Lava Smart Key

Lava Smart Key

TLDR:

  1. Lava Smart Key unlocks secure self-custody, ensuring your funds are safe from attackers while always being accessible to you.

  2. For safety, Lava Smart Key eliminates any single attack vector that could lead to loss of funds. Instead of forcing you to backup your vault with a seedphrase that can be easily compromised or lost, Lava Smart Key enables you to create a 2-of-2 backup.

  3. For recovery, Lava Smart Key enables you to set custom recovery policies, ensuring that you can access your vault if you lose your device, device PIN, cloud password, cloud 2FA, Lava recovery PIN, or even if you lose all of the above at the same time.



Introducing Lava Smart Key, our latest innovation which unlocks secure self-custody, ensuring your funds are safe from attackers while always being accessible to you.


Although bitcoin unlocked the potential for self-sovereign finance, taking self-custody of bitcoin has so far been so difficult that even bitcoin’s earliest developers have failed to do it securely. At current prices, ~$400 billion dollars of bitcoin has been lost by inadequate self-custody setups, largely due to seedphrases.


So, we set out to redesign self-custody security from first principles. While doing that, we realized what we were trying to figure out was the answer to a fundamental question: what’s the best way to link you with your digital identity? Lava Smart Key reflects our answer, that your digital identity should be reflected by a combination of the devices you use, the information you remember, and the people you trust, and it enables you to secure your digital vault today and adapt it as things change for you in the future.


There are 2 aspects of self-custody security with Lava Smart Key: making sure your funds are safe from external attackers (safety) and making sure your funds are always accessible to you (recovery).


Safety:

Lava Smart Key eliminates any single attack vector that could lead to loss of funds. Instead of forcing you to backup your vault with a seedphrase that can be easily compromised or lost, Lava Smart Key enables you to create a 2-of-2 backup, where:


  1. Half is tied to your seed encrypted and stored in secure storage on iCloud or Google Drive.

  2. Half is tied to an encryption key stored on a private key-server which can only be authenticated via a user-defined 4-digit Lava recovery PIN. The key-server enforces rate-limiting to protect against brute-force attacks.


Compromising either half of your backup is difficult, and even if one half is compromised, fund loss wouldn’t occur. For day-to-day transactions, Lava has built-in safety checks to prevent transaction errors, uses your device's secure chips to keep your private keys safe, and enables you to set up multi-factor authentication before any action is taken.


Recovery:

Lava Smart Key enables you to set custom recovery policies, ensuring that you can access your vault if you lose your device, device PIN, cloud password, cloud 2FA, Lava recovery PIN, or even if you lose all of the above at the same time. Our solution emphasizes flexibility, allowing you to adapt your recovery policies as things change for you.


Dual-Layered Security:

The following graphic illustrates how Lava Smart Key breaks your vault backup into 2 parts, your cloud account and Lava recovery PIN. You need access to both to access your vault, and you can set different way to access each part:



FAQ:

How can I get started?

You can get started by downloading the Lava Vault on iOS or Android, or by visiting lava.xyz.

Who is this for, and who is it not for?

Lava Smart Key is for people who don’t want to compromise on security for self-custody. It is not for people who want to use custodians.


Why not just use seedphrases?

  1. Seedphrases aren’t safe:

    • All someone has to do is compromise your seedphrase, and you lose all your funds — a single point of failure.

    • It’s easy to fall susceptible to phishing attacks.

  2. Seedphrases aren’t sufficiently robust to facilitate recovery in extreme cases:

    • If you lose your seedphrase, or even the order of words in your seedphrase, you’re screwed.

  3. Seedphrases aren’t simple or flexible:

    • There have been so many seedphrase fund loss from errors you wouldn’t imagine people make (bad handwriting, throwing away their seedphrase).


Do I need to use a crypto-only hardware device like Ledger or Trezor to use Lava?

No, in fact, we don’t recommend crypto-only hardware devices because:

  1. Your phone is a better hardware device than a crypto-only hardware device. Crypto-only hardware devices, like Ledger or Trezor, have known vulnerabilities (look up how your seed can be retrieved from your Ledger or Trezor). Most phones have secure enclaves that can be used to store private keys (and some which can even be used for signing), and the secure enclaves on these phones are more battle-tested, audited, and known to be more secure than the crypto-only hardware devices. Lava uses the secure enclaves on your devices.

  2. Using any crypto-only hardware device opens you up to supply chain attacks which are easier to avoid if you use general devices like your iPhone. This is because there are many trusted avenues to buy a phone. Given phones are also general purpose devices, it’s less likely to be affected by a supply chain attack because its unclear if any one phone will be used for self-custody.

  3. Crypto-only hardware devices are inflexible. For example, none of them enable you to change your device PIN after initial set-up, so if your PIN is compromised, you have to replace your device.

  4. When using a crypto-only hardware device, you add another party you need to trust (aka another security failure point). For example, if you’re using a Ledger but running Ledger Live on your Macbook, you’re now trusting Apple and Ledger.

  5. We don’t have any incentive to not promote crypto-only hardware devices to you. In fact, we’d make more money if we did promote them to you since most of these device companies give us a royalty if we refer you to buy their devices. However, we believe the overwhelming evidence suggests that buying these devices is unnecessary.

  6. If despite all of the reasons above you still want to use a crypto-only hardware device, you still can. Email us, and we’ll send you a link to an app with your hardware device supported.


