Skip to content

Key Management

Each Sequence wallet can be controlled by multiple private keys, acting like a multisignature wallet. Users can either create a Sequence wallet using one of the supported social login options or create a wallet with a private key stored only on that device.

The improved security compared to traditional blockchain wallet comes from the fact that multiple independent keys need to be compromised for a malicious actor to take control of a user’s wallet, instead of a single key. The philosophy is that the more independent private-keys the user adds to their wallet, the more secure their wallet becomes, even if each individual key is only moderately secure on their own.

Social Login Wallets

Sequence Wallet created with social logins are currently secured using three private keys: Session keys, a Guard key and a Torus key. The Session key and Torus key are both generated for the first time when a user creates their Sequence Wallet via social login or email authentication. At least two of the three keys are needed to unlock an account. This means that if one of the three keys is lost or compromised, a user can use the two remaining keys to replace the lost/compromised key. For example, if a user lost their device containing their Session Key, they can unlock their Sequence Wallet account by email or social login for the Torus key combined with the Guard key. Once done, another session key is auto-generated and the user is back in their account with all 3 keys accessible again.

Session Keys

Session keys are stored in the browser's IndexedDB. Users should be prudent in safeguarding their devices from unauthorized access since an attacker with access to their IndexedDB effectively has control of their session key.

Guard Key

A Guard key is a key owned by Horizon. This key allows Horizon to help users that lost their Session key and can require additional information from the user in case of suspicious activity, if the user wants this additional protection. This key would be compromised if a malicious actor took control over Horizon servers hosting the Guard key.

Torus Key

A Torus key is a key generated by the Torus network, and is generated using a user’s email or social login credentials such as Google or AppleID. Torus uses threshold cryptography to ensure that only the user can access their private key, making these keys non-custodial. A Torus key would be compromised if a malicious actor had control over the social account or email a user used to generate their Torus key. All Torus keys could be compromised if the Torus network itself was compromised.

:::info DEFAULTS + CUSTOMIZATION

While this is the default setup for new Sequence Wallets, we intend to add the ability for users to add, remove and replace the keys controlling their wallet such that users can choose their preference in terms of security and user experience tradeoff. Even the Guard key will be able to be removed. Security tips and recommendations will be added to ensure users are well informed of the risks and how to protect themselves against them.

:::