Arism WalletArism Docs

Keystore Mechanisms

Theorem 1 - Private Factor definition

When a user registers an account by logging in Arism Wallet with a third-party provider (eg. Google) though OAuth for the first time, the wallet application (client) will generate randomly a Private Key σpriv\sigma_\text{priv} for the user.

σprivRGclient\sigma_\text{priv} \overset{{\scriptscriptstyle{\text{R}}}}{\leftarrow}\mathbb{G} \mid \text{client}

User can also provide their existed Private Key to the client for preventing this random generation process.

Private Factor Φpriv\Phi_\text{priv} is the point located on the y-axis in the Cartesian coordinate system whose the height is Private Key value.

Φpriv=(0,σpriv)\Phi_\text{priv} = (0, \sigma_\text{priv})

Theorem 2 - Network Factor definition

Then the Mainnet will execute Distributed Secret Sharing (DSS) to take care of creating a Network Key σnet\sigma_\text{net} for the user which determined by the user's OAuth Token.

σnetDSS(oauth_token)network\sigma_\text{net} \leftarrow \text{DSS(\texttt{oauth\_token})} \mid \text{network}

Combine it with x=1x = 1, we have Network Factor Φnet\Phi_\text{net} as a point in the Cartesian coordinate system, which is represented as below.

Φnet=(1,σnet)\Phi_\text{net} = (1, \sigma_\text{net})

Theorem 3 - Shamir's Secret Sharing (SSS)

With those two points, we can establish a unique straight line (i.e a first degree equation) on the Cartesian coordinate system using Lagrange interpolation. This is called Factor's Polynomial fΦf_\Phi.

The process of creating the Factor's Polynomial is called Shamir's Secret Sharing (SSS).

fΦSSS(Φpriv,Φnet)clientf_\Phi \leftarrow \text{SSS}(\Phi_\text{priv}, \Phi_\text{net}) \mid \text{client}

Theorem 4 - Device Factor definition

Once having the Factor's Polynomial, we will get a third key called Device Key by retrieving the value of the polynomial where x=2x = 2. This Key is stored in user's device (browser)

σdevfΦ(x=2)client\sigma_\text{dev} \leftarrow f_\Phi(x = 2) \mid \text{client}

This pair of values will form a point we will call the Device Factor.

Φdev=(2,σdev)\Phi_\text{dev} = (2, \sigma_\text{dev})

Theorem 5 - Recovery Factor definition

User can optionally turn on the Multi-Factor Authentication (MFA) feature, this is a recommended feature because if it is turned on, user will be able to log in on a new device, just need the correct password.

Therefore, there is an additional Key which is basically derived from the password and the Factor's Polynomial. In which, the x-value of the Recovery Factor is the hashed value of the user's password.

xrecHash(password)client\text{x}_\text{rec} \leftarrow \text{Hash}(\texttt{password}) \mid \text{client}

Then, we can get the y-value of the Recovery Factor (i.e the Recovery Key) by substituting the Factor's Polynomial with the x-value.

σrecfΦ(x=xrec)client\sigma_\text{rec} \leftarrow f_\Phi\left(x = \text{x}_\text{rec}\right) \mid \text{client}

We will have the Recovery Factor as a point in the Cartesian coordinate system.

Φrec=(xrec,σrec)\Phi_\text{rec} = \left(\text{x}_\text{rec}, \sigma_\text{rec}\right)

The value xrecx_\text{rec} will be stored in to our Metadata Storage for the purpose of combining with the user's password to recreate the Recovery Factor when needed. Obviously this doesn't need security because only this x-value alone can't cause any vulnerability to the system.

Theorem 6 - Multi-key generation

With the same idea to how Recovery Key is generated, user can generate as many keys as they want, called Child Keys (or child wallets). When generating a new key, the client will generate randomly a new Private Key.

xprivRGclient\text{x}_\text{priv}' \overset{{\scriptscriptstyle{\text{R}}}}{\leftarrow}\mathbb{G} \mid \text{client}

The Child Key can be derived by substituting the Factor's Polynomial with the x-value.

σprivfΦ(x=xpriv)client\sigma_\text{priv}' \leftarrow f_\Phi\left(x = \text{x}_\text{priv}'\right) \mid \text{client}

The values xpriv\text{x}_\text{priv}' will be stored in to our Metadata Storage for the purpose of combining with the Factor's Polynomial to derive all the Child Keys σpriv\sigma_\text{priv}' when needed.

Theorem 7 - Private Key derivation theshold

Overall, whenever user logs in, there is only 2/3 Factors needed to be provided: Network Factor, Device Factor and Recovery Factor (if MFA is turned on).

  • Case 1: Sign in via OAuth (Network Factor) on the original device (Device Factor)
  • Case 2: Sign in via OAuth (Network Factor) with password (Recovery Factor)
  • Case 3: Sign on the original device (Device Factor) with password (Recovery Factor)

In which, case 2 and case 3 are only available when MFA is turned on.

Which 2/3 Factors, user can reconstruct the Factor's Polynomial by using Lagrange interpolation. The Private Key can be derived by intersecting the polynomial with the y-axis (where x=0x = 0).

σprivfΦ(x=0)client\sigma_\text{priv} \leftarrow f_\Phi(x = 0) \mid \text{client}

To deal with Child Keys, user must make a request to our Metadata Storage to all the x-values of the Child Keys. Then all the Child Keys can be derived by substituting the Factor's Polynomial with those x-values.