Kleidi Wallet

Kleidi is a self-custody contract for users with high security requirements. It significantly minimizes the attack surfaces that could lead to loss of funds due to hacks, scams, or threats of physical violence. Let's break down how we achieve the goal of preventing theft from different threats.

Wallet Threat Modeling

Over time, hackers have developed increasingly complex techniques to steal cryptocurrency. These methods include but are not limited to:

• Phishing
• Frontend supply chain attacks
• DNS Hijacking
• Compromised hardware
• Hardware bridge compromise

Compromising any piece of the supply chain puts users at risk of losing funds. Simulating transactions locally is not enough as a well-resourced attacker could change the calldata that is sent to the hardware device to a different transaction than what was simulated locally. Checks at any layer of the stack above the chain itself can be defeated by a sophisticated attacker. Therefore, users need on-chain guarantees that the transactions they sign conform to predefined and pre-approved behaviors. This way, even if the higher levels of the stack are compromised, their policies are still enforced.

10,000 Foot View

The main benefit of Kleidi is its transaction policies and signer groups. Signers exist in one of two groups, hot or cold signers. Cold signers are the wallet administrators and are responsible for adding and removing the hot signers, DeFi protocols and changing other system settings.

Hot signers can only execute predefined behaviors. If a hot signer signs malicious calldata, it will simply be filtered out on-chain. There is no malicious calldata a hot signer could sign that would result in loss of funds, if the timelock is properly configured. Users select protocols they would like to support, and these are added to the allowed transaction policies on-chain.

Even if all components of the transaction supply chain are compromised, funds cannot be stolen if the policy engine is properly configured. This means that a hot signer can only send transactions that conform to the policy engine. This is a major benefit for the user, whose funds remain safe even after accidentally signing malicious calldata on a compromised computer.

Time Delays

Cryptocurrency presents unique security challenges to its holders. Transactions are instant and irreversible, which makes large holders targets for criminals. A time delay on all fund transfers prevents unauthorized transactions from being executed immediately. Any proposed transaction can be canceled before execution, giving a user under duress time to stop a malicious transaction.

For example, if a user is forced to sign a transaction while under duress but can escape before the transaction is executed, they can avoid loss of funds by canceling it. Users can choose a timelock duration between 1 and 30 days. The longer the timelock, the longer both malicious and legitimate transactions wait before becoming executable. Users with higher security requirements will likely choose longer timelock durations and vice versa for users with lower security requirements.

Social Recovery

Users often forget passwords or lose keys, this can lead to loss of funds. With social recovery, trusted individuals or groups can recover a user's wallet on their behalf without their signing keys. If the social recovery signers collude against the user, the user can stop the social recovery from occurring by removing that contract's ability to recover funds.

Guardian Mechanism

In addition to time delays, Kleidi introduces a guardian mechanism to enhance user safety. The guardian is a predefined contract or entity that monitors transactions going through the timelock. If a transaction is initiated, the guardian can require the user to perform a secret verification step, such as entering a PIN or answering a security question. Failure to complete this step within a specified time frame can trigger an automatic alert to the guardian, which could be a trusted friend, family member, or even law enforcement agencies. This mechanism ensures that if a user is under duress and unable to respond appropriately, immediate actions can be taken to prevent the unauthorized transfer of assets.

Policy Engine

At the heart of Kleidi's security model is its policy engine. Users define a set of transaction policies that specify which protocol actions are permissible for the hot signers. These policies are stored on-chain and enforced at the contract level, ensuring that any transaction that doesn't comply is automatically rejected.

Policies can include:

• Allowed destinations: Specifying which addresses funds can be sent to.
• Permitted DeFi protocols: Allowing interactions only with approved smart contracts.

For example, a user might set a policy that only allows transactions up to a certain amount per day or restrict interactions to specific smart contracts.

Comparison with Other Wallets

Unlike traditional wallets that make assumptions about the security of the user's device and the transaction supply chain, Kleidi provides on-chain enforcement of security policies. While hardware wallets protect private keys, they can still sign malicious calldata. Kleidi's policy engine adds an additional layer of security by ensuring that only transactions adhering to the user's predefined policies are executed. This sets Kleidi apart from other solutions, offering a comprehensive approach to self-custody and asset protection.

Conclusion

In an environment where security threats are constantly evolving, Kleidi provides users with unparalleled protection for their digital assets. By combining on-chain policy enforcement, time delays, social recovery, and an intuitive user experience, Kleidi addresses challenges faced by cryptocurrency holders today. Users no longer have to choose between self-custody and security as Kleidi offers both.

We invite you to join us in redefining self-custody.

Join our waitlist for exclusive updates and early access: https://www.kleidi.io/waitlist