One of our first goals with my new startup (Valera Labs) is to create a wallet for Apple platforms like no other.
Every iPhone has a secure enclave in which it is possible to store secret keys and get signatures out of it without accessing the key itself. This is similar to a cold wallet.
This is true.
Our wallet will basically bridge the gap between Lightning, Bitcoin and Stacks. It’ll be one seamless experience where we bring the state-of-the-art tech currently worked on with something everyday people can use.
This will be extremely integrated into Apple’s tech stack, including iMessage integration. It’ll also automate the privacy techniques found in new wallets. Open-source, non-custodial.
It’s a hardware-based key manager that’s isolated from the main processor to provide an extra layer of security. When keys are stored in the Secure Enclave, the app never actually handles the key, making it difficult for the key to become compromised. Instead, we can instruct the Secure Enclave to create the key, securely store it, and perform operations with it. The wallet receives only the output of these operations, such as encrypted data or a cryptographic signature verification outcome.
There are a few restrictions:
Is a hardware feature of the Apple A7 or later A-series processor. Only iOS devices with one of these processors or a MacBook Pro with the Touch Bar and Touch ID support this feature.
Stores only 256-bit elliptic curve private keys. These keys can only be used for creating and verifying cryptographic signatures, or for elliptic curve Diffie-Hellman key exchange (and by extension, symmetric encryption).
Can’t import preexisting keys. You must create keys directly inside the Secure Enclave. Not having a mechanism to transfer key data into or out of the Secure Enclave is fundamental to its security.
So what we can support in the wallet, using the Secure Enclave, are the keys used for the basic Bitcoin & Stacks accounts, including support for Schnorr (Taproot) signatures.
I’m not as familiar with some of the crypto stuff for Lightning, but it uses the Noise protocol which should theoretically work with this too.
The User doesn’t have to worry about backing up keys if they don’t want to. As long as the phone works, they’ll have access to their funds. Though this could pose an issue if the phone has issues, so presumably in the wallet there’d be an option to use a different option that you back it up with.
Maybe instead, we get the user to back the actual keys up (similar to Muun), then immediately encrypt them with a key on the Secure Enclave. This means that the user won’t have to use a password or faceid to keep the keys securely.
It’s a compromise of multiple factors, and the best way for that to happen is to suggest a recommended option, as well as other options, so the user can make their own choice depending on their security model. If you’re really worried about a state-level aggressor, you probably shouldn’t be using Apple devices in the first place.
The Secure Enclave