Security

Silk has two keyshares.

  1. The security keyshare, owned by the either

    1. Silk enclave in the 2PC version

    2. Ika network in the 2PC-MPC version

  2. The sovereignty keyshare which neither Silk nor Ika has any access to

Since signing requires consent of keyshares, us or Ika can enforce security policies or threat intelligence to block scams, hacks, etc., much like banks do. Banks and fintech companies fight fraud that crypto wallets do not because they can recognize and stop threats. 2PC enables you to do so in a self-custodial way; the security keyshare cannot access or spend user assets, yet it can have strict security policies.

Default Policy

By default, all new Silk wallets come with the policy of a spend limit (currently $3000) and risk threshold for AI transaction reports. If the spend limit or risk threshold is exceeded, two-factor authorization is required.

By default, a user's authorization method is the email or phone they signed up with. However, users with only email or phone should upgrade. Users with significant funds who still have insecure 2FA may have transactions flagged as extremely likely to drain their wallet blocked without contacting Silk for the approval of such transactions.

Advanced Policies

Users can change their spend limit and risk thresholds. Users can also upgrade their 2FA method. Here 2FA is taken in the stronger sense to mean two-factor authorization, not just two-factor authentication. Authorization implies actually seeing the transaction, preventing blind signing. Users may set the 2FA method to email or external wallet. External wallets can be mobile, desktop, or hardware wallets.

Silk with Hardware 2FA > Hardware

The most secure wallet setup is Silk with a hardware wallet set for 2FA. Hardware wallets are immune to malware but suffer from blind signing where untrusted devices may display safe transactions for the user to see, while sending indecipherable malicious transactions to the hardware wallet to sign. This has resulted in numerous hacks using hardware wallets and even multisigs with hardware wallet such as

Silk with a hardware wallet for 2FA would have prevented these blind signing attacks that hardware wallets could not prevent by themselves! When you elect a hardware wallet as the 2FA mechanism on Silk, Silk will give human-readable output of the transaction to the hardware wallet's personal_signmethod. This establishes a malware-resistant communication channel between the hardware wallet and Silk's enclave, so even if the host device has malware it cannot conduct a blind signing attack.

Silk with a hardware wallet is more secure than hardware wallet by itself

Security Audits & Partners

Silk and its underlying protocols (Mishti Network and Zeronym) been audited. However, equally important, Silk incorporates an advanced threat model and extensively employs security consultants in the design and implementation of features before audits are even done. Additionally, we have found and responsibly disclosed numerous bugs in other wallets to help secure their user funds. This had led to Silk being a leader in wallet security.

Silk views responsible security as a commitment to second lines of defense: rather than solely reducing the chance of bugs occurring, we focus substantial effort on limiting the scope of what a bug in any component can do. This is accomplished via techniques such as 2PC and resource isolation, along with zero trust and multifactor authorization (not just authentication).

Silk or its key management protocols and features developed by Holonym such as Mishti Network and Zeronym, have been audited by:

  • Cure53

  • Hexens

  • Least Authority

  • Halborn

Silk architecture was designed with consulting from

  • Anderson Software

  • Distrust

to create its architecture and development pipelines with security first.

PreviousTechnical OverviewNextDecentralization via Human Keys

Last updated