I’m concerned if I lost my phone that I’d lose access to my funds. What should I do if I’m worried about:

  1. Forgetting my Lava recovery PIN: You can set up delayed recovery for your Lava recovery PIN using email or SMS. This will enable you to change your PIN after a 30-day time-delay. The time-delay exists to protect against malicious change requests. You’ll be notified many times during the 30-day time-delay of the request and will be able to protect your funds if the request wasn’t from you.

  2. Accidentally deleting my cloud backup: Don’t worry. We store your data in your iCloud secure storage, so you don’t have to worry about this.

  3. Losing access to my cloud account: You can set a trusted recovery contact who can help you regain access to your cloud account.

  4. Having it be so my family can’t access my funds when I die: You can set up an inheritance plan. This feature is live, and if you need help setting this up, email us.

  5. Lava or iCloud/GDrive censoring me from recovering my funds if I lose my phone: We store no personal data, not even your phone number or email — so Lava can’t single you out individually. If you’re worried about iCloud or GDrive shutting down your account, you should make sure you’re using those services privately. Plus, you can always set up fully self-sovereign recovery where you don’t need to rely on any other service provider to recover your funds if you lose access to your phone. Email us to find out how.

  6. An attacker locking me out of being able to recover my funds if they have access to my device and device PIN: You can do a few things to protect yourself here. 1) Use a different Lava recovery PIN and device PIN. This is so that if you have set up withdrawal limits and whitelisted addresses in this situation, the attacker can’t change your Lava recovery PIN since it’s not the same as your device PIN. And you can recover your vault on another device and sweep funds to your whitelisted address. 2) Secure access to your cloud account by setting up stolen device protection, so that the attacker has to compromise biometrics to access your device. 3) Export your encrypted data stored in secure cloud storage, and store it elsewhere if you’re worried about being locked out of your cloud account. 4) In general, make sure to securely store your device and make sure your device PIN is not compromised.


I’m concerned someone might be able to compromise my funds. What should I do if I’m worried about:

  1. Someone compromising my Lava recovery PIN: The keyserver safeguards against brute-force attacks by rate-limiting and a 7-day lock after 10 failed attempts. And even if someone knew your Lava recovery PIN, they’d have to compromise your cloud account to access your vault. The benefit of our solution is that no single compromise leads to loss of funds.

  2. Someone physically accessing my device: If someone did this, they’d also need access to the device PIN or biometrics to access your funds. You can use the multi-vault functionality to set your default vault to be the one where only some funds are and have another vault where the majority of your funds are. If you are still worried that someone would compromise your biometrics or the device PIN, maybe by physically forcing you to give it up, you can set up withdrawal limits, whitelisted addresses, and/or an alternative form of 2FA that would require compromise of another physical location or person. This feature is in beta at the moment, so email us if you want access.

  3. Someone accessing my keys remotely through malware: We take advantage of the best security practices. We use the mobile device’s secure enclaves to store your private keys, so your wallet is protected even against the most sophisticated attackers. No device is fully resistant from malware (including even the most battle-tested crypto-only hardware wallets), but Apple and Google have spent billions in research to protect you from malware themselves. The security is only getting better, but you should still always be careful about the software you interact with through your phone. In addition, you can set up protection against leaked keys through the advanced vault scripting technology Lava is building. This feature is in beta at the moment, so email us if you want access.

  4. Using a compromised version of the Lava software: We take advantage of the best practices available to us to make sure each release we push is secure; we rigorously test each change and make sure no single individual from our team can push buggy software. There is trust you place on us though since we write the software you use, and you also place trust in the other companies whose products you interface with (ex. your phone manufacturer, chip manufacturer). What you can do is verify using a blockchain explorer that your funds are safe and be careful about the software you use. Turn off automatic upgrades. Install only when you know the deployed software is legitimate and verified by Lava. Make sure you’re accessing the Lava software from a listed distribution channel which can be found on our website. Remember, always be aware of phishing attacks and scammers.


What if I accidentally send funds to the wrong address?

If you send funds to the wrong address, there is no way to reverse the transaction. This is an important risk to keep in mind, especially when dealing with large sums of money. If you moved digital dollars, there is a possible path for you to reclaim your funds by working with the issuer. Contact us, and we’ll help you out.

  • How Lava helps you in general avoid this risk:

    1. Before sending money, the Lava wallet asks you to confirm that you want to send money to the address you have entered.

    2. Lava has also implemented safety checks to protect against certain transaction errors.


What if I paid for something, but then the merchant defrauded me?

Since bitcoin and digital dollar transactions are irreversible, there is a risk of fraud. If a seller receives payment in bitcoin or digital dollar and then fails to deliver the promised goods or services, the buyer (you) has very little recourse.

  • How Lava helps:

    1. Lava can’t do anything directly, but for big issues, you can work with legal authorities or digital dollar issuers. Let us know, and we’ll try our best to help.


Lava Smart Key is great, and I’m confident in the solution. But, can I still buy insurance in case something messes up?
Yes, email us to find out how.


Can I give you feedback or ask you to build something custom for me?
We believe our solution is universal, but if you think you need customization, contact us. We will make it work.


Can other wallets power themselves with Lava Smart Key?
Yes, simply contact us if you want to use our solution.


Contributors:

This article was written by Shehzan Maredia. Lava Smart Key was developed with contributions from the open-source community, including Photon, Apple, and Google.

Scan to Download

Download