Our multisignature key model

We have noticed a lot of buzz around our product so recently after our launch. Thank you all for your interest! There seems to be some confusion about our private key model, so we thought we would clarify how our system works.

The most common misconception that we have noticed is the idea that we control the majority of your private keys. This is not true.

As you may know, our system uses a 2-of-3 multisignature signing scheme for bitcoin transactions. The three bitcoin private keys are generated in separate locations, and are never exchanged over a network. The three keys are as follows:

1. A device private key which is generated on your Case, using a secure random number generator. Our dedicated cryptographic processor uses thermal noise to generate a random key. This key is generated once the Case is in your hands during first time setup, and never leaves the device. We do not ship any devices with pre-baked private keys.

2. A server private key is generated on our servers. Again, this key never leaves our servers, and is the only private key that we control.

3.a. The third private key is meant for recovery. We have a partnership with Third Key Solutions to provide an easy option for a recovery key. If your Case is lost or stolen, you can initiate a recovery process that includes rigorous protocols with strict operational procedures. The most important piece of this is that we are never given the recovery key. Instead, Third Key Solutions signs a “sweep transaction” when a recovery is initiated and it passes their internal sanity checks. More details to come on our process with Third Key Solutions in a future blog post!

3.b. For advanced users who wish to provide their own recovery key, it is still very simple to use. When you are setting up your device and you have selected the self-storage option for the third key, you will be prompted to scan an extended public key (xpub) via BIP-0032 that we will use to create multisignature addresses and redeem scripts. We never have access to your self-stored private key!

The disadvantage of storing your own recovery key is the responsibility that comes with it. If you lose your Case, we can provide you with a raw transaction for you to inspect and sign with the private key associated with the scanned public key. If you lose your self-stored private key and your Case at the same time, you no longer have 2 out of the 3 keys, and your funds are not recoverable!

Security is an enormous concern for us at Case, and we know it is for you too. This is why we have introduced an option for the extremely security-conscious to take a more active role in the security of their bitcoin. We hope this information gives you peace of mind, and look forward to hearing your feedback!

Our multisignature key model