Hybrid "Non-Custody"

Not your keys, not your crypto

It's always been about Custody

Distributed web infrastructure has matured enough today so that there is no reason to solely trust a centralized custodian with your data, finances, or identity. Technology must be built with user consent as a default over-ride to maintain an innovation trajectory towards a human-centric future. Privacy, economic freedom, open participatory markets, data federation, self-sovereign identity all begin with secure self-custody of cryptographic keys.

Where is the trust?

Self-custody places trust in the user to keep their cryptographic keys local on their (ideally air-gapped) device hidden away from any applications, daemons, or even the system kernel itself. In practice this is quite difficult to achieve, and many cases of hacks and exploits are the result of keys being leaked to a snooping application, seemingly innocent service process, or being dumped into the system RAM for malware to pick up. Key banditry aside, self-custody is a huge risk for users on it's own. The loss of the device, the seed phrase, or the private key itself is irrecoverable with pure self-custody.

Distributing Trust Reduces Risk

In Silk, we avoid centralization of key custody, and the problems it comes with, by implementing a hybrid non-custody architecture. From any device, the user can reconstruct their private key by presenting multiple disparate authentication proofs derived from a password, email, identity, and safeguards against suspicious behavior (i.e. sudden transfer of wallet balance to an account the user has never interacted with). The user must interact with an authentication network to present each proof and retrieve the corresponding share needed to generate the key. No single agent or authority actually holds the private key except the user with the ability to assemble the shares held by the authentication network.

Note: do your homework before choosing a noncustodial wallet. Some wallets advertise being noncustodial but actually store private keys on their own servers. This has resulted in countless cases of theft, scams, hacks, and fraud.

Last updated