Lava Smart Key

At Lava, we believe that self-custody is at the core of Bitcoin's value proposition. When you control your keys, you truly own your Bitcoin and don't have to take on the risk of trusting a third party to secure your wealth. Our products offer the ability to securely and easily borrow against your Bitcoin without having to give up self-custody. This means that key management is of the utmost importance— your ability to access your funds depends on it.

Today we're introducing Lava Smart Key, a new innovation that enables secure, fault-tolerant, and user-friendly self-custody, ensuring that your funds are both safe from attackers and always accessible to you.

Historically, self-custody has been difficult. Users have had to manage dedicated hardware wallets and seed phrase backups that represent single points of failure. If your seed phrase is lost, stolen, or compromised, you lose access to your funds. It's estimated that more than $400 billion of self-custody Bitcoin losses have occurred, much of it due to compromised seed phrases. We set out to create a solution to this problem that's both more secure than seed phrases and more user friendly. The result is Lava Smart Key.

Lava Smart Key

When you use Lava, your funds are held in a Lava Vault; your Lava Smart Key controls access to that vault. Unlike a seed phrase, which consists of a one-part backup that can be easily compromised, Lava Smart Key splits that backup into two parts, each of which can be recovered separately. Both parts of your Lava Smart Key are needed to access your funds— if one or the other is compromised individually, the attacker won't have access and you'll still be able to regain full control.

The Lava Smart Key consists of two components:

1. Cloud Account

The first half of your Lava Smart Key is tied to your seed phrase. This is encrypted and stored in secure storage on iCloud or Google Drive.

2. Lava PIN

The second half your Lava Smart Key is tied to a separate encryption key that's unlocked by a four-digit PIN that you can set in the app. This encryption key is stored on a private key-server and can only be authenticated with your personal Lava PIN.

How It Works

Cloud Account

The first half of your Lava Smart Key consists of a seed phrase that is encrypted and stored on iCloud or Google Drive. Your Cloud Account comes automatically configured on your device and leverages Apple or Google's best-in-class security to store encrypted data in the cloud.

This means that your data can be recovered even if you lose your device or your device gets stolen— you'll simply sign into your account on a new device and access your data. If the attacker gains access to your Cloud Account, they still won't be able to access your Lava Vault without also knowing your Lava PIN. Apple and Google both allow you to designate an account recovery contact that can verify your identity and help you regain access to your account if you get locked out.

Lava PIN

The second half of your Lava Smart Key consists of a separate encryption key that's tied to your Lava PIN. This is a four-digit passcode that you can set (and change) within the app. The encryption key can only be authenticated with your Lava PIN.

If this passcode is stolen by an attacker, they still won't be able to access your Lava Vault, as they'd also need access to your Cloud Account. The private key server enforces rate-limiting, so an attacker cannot bypass it by brute force guessing attempts.

Finally, Lava allows you to set up delayed recovery for your Lava PIN using email or SMS. This will enable to you change your PIN after a 30-day time delay, throughout which you'll be notified of the change and will be able to protect your funds if the change wasn't from you. This allows for recovery even in the case that you forget your Lava PIN.

Setting Up Your Lava Smart Key

You can set up your Lava Smart Key directly within the Lava app.

1. Set up your Lava PIN

Navigate to the Security section within the Lava app settings, and start by creating your Lava PIN. You can also use this section to update your Lava PIN.

2. Set up your PIN Recovery Method

Within the Security section of your settings, you can enter your email or phone number to specify a method by which you can utilize the time-delayed Lava PIN recovery. If you forget your Lava PIN, this method will be used to contact you to notify you of the change and allow you to update the PIN after the time delay is complete.

3. Configure your Cloud Account

Your iCloud or Google Drive account comes automatically configured on your device, but you can verify your backup to ensure that your data is being stored.

Within the Security section, click "Verify Backup," enter your PIN, and you can check whether your encrypted data is safe.

4. Set your account recovery contact

Finally, you'll need to set your account recovery contact. This will allow you to regain access to your Cloud Account even if it is compromised. Select “Set Trusted Recovery Contacts” in the Security settings, which will redirect you to a way to set up these accounts through your cellular provider.

Recovery

To recap, let's go over the different scenarios that may occur and how Lava Smart Key keeps your funds safe and enables full recovery.

Lost Device

If you lose your device, you can log into your Cloud Account on a new device. Then you can use that, along with your Lava PIN, to regain access to your vault.

Stolen Device

If your device is stolen, the attacker may or may not gain access to your Cloud Account. To prevent this, activate biometric sign in for your device, and use a separate device PIN.

If the attacker is unable to access your Cloud Account, you'll be able to use the same recovery method that you'd use for a lost device. If the attacker does gain access to your Cloud Account, you can utilize your trusted recovery contact to regain access.

Lost Access to Cloud Account

If you lose access to your Cloud Account, you can use your trusted recovery contact to regain access to your data.

Forgotten Lava PIN

If you forget your Lava PIN, you can utilize Lava's PIN recovery method via email or SMS. This will trigger a 30-day time delay after which you'll be able to set a new Lava PIN.

Stolen Lava PIN

If your Lava PIN is stolen, the attacker won't be able to access your Lava Vault, as they won't have access to your Cloud Account.

You can access your vault (using both your Cloud Account and your Lava PIN) and update the PIN to a new four-digit passcode, neutralizing the attack.

FAQ

• Why not just use a seed phrase?

  Seed phrases are risky and represent a single point of failure. If your seed phrase is compromised, you lose access to your funds. Lava Smart Key is a two-part system that's more fault tolerant, safer, and provides easier recovery.

• Do I need a hardware device?

  Nope! Your phone already comes with a built-in hardware device called a secure enclave. We leverage this as part of Lava Smart Key. These secure enclaves are more battle-tested, secure, and audited than crypto-specific hardware devices. The secure enclave can be used to store private keys (and in some cases sign transactions), and they avoid some of the additional risks (such as supply chain attacks) of dedicated hardware devices.

• Who is this for, and who is it not for?

  Lava Smart Key is for people who don’t want to compromise on security for self-custody. It is not for people who prefer to use custodians.

• I have more questions. Can I talk to your team?

  Absolutely! We're here to help. Email us at concierge@lava.xyz to speak to a team member directly.

To get started, download the Lava App on iOS or Android today.