Metafi Docs
Developer PortalMore Docs ⏷About Us ⏷Help & Resources ⏷
  • 👋Welcome to Metafi!
  • 🎉About
    • Overview
    • Concepts Overview
      • Login Mechanisms
      • Wallet Key Management - General Overview
      • Wallet Key Management - Tech Overview
    • Self-Hosting Shares
Powered by GitBook
On this page
  1. About
  2. Concepts Overview

Wallet Key Management - Tech Overview

PreviousWallet Key Management - General OverviewNextSelf-Hosting Shares

Last updated 2 years ago

Once a user creates an account using Metafi Login or your custom signup flow, a wallet (BIP39 seed phrase) is generated on the user device for each of the chains supported by your game. We then generate a 128-bit random ID (encKey) which is used to encrypt each wallet. We use the AES-256-CTR standard for all of our encryption.

This encKey is then split into 3 shares using . We implement a 2/3 threshold scheme, where we need any 2 out of 3 shares to successfully recover the encKey. Two shares are then sent to the backend (ms and cs), and the third share is saved in the user's device (us).

The ms and cs shares are encrypted and secured via . You have the option of storing one of the shares (cs) on your own backend, which can be done by setting URLs to store and fetch the cs share as outlined .

Once a user verifies their identity by logging in, we return the ms share to the user, which is combined with the us share on the users device to recover the encKey. This encKey is then used to decrypt the wallets, and the user can then continue with making transactions.

We are working on adding additional modes of recovery in the future such as security questions and downloading a recovery key. Please reach out to us via our if you have any questions.

🎉
Shamir's Secret Sharing algorithm
AWS hardware security modules
here
Discord