Some of the inherent challenges within the DeFi world include safekeeping private keys and managing seed phrases. Millions of assets have been lost due to human errors in managing encrypted private keys. This is where Okto leverages multi-party computation(MPC) technology to avoid a single point of failure and facilitate instant, secure transactions.
Okto provides a holistic solution with enhanced security and a self-custody Web3 wallet. It offers a keyless experience to its users with secure multi-factor authentication along with state-of-the-art, custom-built MPC technology. We have covered the details of its solution in the section below.
Enhanced Security
Okto leverages MPC for secure wallet creation, and transaction signing. MPC is an advanced cryptographic technique that allows the user’s private key to be used as separate, sensitive key shares to partially sign transactions that can be combined to create the user’s complete signature. Using MPC, Okto removes a single point of vulnerability with multiple key shares which means that there is no single place that could lead to a compromise and provide full access to the wallet.
Okto offers a keyless experience where the user’s keys are encrypted with multi-factor authentication. With multi-factor authentication, Okto uses passwords, biometrics, social login, etc to authenticate and validate log-in.
The possibility of potential attacks drastically reduces with multiple key shares as each signing party is independent of the other with varied security setups. Every transaction generated by the user, the primary signing party, is verified and partially signed by the other secondary parties. The partial signature of the user and the secondary parties together complete the transaction for a user. The users retain primary ownership of their wallet's key and this way only a user can initiate a transaction.
Read more: How to use Okto Wallet?
Private Key Management
- Key Shares: The user’s key is divided into primary and secondary key shares wherein the primary key is kept on the user’s mobile device encrypted via the user’s biometric credentials that give the user sole custody of the primary key share.
- Storage: The encrypted key shares are kept safe in a secure execution environment of the mobile device. The secondary key shares are stored in geographically isolated, distributed and tamper-resistant nodes.
- Key Refresh: The key shares are periodically refreshed at all nodes in a way that the public key remains the same for the users, further decreasing the risks of an attack.
Self-custody
With an in-built DeFi wallet, Okto offers a self-custody solution where the users control the private keys to their wallet and retain complete ownership at all times. They do not require any permission to send, store and receive their crypto and no funds can be moved without the user’s initiation and authorization. The users hold the primary key without which no transaction can take place.
- Ownership: Self-custody provides complete ownership of user funds, empowering them to manage their assets. At no point can a user’s full private key be constructed and Okto cannot get access to all the key shares of any user. Hence, the users remain the primary owner of their wallets at all times.
- Privacy: Also, as only the user’s key share can initiate a transaction, Okto can never move the user’s assets for its own benefit and thus, will never have rights over the user's funds. Multiple parties jointly complete a transaction while maintaining their individual privacy through a keyless experience.
- Recovery: Okto offers secure key share recovery in the event of key share misplacement and helps you store your backup on the cloud for easy recovery. If the mobile phone is lost/stolen, the user can opt for “assisted recovery” via the Okto app to halt further signing till the account is secured. The user can retrieve their key share in a way that Okto can never access their key share information. Users can also use the offline backup option to store their Recovery Phrase.
