Mariano Vicario
Posted on April 25, 2024
https://llavero.app
https://github.com/llaverowallet/llavero/
Last week I made public my project Llavero Wallet, a self-service solution designed to give you complete control over your digital keys and assets. “Llavero” means “keyring” in Spanish, and this wallet lives up to its name by providing you with the tools you need to secure your digital world.
This initial minimum viable product release is aimed at technical users for now. But I need feedback from knowledgeable people to improve and simplify things for a broader audience down the road. So I’m hoping this generates interest from potential contributors.
Love the problem: Effortless Secure Self-Custody
Let’s be real — managing your own keys in a totally secure way is hard work. Understanding and mitigating all the hardware, software, and seed phrase vulnerabilities requires a huge investment of time and effort that most people can’t make.
For regular users, it’s a daunting prospect to have a cold hardware wallet stored in a safe somewhere, paper backups, and detailed instructions for loved ones on what to do if something happens to you. They understandably fear losing keys, getting robbed, or messing up backup procedures. It’s not a very user-friendly or reassuring solution for daily digital asset use.
People are used to the simplicity and safety nets of modern online banking — recovering passwords via MFA, bio-metrics, simple KYC processes, and having some recourse if things go wrong. Self-custody needs to be that effortless while maintaining privacy and true ownership.
The Solution: Enterprise Security Made Personal
Let’s face it, companies like banks and crypto exchanges have done a great job making security straightforward for users. Features like multi-factor authentication, passkeys, address whitelisting, multi-sig transaction approvals — these enhance security while remaining user-friendly.
People are used to trusting skilled third parties to handle that complexity on their behalf. But of course, those companies are still custodians. You don’t truly own your crypto or data.
That’s where Llavero comes in. It brings that world-class security directly to individuals in a self-custodial way. In this first release, Llavero harnesses AWS KMS — which is essentially a managed cloud-hosted hardware wallet. AWS secures and manages your “hard wallet” keys for you in their tightly controlled infrastructure.
Major blockchain security companies like OpenZeppelin rely on AWS KMS for protecting keys and assets at scale. With cloud providers’ free tiers, an individual can have a similar level of robust key security and management… almost for free. AWS charges 1 USD for each key a month after the first year.
With Llavero, you get the intuitive ease-of-use and account recovery flows of Web2 services. But you also get the privacy and “one key to rule them all” self-sovereign ethos of Web3. An end user has full ownership and control over their keys, without any centralized intermediaries. You rely on AWS’s security for now, but it’s a different value proposition with more privacy and autonomy over your digital property.
Llavero Wallet quick demo:
Finding a Niche
I know the “blockchain purists” who truly grok self-custody likely won’t ever trust a cloud-based product like Llavero Wallet. They already have a hardware wallet like Ledger stashed in a safe, stamped backups in safe deposit boxes, and a thoroughly documented dead man’s switch set up with their family. For them, a dedicated offline cold wallet is the only acceptable way.
And you know what? They’re not wrong. A hardware wallet hidden in a secure home location is exceedingly safe in general. It’s about as robust as physical security gets.
But…that’s just not a viable solution for most regular people doing daily digital life and asset management. If you set everything up correctly with a hardware wallet, the hassles and key vulnerability risks are still pretty high for a blockchain newbie.
So Llavero’s niche will be tricky to find at first. I’m hoping it resonates with blockchain newbies, plus tech-savvy folks who want self-custody without the super hardline approach. Easing the UX while maintaining robust security.
My Long-Term Vision
Big picture, I believe every individual should have seamless access to their own sovereign personal infrastructure stack — a resilient service stack that’s essentially effortless to use and own.
In the coming AI era, cyber-security will become even more crucial as threats evolve. And like physical security, favoring isolation reduces risk from cascading mass attacks. Each person having their own fully isolated stack makes systematic compromise far more difficult.
Here’s the high-level road-map for getting there:
- AWS Installation — Really cheap self-hosted cloud with SaaS companies removed. This is Llavero’s first MVP version.
- Agnostic Cloud — The ability for users to easily migrate between different cloud providers like AWS, Azure, Google Cloud etc.
- Censorship Resistance — Supporting a multi-provider, multi-PaaS/SaaS architecture. Using novel crypto techniques like Shamir’s Secret Sharing or multi-party computation to split trust.
- Hardware Backups — Mixing cloud services with owned local hardware like Raspberry Pis or repurposed old cellphones/laptops.
- Family & Friends Network — Extending trust to a decentralized web of people you trust, for ultimate redundancy and resilience. Today, cloud and software costs are already very inexpensive, and in the following years they will continue dropping towards zero cost as these technologies become further commoditized. Truly sovereign personal infrastructure should be free or ultra-low cost for everyone.
Join the Journey
Llavero represents my first step toward that vision of individual empowerment and effortless self-sovereign security. It’s my attempt to make AWS’s powerful KMS accessible and self-custodial for people.
I hope you’ll check it out, provide feedback, and consider contributing your skills! I’m aiming to have over 10 people engaged in conversations about contributing code, security expertise, QA testing, or architectural input within the next few weeks.
Let’s work together to make truly effortless self-custody a reality — bringing enterprise-grade security and privacy to the people. The vault for the people.
Posted on April 25, 2024
Join Our Newsletter. No Spam, Only the good stuff.
Sign up to receive the latest update from our blog.