Skip to content
This repository has been archived by the owner on Jun 14, 2019. It is now read-only.

Design Considerations

Jump to bottom
Varunram Ganesh edited this page Feb 7, 2019 · 3 revisions

Design Considerations

This wiki contains a list of design tradeoffs and decisions that we made at BitHyve to ensure that people get the best user experience possible for their bitcoin wallets. None of these decisions are final and they are constantly evolving, but we think it is wise to let our users know why the app they use does some stuff the way it does right now.

  1. Normal Account without 2FA: 2FA is becoming increasingly more popular as a way to authenticate services but the BitHyve normal account only uses a pin. This is because we aim to reach out to people who might not know how to use authenticator app and would still like to tip their toes into the cryptocurrency world. It is essential to have easy and frictionless feature for an audience that is not good at handling technology. More experienced users can always choose to go for the secure account but users with little experience using cryptocurrency products are better off with simple pin based authentication. Further the secure account is used to add extra security so that larger funds can be sweeped into these accounts and be save from accidental transfers and or security risks. The savings account is geared towards smaller balances and for daily usage. For example I may not want to have a 2FA based on google authentication for buying a coffee or for making a small transfer.

  2. I want to download my private key / run my own servers for authentication without depending on the signature from BitHyve's oracle - We do realize this feature is much needed and have charted it out as part of our roadmap. As for the preliminary release, the aim is to put the app and test it with real world users so that we can get feedback on the app's usability and UX.

  3. I want to customize my vault account with more conditions / people involved as escrow - This is on our roadmap as well and something that we will be looking to target in future releases. This presents many user scenarios and the challenge is in identifying the user scenarios most relevant to our users and also the scenarios most challenging in the real world and create a seamless user experience backed buy a solid technical solution.

  4. Why do you have an oracle as a third party signer in my "secure" account. Is it really secure as you claim? - Our secure accounts require the signature of two of the following three parties:

  • The encrypted private key stored on your phone's memory. This is essentially in your control.
  • The backup phrase for the additional signatory. This is in your control.
  • The BitHyve Oracle. This is only used if you google authenticator authorises successfully.

Even if one of the signers is not available / online (eg. the phone is destroyed but you have the mnemonic), the user can still retrieve his account with the help of the BitHyve oracle and his mnemonic. If we were to have the signature of only two parties, the loss of either signature would result in the loss of user funds.

  1. I don't see an option for importing my hardware wallet / I don't see hardware supported 2FA - This is something that we're looking into as well and will be present in future releases.

  2. Lightning support - Lightning is one of the most exciting innovations recently and we will be actively researching into it and looking at adding support to lightning. With lightning come various possibilities such as offline payments and DLCs, which is also something that we're looking to target in future releases. This also This presents many user scenarios and the challenge is in identifying the user scenarios most relevant to our users and also the scenarios most challenging in the real world and create a seamless user experience backed by a secure technical solution.

  3. What happens if BitHyve's oracle is hacked? - Nothing really, users should still authorize transactions locally because a tx needs the sign of 2 of 3 parties. Also, we'll be quick to make a change at the app level which would add a new oracle, so no user funds would be lost

  4. What are you doing to secure the oracle? - We plan to use proven Key Management services and Hardware Security Modules to handle the private keys of the oracle. In the future, we would be exploring to see if 2FA can also be done on the same KMS/HSM server.

  5. Do you collect metadata on my spending / do you collect data on anything? - No, and we don't need to. What data a person might know about you should solely be derived from the bitcoin blockchain and network.

Do you have a cool feature / idea that you would like to propose? Get in touch with one of our team members or open an issue and we'll add it to our roadmap!

Clone this wiki locally