02 February 2023

NOAH Key Enclave: A Fortress for Your Bitcoin Wallet Keys

We’re excited about Key Enclave technology for secure key storage in mobile Bitcoin wallets. However, it’s important to keep in mind that our Key Enclave technology is still in the development stage and is not yet available for use. We look forward to the full implementation of self-custody key storage later this year.

Engineering
Advanced
Share
NOAH Key Enclave: A Fortress for Your Bitcoin Wallet Keys

    Index

    Key Enclave
    Utilizing Enclave
    Engineering Challenges

Key Enclave

At NOAH, we understand the importance of keeping your keys safe and secure, which is why we've worked tirelessly to provide the next billion people with the perfect combination of security, usability, and trustlessness.

Mobile Bitcoin wallets often store users' keys on mobile devices, which are then encrypted in cloud drives. With Key Enclave, users can protect their keys even more securely and eliminates the need for manual key entry on another device. However, it is recommended for users to still write down their seedphrase for emergency recovery purposes, such as if they forget their PIN. Key Enclave allows easy key recovery across devices using a PIN and provides an additional layer of security.

Key Enclave is a key storage solution that allows the NOAH wallet to restore keys that Key Enclave can only decrypt for a user that has their PIN code or using biometric authentication. Even though NOAH provides Key Enclave, it puts the user in complete control because it utilizes an isolated compute environment called Nitro Enclave. This ensures that the specific Key Enclave program is attested and is solely able to decrypt user keys. Any intrusion by NOAH, or any other entity, to modify the Key Enclave to leak key data would make the modified Enclave unable to decrypt keys.

In short, Key Enclave is like a fortress for your keys, with a moat of biometric authentication and a drawbridge of PIN codes.

Utilizing Enclave

Key Enclave technology is particularly useful for keys that are protected with a simple PIN code. Storing keys that are encrypted with a PIN code in cloud storage would not be secure, as an attacker could simply try each PIN combination to decrypt the key. With Key Enclave, the user's key is strongly encrypted, and knowledge of the PIN is required for the Enclave to decrypt the key.

NOAH wallet leverages Key Enclave technology to store key material, providing flexible options for key restoration in both Non-Custody and Self-Custody wallet scenarios. At its core, Key Enclave is a secure storage solution that can be used independently or in conjunction with other solutions to restore cryptographic keys. However, it's important to note that users should always write down the seed phrase of their key for recovery purposes, and familiarize themselves with the technical choices made by their wallet.

Storing User Key

storing user key

Restoring User Keys

Restoring user keys

This solution to foster secure yet flexible key management has been on the drawing board at NOAH since our inception. Custody and management of keys is the key factor in Bitcoin wallets which requires heavy innovation by our industry.

Engineering Challenges

To wrap up, our relentless pursuit of security and user trust has led us to develop an innovative and secure mobile Bitcoin wallet using Nitro Enclave technology. However, we faced various engineering challenges along the way but ultimately were able to overcome them and deliver a solution that meets our goal.

We wanted to create a mobile Bitcoin wallet that keeps user funds safe and doesn't require trust in the wallet provider. To do this, we created an isolated environment using Nitro Enclave technology, which adds an extra layer of security to the user-provided PIN code. This isolated environment is highly restricted, can only be accessed through a virtual socket, and does not allow access to many machine resources or any data persistence.

First, we looked at technologies that provide isolated computing and found that Intel SGX or Nitro Enclave would be suitable for our solution. Initially, we were drawn to Intel SGX because its key is inherent to the CPU itself. However, we soon realized that this level of CPU isolation presented a significant security vulnerability. An attacker with access to the Enclave could attempt to brute force all PIN combinations without leaving a trace. Instead, we decided to leverage Nitro Enclave’s Key Management System for Decryption, which allows for more transparent monitoring of each PIN attempt on the Enclave level.

We also faced the challenge of enforcing the PIN attempt limit of User Keys without trusting the wallet provider. To solve this, we use the Key Management System to monitor each decrypt attempt, which allows us to verify an identifier of the specific User Key and prove successful PIN attempts. A separate organization can use this information to detect any breach of the PIN attempt limit by the wallet provider and automatically halt Enclave decryption.

Please be aware that: Cryptocurrencies are unregulated in the UK; Cryptocurrencies are not protected under Financial Ombudsman Service or Financial Services Compensation Scheme (FSCS); Profits may be subject to capital gains tax; The value of investments can go down as well as up.

Related Posts

Using Bitcoin with NOAH for African Remittances
Products
As the African diaspora turns to alternative methods to transfer funds, including cryptocurrencies, this article discusses the benefits of using Bitcoin and NOAH for remittances to Africa.
Biometric Security: A Deep Dive into Passwordless Authentication and NOAH's Approach
Products
Explore the future of digital security with NOAH's groundbreaking biometric authentication on Progressive Web Applications (PWA). This comprehensive overview guides you through the power of WebAuthn, the benefits of passwordless authentication, and how NOAH is revolutionizing user experience and security across mobile and desktop platforms.
NOAH Business: Transforming Cross-Border Payments with Advanced Payment Infrastructure
News
NOAH Business: Revolutionizing cross-border payments with cutting-edge technology and real-time settlements. Discover their innovative approach in this case study.
Global Payments.
Made simple.
Subscribe
NOAH needs the contact information you provide to us to contact you about our products and services. You may unsubscribe from these communications at any time. For information on how to unsubscribe, as well as our privacy practices and commitment to protecting your privacy, please review our Privacy Policy.
Follow us

Twitter

Discord

LinkedIn

Telegram

Instagram

Copyright © 2024 NOAH Savings (UK) Ltd. - Noah Savings UAB