Secrets Vault FAQ’s

Secrets Vault employs multiple layers of security, including end-to-end encryption, homomorphic encryption, and steganography. Sensitive data never leaves your device (eg., your phone), being encrypted locally, so its only accesible by you. For more information, visit our documentation section.

Secrets Vault provides a novel mechanism to prevent wallet loss and protect sensitive information without requiring custodial services or multiparty computation (MPC) operations. It´s chain-agnostic and wallet-agnostic, making it compatible with all existing chains and wallets. Additionally, users do not need to remember passwords or seed phrases, only needing to store an innocuous image.

We are not encrypting images, we are using the image for hiding the information. The hiding process uses a random image key generated in the same user device. Since it is random, it is unique per hiding process and therefore even if you are using an image of another user, it is impossible to steal the seed phrase of this user.

The user can install again a Minima node, install and execute our MiniDapp, provide the image that was used to hide the seed phrase (or any copy that he left in any private or public place), login to our system (using the social login used when made the visual backup) and the MiniDapp recovers the key hidden in the image using the image key provided by our system.

So, the user only needs to keep the image (or any copy) used to hide the key and the social login credentials.

The image used to hide the secret, can be stored anywhere, even in a public place since we do not manipulate the image: there is no trace that could identify the image as been used or not for this purpose.

Furthermore, the method is robust against image manipulations and therefore, the image can be shared in or downloaded from a social network or instant message services regardless it could be manipulated by compression algorithms or watermarks implemented by these services.

The image key is custodied in our system in an encrypted form and only can be retrieved by the user after authenticating and proving in a zero-knowledge way that he/she is in possession of the image.

Since the protection is based on a secret sharing scheme, having access only to one of the pieces is not enough to guess the secret (provides zero information), so only having both pieces is when it is possible to recover the secret.

Current implementation has a limit of 50,000 pixels (e.g., 224×224 pixels). But this limitation will be improved and even eliminated in future releases.

From an information-theoretic security point of view, to achieve perfect security we should use an image larger than the secret. In case it is smaller we achieve computational security (as any standard cryptographic algorithm). We will provide both options when a user decides to protect the seed phrase, depending on the size of the picture.

As mentioned before, it will be possible to use in the future larger sizes. Another possibility is to use multiple images. In the roadmap, we are also studying to use other media for hiding the secret, such as videos or audio, that will allow to hide larger amounts of secret information.

The image key is necessary, without it is not possible to recover the secret. In our roadmap we will add a decentralize secret storage and Multi-Party computation protocols that will allow to decentralize the recovery of the key and made it independent of one actor (e.g., LTA Labs).

Some programs change the quality of the picture, so someone will not be able to distinguish between the picture they used and the new modified picture. Our visual cryptographic scheme is combining cryptography and steganographic techniques, so we support changes and improvements of the image without putting in risk the possibility of recovering the secret from a manipulated image instead of the original one. That way, the original image can be shared through social networks or instant messaging (regardless these services could resize, lossy compress or watermark the image) and use this shared file to recover the secret.

No, we are working with the bitmap of the picture, we do not use any metadata or filename such as title or creation time. If this information changes there is no impact.

This is an interesting idea, but it does not solve the problem we are focusing on: how can we recover the seed phrase if we lose the wallet.

This approach is focused on encrypting a secret using a pattern image generated the seed phrase. Since the pattern image is ephemeral (it is not stored after using it for encrypting), you need the seed phrase to reconstruct again the pattern image for decrypting. Our proposal complements yours, since allow to recover the seed phrase in case you lose the wallet, and allows you to decrypt information in the future.