When most people think of a crypto wallet, they most likely think of a 12 word (or 24 word) seed phrase or logging into an exchange app. I’m going to briefly explain how this works and how you can do so much better than this on Chia.

The problem

When you create a new wallet, you are generating a 12 or 24 word seed phrase and (hopefully) backing it up somewhere safe in case you lose it. Then, it gets imported into the app to be used to find coins and sign transactions. There are various potential pitfalls with this approach.

First of all, if you lose the seed phrase, there’s no way to sign transactions to spend your coins, so they’re effectively lost forever. As such, it’s important to back up the key in a secure place where only you can find it.

However, that introduces the second problem, which is that if anyone ever gets access your seed phrase they could immediately spend all of your coins without restriction. For example, if someone compromises your device or finds a backup you have saved somewhere of your mnemonic, you could lose everything.

For storing relatively small amounts of assets that you use on a regular basis, the risks associated with a hot wallet like this can be acceptable. However, it’s not sufficient if you need to custody a lot of funds or have multiple people that can spend them.

Introducing vaults

A vault is what’s known as a “singleton”. Like an NFT, it will always create a single new instance of itself when spent. You can use a vault to solve the problems described previously.

Let’s break down how that works:

Normally, when you spend a coin you need to sign a message with your private key. This means the key needed to spend the coin is encoded within the coin itself. With a vault, you are essentially extracting the custody out of the coin and into a standalone singleton. The vault can “authorize” the spend of the other coins.

This means that you don’t need to spend all of the coins to change the way you custody them. For example, if you decide you want to change which key you’re keeping the coins in, you can simply update the vault and they will all be implicitly “owned” by the new key.

However, in this scenario you are still using a single key to control the coins, which isn’t much better than before. Fortunately, vaults are very flexible and there are many different puzzle pieces you can fit together to make a vault more secure.

Secp256k1 and secp256r1

Standard transactions on Chia use what is known as a BLS key. These have very useful properties, such as the ability to aggregate multiple signatures together to save space. However, BLS keys are not as widely supported as other cryptographic signature schemes such as SECP.

K1 is commonly used on other blockchains such as Bitcoin and Ethereum. So, you could in theory achieve a higher level of interoperability with other chains by using this curve inside of a vault.

However, the biggest advancement in security on Chia involves the R1 curve, which enables you to use isolated hardware to sign transactions on certain devices.

Here is a couple examples that use R1:

• Apple’s Secure Enclave, which is embedded silicon in modern iPhones that allows you to store keys that can only be used by unlocking the phone. Additionally, it shouldn’t be possible to extract keys from the Secure Enclave, which means you can be confident that only you have access to them.

• Passkeys (which can be used with the WebAuthn standard) allow you to securely store a key in your browser, device, or password manager. Signing is performed either on-device or by external FIDO security keys (e.g. Yubikey).

The Chia Signer app created by Chia Network Inc allows you to use your iPhone as a vault signer on the Cloud Wallet.

Multisig

With a vault, you can use an “M of N” multisig instead of a single key. This is implemented with merkle trees as an optimization in some cases so that not every spend path needs to be revealed on-chain if they aren’t being used. Here’s a few examples:

• You could allow 3 people to have access to a vault with a 1 of 3.

• With a 2 of 2, you can require two keys to always sign off on transactions.

• A 3 of 5 would allow the majority to agree on whether to do a transaction without needing unanimous approval.

This is pretty powerful since it allows you to decentralize the control a bit and prevent a single person from being able to spend all of the assets. It can help solve the “wrench attack” where a single person can be threatened into performing a transaction, since you require multiple people to sign off on it.

This gets a little into the weeds, but to expand on this further, you could in theory nest a multisig inside of another. For instance, if you want to require 3 of 4 people to do a transaction, but there’s a also separate pair of 2 that can do it instead. This would be a 1 of 2 with a 3 of 4 and a 2 of 2 inside of it.

Delayed recovery

With this advanced multisig setup, it’s more important than ever to make sure you don’t lose access to your funds even if you lose your phone, need to switch to a new one, or can no longer use a passkey.

With vaults, you can create a special “recovery key” that can be used to change the custody configuration of the vault if all else fails. However, you don’t want to give full control over the vault to this recovery key, especially if you’re using a multisig. Imagine if you have a 3 of 5 vault but one person uses the recovery key to take control.

To solve this, we use what’s known as “delayed recovery”. When you initiate a recovery of a vault, you can’t authorize spends for any of the coins. A time lock period for recovery (which is configurable beforehand) is kicked off. Using a watchtower service, each signer would get a notification that recovery has been initiated for the vault. They can then decide to cancel it (and remove the recovery key) or let it happen, until the time lock expires. Importantly, the new vault configuration has already been decided at the time of recovery being initiated, so you have confidence it will do what it says it’s going to do.

It’s worth noting that the recovery key is similar to the custody key in that you can configure it however you want. It could be a BLS key, passkey, or even a multisig.

In conclusion

With vaults on Chia, the doors are wide open to a future of better custody of digital assets. And combined with peer-to-peer offers, we’re able to have fully trustless and decentralized finance without sacrificing security.

Stay tuned for a more advanced deep dive into what you can do with vaults and how they interact with offers!