Hexa is a non custodial bitcoin wallet application intended to improve the accessibility of bitcoin to the general public while maintaining the tenet of self sovereignty that bitcoin is built on.
Non Custodial Wallet
What is a Non Custodial Wallet
A non custodial wallet is one where the service provider (in this case Hexa) has absolutely no control over your (bitcoin) private keys. This is contrast to custodial wallets, whose function is very similar to bank apps where you don’t have direct control over your funds.
Why should one prefer a non Custodial Wallet
In a non custodial wallet, you control your private keys and nobody else. This means that no entity can deny access to you spending your bitcoin. Traditional custodial services can ban, deny or close your account with/without notification and this offers no legitimate advantage over current banking services. These exchanges and services are also prone to hacks (1, 2, 3), which may result in you losing your bitcoin without any action from your end.
How does the App work
What features does Hexa have
In the alpha release, Hexa primarily offers three features:
- Social recovery using Shamir’s Secret Sharing scheme
- Secure Wallet powered by a 2/3 multisig account
- Regular Account for spending funds on a daily basis
Hexa is built based on the principles of usability, security and self-sovereignty to ensure that people can
- Use bitcoin at ease
- Not worry about the security of exchange services
- Maintain and manage their own funds
What is Shamir's Secret Sharing?
At a high level, SSS or Shamir's Secret Sharing is an algorithm used to split shares into n parts of which m are needed to reconstruct the secret.
How is SSS useful
SSS is helpful because possessing an amount of shares lesser than the threshold specified during generation does not reveal any information about the secret. This can be used for secure recovery schemes where the user does not trust one person well enough to hold the secret but trusts them enough to hold a part of the secret (ie they trust a group of people with their secret but don’t trust any individual person).
How does Hexa use SSS
Hexa uses SSS to split the primary mnemonic into multiple parts. The primary mnemonic is used to generate all receiving addresses in Hexa.
How is SSS secure
An attacker needs m of n shares to reconstruct the seed (3/5 for Hexa). If the attacker has m-1 parts, there are an infinite amount of m order polynomials which pass through m-1 points and as a result, this information is useless. To imagine this more concretely, imagine that m is 3 and the user has m-1 = 2 points. Using these two points, the attacker has to predict the equation of the triangle. But using two points, there are infinite amount of triangles (using the line segment formed by the two points as base) that can be generated and the attacker has no idea on what the coordinates of the triangle are.
- Choose m-1 integers A1, A2, … A(m-1)
- Construct polynomial F(x) = S + A1x + A2x^2 + … + A(m-1)x^(m-1)
- Construct n points out of the polynomial to retrieve (i, F(i))
- Distribute points i, F(i) as shares
Who are Guardians
Guardians are designated entities who hold part of the encrypted shares generated when running the SSS algorithm.
Why does Hexa use a 3/5 scheme
Lets imagine two scenarios:
- A 2/3 scheme – This scheme is vulnerable to both collusion (only 2 people need to collude to steal money from target user) and is less resilient (loss of 2/3 shares means that the seed is lost and the user needs to generate a new seed). As a result, a 2/3 scheme is not ideal when one wants to trust people for accessing their bank account.
- A 7/10 scheme – This scheme is “socially vulnerable” because it is difficult to find a list of 10 people whom you can trust. Technically, this scheme is vulnerable to denials because having 10 people, they may refuse to give their share when requested and as a result, reconstruction of the seed is prone to denial attacks. This scenario also group collusion attacks where there might be two distinct groups of people who might be willing to collude and cheat the user.
As a result, Hexa chose to go ahead with a 3/5 scheme, preventing the chance of collusion (single and multiple groups) while not requiring too many parties to trust. This proves to be an acceptable compromise between the two scenarios discussed above.
What is a Regular Account
A regular account is a single key address that is intended for daily, low volume purchases (coffee, lunch). A regular account comes only with pin based authentication to enable quick and easy transacting using bitcoin.
Sending funds from the Regular Account
Sending funds from the regular account is pretty easy. A user has to
- Click on the Send funds icon at the bottom of the screen
- Choose the amount denominated in Satoshis (1 bitcoin = 100000000
- Select transaction priority
- Choose source Account (Regular / Secure Account)
- See final details and press Send for sending the transaction
- Wait for transaction confirmation screen
What is a Secure Account
A secure account needs authorisation from more than one device in order to spend bitcoins. Secure accounts require the signature of any two of the following:
- The encrypted private key stored on your phone
- The backup phrase
- The Hexa Relayer
The encrypted private key is stored on the device and will sign transactions by default. The backup phrase will not sign automatically since this would again bring back the issue of relying on a single device. The Hexa Relayer authenticates against the two factor authentication code that is provided and will sign the transaction if valid. It is recommended that the 2FA codeenerating device be on a separate device in order to realise the benefits of a multisig account.
