Tackling a 12 year old problem of Bitcoin
One of the biggest pain points in Bitcoin has always been the need for users to back up their Recovery Phrases, most commonly referred to as “12 words” or “seed phrase”. These are typically a list of 12 words that must be written down and stored in a particular order, without any typos.
Although it sounds tedious — and it is — as long as you keep your Recovery Phrase in a safe place, you should always have access to your Bitcoins. Doesn’t seem like a difficult thing to do, right?
Well, the reality is a bit more complicated.
The reality is the vast majority of people don’t take this process very seriously, and we can’t blame them. After all, you are not asked to write down any 12 words on any app, outside of Bitcoin —or crypto in general.
Also people forget their passwords all the time, and there is always a recovery process in place, by verifying their identity. Therefore regular people don’t understand why should they do this. So, they don’t.
The even uglier side of this story is that people who you might call experienced Bitcoiners don’t do this with the diligence you might expect either. Our Support Center is regularly receiving emails of people who lost their Recovery Phrase or never even got to write it down. We had some cases where people had lost access to large sums of money. And that sucks. A lot.
The baseline is: if people can’t rely on your app to keep their money safe, they won’t use it nor recommend it. Seed phrases don’t scale in human terms.
That’s why we decided to make HandCash a fully keyless wallet. That means users won’t need to explicitly write down and keep seed phrases to access their accounts anymore.
Enough is enough
We at HandCash think it is our responsibility to offer a safe experience at all ends to earn our users’ trust. It is not in our DNA to settle for mediocre solutions just because “well, it’s always been done this way”. So, almost two years ago, we started looking into ways of getting rid of this nightmare.
One phrase that always helps our team to solve complex problems is: “when you ask the right question, the answer is obvious”. To figure out the solution, first we had to find out exactly the root of the problem.
In our case, we got to the conclusion that everything boiled down to: “How can we help our users get access to their accounts without us having access to the money itself?” — Simple as it may seem, that helped us frame our minds.
Requirements for the solution
It was pretty clear what the main goal was, but we also needed to add some restrictions into the mix so we could narrow down the possibilities:
- Users don’t have to explicitly take action to back up.
- Onboarding must become as familiar as any other regular money app.
- The new system must move all transaction signing operations from the device to the cloud.
- We wish to remain non-custodial.
Past experiments that didn’t go well for us
Back in 2017 when we started designing the very first version of HandCash, we wanted to test three backup methods: the legacy 12 words system, Google Drive / iCloud encrypted backup and Contactless NFC tag backups.
We loved the NFC backups and we thought it was the best feature of our first app, but nobody used it. Was it because they didn’t understand it? Maybe they didn’t trust it? Or perhaps people were not sure which kind of NFC tags it was compatible with? It all required a lot of effort to figure out. Discarded.
Google Drive / iCloud encrypted backups… this seemed to work a bit better, but we created two other issues: for security they were password encrypted, but the user had to remember which password they used to encrypt the wallet. And many many people forgot to write it down.
The other one was people deleting their backup files from their cloud storage. And again this process had to explicitly be triggered by the user. Users thought, and rightfuly so, our ideas were a mess and settled for the 12 words.
We were not solving anything just trying to make it more convenient. What was needed was a 180º turn towards what we really wanted.
We needed to go keyless — for real.
Current solutions we don’t like
Over the past year we’ve seen a handful of other projects tackle this issue. There were three red lines in particular we would not cross:
- Asking users to scan their faces or setting passwords for encrypting their backup on our servers.
- Cloud based backups —again: been there, done that. Doesn’t work.
- Restore a full key on any device or web browser.
Testing our initial hypothesis
Do you think it’s a coincidence that we started asking for a phone number since we launched HandCash 2.0 back in August 2019? Pretty soon we realized that regardless of the details of our final technical solution, we would need our users to verify their identity with (at least) two different parties.
So we decided to start with the toughest one to ask: the phone number. The idea was that if most of our users trusted and liked our product enough to verify their phone number with us, we could keep moving forward developing the keyless scheme we had in mind. Thankfully, you guys trusted us! Hypothesis validated. Moving on!
From the user’s perspective, they will only need to validate an email address to make their accounts keyless. That’s all! We take care of the rest. After this transition is made, you will only need to verify your phone number and your email address in order to access your HandCash account. Pretty cool, huh?
Needless to say you will be able to change either. First through support but pretty soon you will be able to deal with it yourself from within the app.
