NOAH's Disaster Recovery
NOAH’s goal is to provide an easy-to-use, non-custodial solution for managing crypto assets. We've spent considerable time thinking about how best to achieve that goal, and this blog introduces one of our solutions - disaster recovery. However, it's important to note that this feature is currently in development and is not yet accessible. We anticipate the full implementation to be available later this year.
This is the last in a series of four blogs where we've discussed the workings of the NOAH wallet. We've looked at how NOAH uses both Ephemeral Key Cryptography (EKC) and Multi-Party Computation (MPC) to provide a non-custodial wallet where, under ordinary circumstances, only you, the customer, can approve transfers from your wallet to external addresses.
Additionally, we explored how EKC and server-side MPC simplify wallet security for our community members new to Bitcoin or the topic of self-custody. In the future, we'll introduce more sovereign options as our community grows confident in managing their key shards and mnemonic phrases.
In this blog, we'll detail the exceptional circumstance where another entity can authorize the transfer of assets to external addresses — namely, the Disaster Recovery Service.
Why Do We Need Disaster Recovery?
Some might balk at having another entity that could, in theory, access their funds. However, the Disaster Recovery Service is an essential part of any non-custodial wallet app seeking to provide advantages in terms of security and usability.
If NOAH were simply an open-source Bitcoin wallet, it wouldn't require any special disaster recovery capabilities aside from offering to backing up your mnemonic phrase for you. But NOAH is not a simple wallet app; NOAH is the money app of the future. So instead, NOAH is an integrated suite of products and services that make it easy for our community to get started with Bitcoin, with plans on offering recurring payments, bill payments, and more.
The convenience that NOAH offers requires a certain balance of security and usability. On the one hand, we want to make it as easy as possible for our customers to get started with Bitcoin. On the other hand, we don't want to compromise on security by, for example, storing customer private keys in our servers. Still, to provide these services, we need some way to recover customer funds after black swan events, backup phrase loss, or other unforeseen disasters. To do so, we depend on our partners to help provide these services to our customers.
Bitcoin stalwarts understand that introducing other entities into the mix exposes users to service failure risk. However, this risk is low compared to losing access to your entire Bitcoin balance. Therefore, we believe that the risk is low enough that it is worth offering these services to our customers, as they are essential to our mission of making Bitcoin easy to use for everyone.
What is a Disaster?We define a disaster as any event that forces the permanent discontinuation of service. Although disaster events can be natural or artificial — for example, a flood or war — the important thing is that the magnitude of the event may be significant enough to force the permanent discontinuation of NOAH's services. Even if an event starts as a temporary disruption, we acknowledge a non-zero probability that the event could escalate into something more severe.
How Does NOAH Protect Itself From Disasters?
We take Disaster Recovery (DR) and Business Continuity (BC) seriously. DR and BC concerns inform all aspects of our decision-making. From hiring, partner selection, technology choices, and more — we are constantly thinking about how to make NOAH as resilient as possible to disasters. We operate under the assumption that risks are inherent in any service and that we must do everything possible to minimize those risks.
In simple terms, NOAH aims to distribute its people, processes, and technology globally and attempts to ensure that we have no single point of failure anywhere in our organization. So, for example, we ensure that we separate our partners geographically so that a problem in one region does not take down our service in another. We also have multiple layers of redundancy built into our systems so that if one component fails, a backup is always available.
The same is true for our technology. NOAH's cloud infrastructure is deployed worldwide to multiple availability zones (data centers). If a data center in Europe experiences service disruption, we can maintain business continuity by using cloud infrastructure in other regions worldwide.
Regarding internal processes or services our partners provide, we do our due diligence to ensure our partners have been as careful with their DR and BC capabilities as we have. While we rely on automated business processes across every organizational unit, our team knows every detail of our systems and can quickly take manual action when needed.
Through these preventive measures, we minimize the probability of any event forcing permanent discontinuation in service; however, we must acknowledge that there will always be a non-zero risk of such an event occurring, so we have prepared for it. By preparing for the worst, we put ourselves — and you — in the best position to weather any storm.
How Does NOAH Protect Me In the Event of a Disaster?
If a disaster event occurs, a sequence of events will ultimately disburse assets to our customers' self-custodial addresses. The series of events is as follows:
- Authorized NOAH personnel declare a disaster and notify our customers, regulators, service providers, and Disaster Recovery Service Provider (DRSP).
- NOAH personnel identify themselves using video conferencing or in-person to the DRSP.
- After the DRSP verifies NOAH personnel, the DRSP releases NOAH's encrypted Extended Hierarchical Private Key (EHPK) to NOAH.
- NOAH personnel decrypt the EHPK and, using a backup of NOAH's ledger, run an application that begins to sign on-chain transfers of customers' assets back to self-custodial addresses provided by the customer for each asset type.
This is the extenuating circumstance where someone other than you, the customer, can authorize the transfer of assets to external addresses. This process is carefully controlled between NOAH and the DRSP, with dress rehearsals conducted annually to ensure all actors remain confident in their ability to execute it securely. Ultimately, assets can only be disbursed back to customer self-custody.
As a NOAH customer, you must ensure that you provide NOAH with a self-custodial address that we can use in the event of a disaster. Furthermore, we stress you choose the correct address wherein you control the private keys, as we will not be able to recover lost assets due to an incorrect or non-existent customer address.
There will be quests in the NOAH app to help you set up your self-custodial disaster recovery address, and in due course, NOAH will even provide a self-custodial wallet that you can use (coming soon).