pull down to refresh
Some additional information:
Vaults on XYZVault use our private Bitcoin node, address and transaction lookups are routed through a blind proxy.
Your browser derives addresses locally, then sends lookup requests to the proxy. The proxy forwards those requests to XYZVault’s private Bitcoin node, but it does not log request data, and the node does not receive account context. That means XYZVault may transiently handle address or transaction queries, but we are not able to tie those queries back to a specific user or vault.
This is different from storing wallet data. XYZVault does not store your addresses, balances, or transaction history. Those are derived and computed client-side each time the vault loads. The proxy only exists so users can query chain data without relying on third-party public APIs.
This is helpful.
And you got to exactly what I was worried about: if my descriptor is encrypted, I need to treat the passphrase/key for that encryption like another key in my multisig, because without it, none of us are going to be able to move my coins.
However, I think your model does have something that is interesting: assuming that I have a separate copy of the descriptor that I can backup on my own, having an encrypted version that lives elsewhere is very handy. Tying it to a set spending policies I determine is even cooler.
You may already be doing this, but what would be really cool is if the passphrase that encrypted the data in the enclave was derived from both the keys to the multisig that I keep so that I could use either one to decrypt the data.
Currently, there is no account recovery path. Your encryption key is derived from your passphrase, and neither is ever transmitted to or stored by the platform. If you lose your passphrase, we cannot recover your account or decrypt your vault data.
That said, you've raised a good idea. This could be an opt-in feature which will allow the user to enroll their hardware devices as recovery keys.
I think there's a bip (BIP 138) that is doing something like this.
I readen lot of documentation and spend hours on understanding these bip 138 concepts but they are pure technical term that a casual user like me won't understand however 30 CC for the link
Good question. No, the platform key alone cannot reveal your transactions.
To track a wallet, you need the descriptor/xpubs that identify which addresses belong to it. In XYZVault, those are encrypted in your browser before upload. We use Argon2id to derive a master key from your passphrase, then HKDF to derive an authKey and encKey. The authKey is hashed and stored for authentication, while the encKey never leaves your browser.
Your descriptor, xpubs, labels, policies, and vault configuration are encrypted with AES-256-GCM before reaching our servers. Every encrypted blob is also bound with AAD, preventing ciphertext from being transplanted between accounts.
The service key itself lives inside an AWS Nitro Enclave. While we cannot extract the key from the enclave, it's important to understand the trust model: the enclave protects secrets from attackers, not from the code running inside it.
The same assumption exists with hardware wallets. A secure element chip protects a private key from extraction, but it still executes firmware written by the manufacturer. If a vendor intentionally shipped firmware that leaked keys, the secure element would do exactly that. The chip protects against extraction, not against the device creator instructing it to reveal secrets.
Likewise, the Nitro Enclave protects the service key from theft, but the reason we cannot see your balances or transactions is because the wallet metadata needed to identify your addresses is encrypted with an encKey that never leaves your browser.
Even in the hypothetical scenario where someone could extract information from the enclave, they would only obtain the platform's service key. They still would not have access to your encrypted vault data because the encKey required to decrypt it never leaves your browser and is never stored on our servers or in the enclave.