OK But how does it work?
The key component of our keyless system is a cryptographic technique called “Threshold Signature Scheme”, or TSS, which basically allows for two or more independent companies to partially sign a transaction, without an actual key ever needed to be recomposed at any point, on any device. Users would only need to authenticate on both services.
It was very critical for us to still remain non-custodial despite how easy it seems from the outside, so we spent weeks checking the laws on cryptocurrency key management.
That way we could still offer advanced payment solutions to companies through our HandCash Connect SDK, without these companies having to worry about extra licenses nor becoming custodial at any time.
For making this possible, we partnered with MatterCloud will be acting on as our “Trustholder”. That is, the other company that will be acting in behalf of our users. MatterCloud has been our faithful partner for over a year now, providing us with reliable Bitcoin infrastructure, and we couldn’t be happier to strengthen our relationship even further.
Why the insistence in remaining non-custodial?
For one, it’s cheaper for us to offer our services in most countries of the world as we do not have to acquire extra custodian or money transmitter licenses under most regulations.
But for us, personally, the main factor is we think one of Bitcoin’s killer features is economic sovereignty. We believe that Bitcoin is cash, and therefore, must remain personal and private. With this scheme none of the companies involved ever has access to the money directly, only the user by authenticating with both companies can access the funds and trigger payments.
In addition, as the money is never in just one place at the time due to the nature of our systems, there is no jackpot in the event of a security breach. This would not be the case if we had decided to become custodial.
Connect is Fully Keyless
In the coming weeks we will launch our HandCash Connect SDK, our all-in-one toolset for developing Bitcoin apps on every platform, in no time. Our keyless system was the reason why it took longer than expected for us to launch it, but it was pretty clear that we had to make it keyless since day one.
TSS allows us to sign all transactions on the cloud instead of doing it on the user’s device, removing a big bottleneck for performance and making it possible for Connect to be a fully HTTP based protocol. This means Connect is 100% platform-agnostic (mobile, desktop, VR… any device with an internet connection really!) and companies can trigger payments even if the user is offline, opening the door to limitless possibilities for developers.
Every single transaction will be done through TSS signing, with SPV checks for every single UTXO and processed with our exclusive Output Bills system for maximum privacy and optimal performance.
There are many more benefits of using this innovative scheme, and we believe it is so good we decided to protect it with a patent.
HandCash goes Keyless starting on our 2.5 update, scheduled for early October. This is the culmination of many months of tireless development, trial and error, testing hypothesis and gathering feedback. But it also marks the beginning of a new era for HandCash.
Final words from Alex Agut, CEO of HandCash
I would personally like to thank first and foremost, my partner in crime and CTO of HandCash, Rafa Jiménez for his sleepless nights and weekends for over three years straight now. Gracias hamijo. Buen trabajo.
Thanks Ivan Mlinaric, Brandon Bryant and Brandon Cryderman not just for your professionalism, but especially for staying by our side under all kinds of weather and uncertainty. In the end everything worked out well, but it wouldn’t have happened without your incredible commitment to our mission.
Thanks nChain, Coingeek, Two Hop Ventures and Unbounded Capital for believing in our long term vision and supporting our adventure.
Thanks to Attila Aros. Man, you are amazing. It’s been a pleasure growing our companies together for over a year now. Ready for this new challenge? :)
Thanks to Tomas Serna, our awesome lawyer. A true shark, and above that, a truly good human being who’s become a close friend. Tomas, without you we couldn’t have handled all that paperwork and contracts with the required levels of professionalism. Best startup lawyer in Spain!
Thanks to Owen Vaughan, Director of Research at nChain, for being such an outstanding professor to us on the TSS Scheme. Thanks to John Murphy, Senior Software Engineer at nChain for his job leading the Nakasendo team!
Thank you Dr. Craig S. Wright for… well, everything. Not only you invented the magnificent technology Bitcoin is, but you’ve also been one of our greatest supporters and teachers. Your inspiration and teachings have helped us immensely as we strive to create something you’ll hopefully feel proud of.
Thanks to Jimmy Nguyen, who took us under his wing since the day we announced HandCash to the world back in early 2018. You’ve been a great friend Jimmy — we love you! Congratulations on your engagement :)
And finally, thanks to the tens of thousands of HandCash users who have been there through all the drought and promises of the past months. You’ve always believed in our vision and we’re pretty sure you won’t be disappointed.