7.2 Non-custodial Key Management

As part of our goal of financial inclusion and enablement of abundance through blockchain technology, there has typically been a technology gap which has excluded those who are not technically proficient or well versed enough in the use and management of private keys. As a result, we created a hybrid non-custodial key management solution to enable users to access their accounts and wallets with only a username and password, while still allowing for traditional account recovery via a forgot or reset password flow.

---

Accounts

The account creating process is simple, the user either locally generates a wallet or connects their own Celo-compatible browser extension wallet such as Metamask or Portis. The user then chooses a third-party to play the role of Guardian in the event of account recovery.

Network accounts consists of a 2 of 3 multi-signature wallet

Network Cosigner

• Responsible for confirming relayed transactions

• Operated by the network

Client Wallet

• Can be self-custodied or keys stored via an encrypted keystore.

• Operated and only accessible by the owner of the wallet.

• Used to add new transactions to the multisig to be cosigned by the network operator.

Guardian Wallet

• Operated by third party custodial service

• Responsible for recovery if a member loses control or access of their client wallet

• Incentivized by network to offer guardian service to custody partial keys on behalf of the user

Transactions

Signing transactions are also simple, the user signs a transaction with their client wallet keys and asks the Network Cosigner to the cosign and confirm the transaction.

Recovery

** **If a user loses access to their client wallet, they will generate or connect a new wallet.

After it’s generated, the user sends a request to their Guardian to call the replaceOwner function in order to swap the old client wallet address with a newly generated client wallet. Afterwards, the guardian asks the Cosigner to confirm the replaceOwner transaction.