely store the shares generated from the secret sharing process.

Research Goals:

• Please refer to the notion Doc to have a better clarity on the architecture

• Identify Potential Providers: Compile a list of custodial service providers that offer secure storage solutions compatible with Shamir Secret Shares.

• Evaluate Security: Assess the security measures employed by each provider to protect stored shares.

• API & Integration: Analyze the API documentation and integration capabilities of each provider.

• User Authorization: Determine how each provider supports user authorization mechanisms for accessing shares.

• Cost Analysis: Compare the pricing models of different providers.

• Compliance: Review the compliance status of each provider with relevant regulations in our jurisdiction.

Additional Considerations:

• Reputation & Track Record: Research the reputation and track record of each provider in the secure storage industry.
• Open Source Options: Explore if any open-source custodial solutions or libraries exist that could be adapted for our needs.

Expected Outcome:

• A comprehensive report detailing the findings of our research, including a comparative analysis of potential custodial service providers.
• Recommendations for the most suitable provider(s) based on our specific requirements and constraints.

We welcome any input, insights, or recommendations from the community on this research topic.

Feel free to share your research in notion docs below !

Thank you!

[Ameerjafar]

@axatbhardwaj can I pick this enhancement sir

[axatbhardwaj]

@axatbhardwaj can I pick this enhancement sir

go for it , it is open for all either way

just try to ignore torus like solutions

[axatbhardwaj]

@Ameerjafar

Hi any updates ?

[Ameerjafar]

@axatbhardwaj can you assign this issue to someone else

[vkpatva]

hi @axatbhardwaj ,
We can use passkey and webauth to store and encrypt keys on IPFS, encryption key would be with user(passkey) and once user login using passkey they can decrypt the key.

let me know if you want to discuss more on this

[axatbhardwaj]

hi @axatbhardwaj , We can use passkey and webauth to store and encrypt keys on IPFS, encryption key would be with user(passkey) and once user login using passkey they can decrypt the key.

let me know if you want to discuss more on this

would love to

[vkpatva]

hi @axatbhardwaj , We can use passkey and webauth to store and encrypt keys on IPFS, encryption key would be with user(passkey) and once user login using passkey they can decrypt the key.
let me know if you want to discuss more on this

would love to

You could do the following thing store all encrypted shard in db.

1. Key 1 : General Secret Key for all users
2. Key 2 : Unique secert in passkey that can be access only via webauthn authentication and use it to decrypt the second shard.
3. Key 3 : Store encrypted key 3 (can be decrypted only by general secret) into Google Drive of user.

By this way you want be dependent on any third party and role and responsibility of the key is distributed like Key1 (platform) , Key2(user) and Key3 (combination of both platform and user).

Also allow user to regenerate new keys / such that in case of loss of passkey or loss of google drive file user can atleast get back the access.