Adding funds to a Regular / Secure account
Adding funds to accounts in Hexa is as simple as sending Bitcoin to an address. Users can click on the deposit icon on the Regular Account screen to see a QR code which can be scanned. The copy icon can be clicked to copy the address and
payment URL in order for a wallet to send funds.
Sending funds from the Secure Account
In order to generate a new transaction, the amount is selected, the transaction is signed using the private key stored on the device and then the transaction hex along with the 2FA code and wallet ID is passed on to the Hexa Relayer. The Relayer after authenticating the user, signs the transaction and broadcasts it to the blockchain.
On the user’s end, this looks no different than a Regular account except that the user is asked for the 2FA code before they are able to send funds. The signing process on the Relayer’s end is done automatically and the transaction is broadcast to the blockchain.
Wallet metadata is generated whenever the user opens a new relation with someone. This relation would need to be restored when someone tries to restore
Hexa and as a result, this is encrypted with the user's primary mnemonic and shared to Guardians.
Setting a PIN
This PIN controls access to Hexa. Users should remember this else they risk losing access to Hexa.
Changing the number of characters in the PIN
The PIN is set to 6 numbers to enable easy security while preserving ability to recollect the PIN. This is on par with Apple’s iOS authentication mechanism.
What does the Login Button do
The login button decrypts the wallet and allows access to Hexa. No information is sent to any service owned by any party. The name “Login Button” was chosen to resonate with traditional service providers.
Setting a name for the wallet
This can be any name, this is just used to reference the wallet on the home screen. Users can forget this phrase without worrying about losing access to Hexa.
What does the plus icon do
The plus icon on the home screen can be clicked to view helpful tutorials on how to setup things (insert photo). IT can also be used to fetch test bitcoins if the app is on testnet.
The send funds screen can be opened by clicking on the wallet icon in the bottom
Choosing Transaction Priority
Transaction Priority reflects the urgency of a transaction – High priority transactions can be expected to confirm within 2 blocks, Medium within 4 and High within 6 blocks of broadcasting the transaction.
How is transaction fee calculated
Transaction fee is calculated by an electrs running on our full node instance. This
instance is also publicly queryable, so one can query the endpoint to make sure that the fee is calculated correctly (don’t trust, verify).
Waiting for the transaction to show up on the wallet
Hexa queries the mempool and monitors the blockchain for balances sent to addresses. The balance should show up in 5-10s. If it doesn’t please reload balances by pulling down on the home screen to query our full nodes.
Compatibility with other wallets
Moving from Hexa to other wallets
Users of Hexa can freely move their funds around, as should be the case with a non custodial.
Importing wallets into Hexa
Other wallets can be imported into Hexa by simply entering the mnemonic into the restore account screen shown while starting Hexa
What does the Hexa Relayer store
The Hexa Relayer stores the SHA512 hash of the user's seed in order to temporarily store data in transit to guardians.
Hexa and third party services
Why does Hexa need a relayer
There is no distinction between single and multi device authentication if both parts that are required for authentication are on the same device. This other key however, would be available to users and they can use the same to sweep funds to another address.
Running private Relayers
Running private Hexa Relayers is on the cards and will be designed similar to Samourai’s Dojo.
There is no data to collect and sell. If selling people random numbers were profitable, miners would be millionaires 🙂
Loss of Funds
Can Hexa run away with your money
Hexa does not store anything on its Relayer and as a result, knows nothing about its users. The Hexa Relayer cannot spend funds without your consent. To sweep funds from the secure account at any time, users can use the ga-recovery tool
Security of the Hexa Relayer
Hacking the Hexa Relayer would give an attacker control over the Relayer’s keys but
- this event would be detectable
- users can sweep funds into another address without the Hexa Relayer
Loss / Theft of funds doesn’t occur due to the way the Secure Account is structured.
Hardware wallet support
This is something that Hexa is looking into and will be present in future releases. Hexa’s preliminary release focuses primarily on SSS and the benefits it offers over current solutions.
Lightning is an exciting development and we are actively looking at adding support to lightning. With lightning comes various possibilities such as offline payments and DLCs, which is also something that will be explored into.