Sign UpOpen Wallet
02 February 2023

NOAH Key Enclave: A Fortress for Your Bitcoin Wallet Keys

We’re excited about Key Enclave technology for secure key storage in mobile Bitcoin wallets. However, it’s important to keep in mind that our Key Enclave technology is still in the development stage and is not yet available for use. We look forward to the full implementation of self-custody key storage later this year.

Engineering
Advanced

Share

NOAH Key Enclave: A Fortress for Your Bitcoin Wallet Keys

    Index

    Key Enclave
    Utilizing Enclave
    Engineering Challenges

Key Enclave

At NOAH, we understand the importance of keeping your keys safe and secure, which is why we've worked tirelessly to provide the next billion people with the perfect combination of security, usability, and trustlessness.

Mobile Bitcoin wallets often store users' keys on mobile devices, which are then encrypted in cloud drives. With Key Enclave, users can protect their keys even more securely and eliminates the need for manual key entry on another device. However, it is recommended for users to still write down their seedphrase for emergency recovery purposes, such as if they forget their PIN. Key Enclave allows easy key recovery across devices using a PIN and provides an additional layer of security.

Key Enclave is a key storage solution that allows the NOAH wallet to restore keys that Key Enclave can only decrypt for a user that has their PIN code or using biometric authentication. Even though NOAH provides Key Enclave, it puts the user in complete control because it utilizes an isolated compute environment called Nitro Enclave. This ensures that the specific Key Enclave program is attested and is solely able to decrypt user keys. Any intrusion by NOAH, or any other entity, to modify the Key Enclave to leak key data would make the modified Enclave unable to decrypt keys.

In short, Key Enclave is like a fortress for your keys, with a moat of biometric authentication and a drawbridge of PIN codes.

Utilizing Enclave

Key Enclave technology is particularly useful for keys that are protected with a simple PIN code. Storing keys that are encrypted with a PIN code in cloud storage would not be secure, as an attacker could simply try each PIN combination to decrypt the key. With Key Enclave, the user's key is strongly encrypted, and knowledge of the PIN is required for the Enclave to decrypt the key.

NOAH wallet leverages Key Enclave technology to store key material, providing flexible options for key restoration in both Non-Custody and Self-Custody wallet scenarios. At its core, Key Enclave is a secure storage solution that can be used independently or in conjunction with other solutions to restore cryptographic keys. However, it's important to note that users should always write down the seed phrase of their key for recovery purposes, and familiarize themselves with the technical choices made by their wallet.

Storing User Key

storing user key

Restoring User Keys

Restoring user keys

This solution to foster secure yet flexible key management has been on the drawing board at NOAH since our inception. Custody and management of keys is the key factor in Bitcoin wallets which requires heavy innovation by our industry.

Engineering Challenges

To wrap up, our relentless pursuit of security and user trust has led us to develop an innovative and secure mobile Bitcoin wallet using Nitro Enclave technology. However, we faced various engineering challenges along the way but ultimately were able to overcome them and deliver a solution that meets our goal.

We wanted to create a mobile Bitcoin wallet that keeps user funds safe and doesn't require trust in the wallet provider. To do this, we created an isolated environment using Nitro Enclave technology, which adds an extra layer of security to the user-provided PIN code. This isolated environment is highly restricted, can only be accessed through a virtual socket, and does not allow access to many machine resources or any data persistence.

First, we looked at technologies that provide isolated computing and found that Intel SGX or Nitro Enclave would be suitable for our solution. Initially, we were drawn to Intel SGX because its key is inherent to the CPU itself. However, we soon realized that this level of CPU isolation presented a significant security vulnerability. An attacker with access to the Enclave could attempt to brute force all PIN combinations without leaving a trace. Instead, we decided to leverage Nitro Enclave’s Key Management System for Decryption, which allows for more transparent monitoring of each PIN attempt on the Enclave level.

We also faced the challenge of enforcing the PIN attempt limit of User Keys without trusting the wallet provider. To solve this, we use the Key Management System to monitor each decrypt attempt, which allows us to verify an identifier of the specific User Key and prove successful PIN attempts. A separate organization can use this information to detect any breach of the PIN attempt limit by the wallet provider and automatically halt Enclave decryption.

Please be aware that: Cryptocurrencies are unregulated in the UK; Cryptocurrencies are not protected under Financial Ombudsman Service or Financial Services Compensation Scheme (FSCS); Profits may be subject to capital gains tax; The value of investments can go down as well as up.

Related Posts

Using Bitcoin with NOAH for African Remittances
Products
As the African diaspora turns to alternative methods to transfer funds, including cryptocurrencies, this article discusses the benefits of using Bitcoin and NOAH for remittances to Africa.
Privacy and Anonymity in Digital Age: Understanding Whirlpool
Learn
Learn about Whirlpool, a CoinJoin implementation that allows users to anonymize their BTC transactions and protect their financial privacy. Get all the details you need on Whirlpool's features here.
On-Chain vs. Off-Chain Transactions
Learn
Learn the difference between on-chain and off-chain transactions, why they’re used, and how you can use them to your advantage in day-to-day transactions.
The Global Money
App of the Future
Learn More
Follow us

Twitter

Discord

LinkedIn

Telegram

Instagram

Copyright © 2023 NOAH Savings (UK) Ltd. - Noah Savings UAB

Subscribe