7.2 Non-custodial Key Management

As part of our goal of financial inclusion and enablement of abundance through blockchain technology, there has typically been a technology gap which has excluded those who are not technically proficient or well versed enough in the use and management of private keys. As a result, we created a hybrid non-custodial key management solution to enable users to access their accounts and wallets with only a username and password, while still allowing for traditional account recovery via a forgot or reset password flow.


The account creating process is simple, the user either locally generates a wallet or connects their own Celo-compatible browser extension wallet such as Metamask or Portis. The user then chooses a third-party to play the role of Guardian in the event of account recovery.

Network accounts consists of a 2 of 3 multi-signature wallet

Network Cosigner

  • Responsible for confirming relayed transactions

  • Operated by the network

Client Wallet

  • Can be self-custodied or keys stored via an encrypted keystore.

  • Operated and only accessible by the owner of the wallet.

  • Used to add new transactions to the multisig to be cosigned by the network operator.

Guardian Wallet

  • Operated by third party custodial service

  • Responsible for recovery if a member loses control or access of their client wallet

  • Incentivized by network to offer guardian service to custody partial keys on behalf of the user


Signing transactions are also simple, the user signs a transaction with their client wallet keys and asks the Network Cosigner to the cosign and confirm the transaction.


** **If a user loses access to their client wallet, they will generate or connect a new wallet.

After it’s generated, the user sends a request to their Guardian to call the replaceOwner function in order to swap the old client wallet address with a newly generated client wallet. Afterwards, the guardian asks the Cosigner to confirm the replaceOwner transaction.

Last updated