Security via Policies

Silk has two keyshares.

  1. The security keyshare, owned by the either

    1. Silk enclave in the 2PC version

    2. Ika network in the 2PC-MPC version

  2. The sovereignty keyshare which neither Silk nor Ika has any access to

Since signing requires consent of keyshares, us or Ika can enforce security policies or threat intelligence to block scams, hacks, etc., much like banks do. Banks and fintech companies fight fraud that crypto wallets do not because they can recognize and stop threats. 2PC enables you to do so in a self-custodial way; the security keyshare cannot access or spend user assets, yet it can have strict security policies.

Default Policy

By default, all new Silk wallets come with the policy of a spend limit (currently $3000) and risk threshold for AI transaction reports. If the spend limit or risk threshold is exceeded, two-factor authorization is required.

By default, a user's authorization method is the email or phone they signed up with. However, users with only email or phone should upgrade. Users with significant funds who still have insecure 2FA may have transactions flagged as extremely likely to drain their wallet blocked without contacting Silk for the approval of such transactions.

Advanced Policies

Users can change their spend limit and risk thresholds. Users can also upgrade their 2FA method. Here 2FA is taken in the stronger sense to mean two-factor authorization, not just two-factor authentication. Authorization implies actually seeing the transaction, preventing blind signing. Users may set the 2FA method to email or external wallet. External wallets can be mobile, desktop, or hardware wallets.

Silk with Hardware 2FA > Hardware

The most secure wallet setup is Silk with a hardware wallet set for 2FA. Hardware wallets are immune to malware but suffer from blind signing where untrusted devices may display safe transactions for the user to see, while sending indecipherable malicious transactions to the hardware wallet to sign. This has resulted in numerous hacks using hardware wallets and even multisigs with hardware wallet such as

Silk with a hardware wallet for 2FA would have prevented these blind signing attacks that hardware wallets could not prevent by themselves! When you elect a hardware wallet as the 2FA mechanism on Silk, Silk will give human-readable output of the transaction to the hardware wallet's personal_signmethod. This establishes a malware-resistant communication channel between the hardware wallet and Silk's enclave, so even if the host device has malware it cannot conduct a blind signing attack.

Silk with a hardware wallet is more secure than hardware wallet by itself

PreviousDecentralization via Human KeysNextSilk Points

Last updated