Comment on page
7.2 Non-custodial Key Management
As part of our goal of financial inclusion and enablement of abundance through blockchain technology, there has typically been a technology gap which has excluded those who are not technically proficient or well versed enough in the use and management of private keys. As a result, we created a hybrid non-custodial key management solution to enable users to access their accounts and wallets with only a username and password, while still allowing for traditional account recovery via a forgot or reset password flow.
The account creating process is simple, the user either locally generates a wallet or connects their own Celo-compatible browser extension wallet such as Metamask or Portis. The user then chooses a third-party to play the role of Guardian in the event of account recovery.
Network accounts consists of a 2 of 3 multi-signature wallet
Network Cosigner
- Responsible for confirming relayed transactions
- Operated by the network
Client Wallet
- Can be self-custodied or keys stored via an encrypted keystore.
- Operated and only accessible by the owner of the wallet.
- Used to add new transactions to the multisig to be cosigned by the network operator.
Guardian Wallet
- Operated by third party custodial service
- Responsible for recovery if a member loses control or access of their client wallet
- Incentivized by network to offer guardian service to custody partial keys on behalf of the user
Signing transactions are also simple, the user signs a transaction with their client wallet keys and asks the Network Cosigner to the cosign and confirm the transaction.
** **If a user loses access to their client wallet, they will generate or connect a new wallet.
After it’s generated, the user sends a request to their Guardian to call the
replaceOwner
function in order to swap the old client wallet address with a newly generated client wallet. Afterwards, the guardian asks the Cosigner to confirm the replaceOwner
transaction.