Content pfp
Content
@
0 reply
0 recast
0 reaction
Stephan pfp
Stephan
@stephancill
Where is the private key for warpcast wallet stored? cc @horsefacts.eth @v
10 replies
4 recasts
44 reactions
Tony D’Addeo pfp
Tony D’Addeo
@deodad
private key is shamir sharded on your device into 3 shards, any 2 of which can reconstruct the PK 1 shard remains on the device 1 shard is encrypted by a key that warpcast holds (recovery shard) 1 shard is encrypted by a key that Privy holds (auth shard) all encryption also happens on your client effectively the recovery and auth shards are both accessible by your custody address but via authing with two separate service providers it’d take two separate breaches of warpcast and privy to compromise key material the reasons for doing this instead of simple EOA are 1) users won’t lose access to their funds bc it inherits the Farcaster recovery system since 2/3 can be accessed via SIWF (all without needing the user to backup anything themselves) 2) users can seamlessly access their wallet on any device (i.e. web) without needing to manually move a seed phase around in a reasonably secure way
7 replies
6 recasts
50 reactions
Tony D’Addeo pfp
Tony D’Addeo
@deodad
there are certainly trade offs to this approach and we considered a few others, mainly simple EOA and 4337 w signers but this one had the best UX / security trade offs in our mind there will be power users who don’t want to use it and that’s ok, we want to keep doubling down on MWP anyway so users have maximum flexibility
2 replies
0 recast
21 reactions
Sinaver pfp
Sinaver
@sinaver.eth
so in a nutshell it's a privy embedded wallet with custom recovery provider (Warpcast), right?
1 reply
0 recast
13 reactions
df pfp
df
@df
interesting... is this considered custodial given the 2/3 shards on backends can reconstruct the key?
1 reply
0 recast
1 reaction
GIGAMΞSH pfp
GIGAMΞSH
@gigamesh
Thanks for the info. 🙏 I’m wondering about this part: “it’d take two separate breaches of warp-cast and privy to compromise key material“ Would the breaches have to be at the individual user level or are there master keys within either company that can expose all the shards? 😅
1 reply
0 recast
4 reactions
Stephan pfp
Stephan
@stephancill
Very cool, thanks for sharing!
0 reply
0 recast
2 reactions
downshift pfp
downshift
@downshift.eth
🐐
0 reply
0 recast
0 reaction
Serg 🎩🔵⛓️✈️ pfp
Serg 🎩🔵⛓️✈️
@serg
You use privy?
0 reply
0 recast
0 reaction