Hardware devices and keyset diversity

Casa's key management solutions allow you easily to create a robust security setup by eliminating single points of failure through multisig. 

To avoid the hardware devices themselves becoming a single point of failure, we highly recommend using a variety of different hardware devices made by different manufacturers in your keyset, so that no single device type accounts for a quorum of your keys. 

What does this mean?

In Casa's multisig solution, clients are able to choose from any of our supported hardware devices and add those keys as part of their multisig keyset. 

  • In our 3-of-5 multisig option for Platinum and Diamond, a client has five total keys in their keyset, and three of those keys are on hardware devices. 
  • In our 2-of-3 multisig option for Gold, a client has three total keys in their keyset, and the client may choose for either one or two of those keys to be on hardware devices

If you choose a setup with  more than one hardware device, you should be using at least two types of device in your keyset.

For example, we would NOT recommend a 3-of-5 multisig setup with all three hardware keys being Coldcard devices. A better setup would be, for example, two Coldcards and one Trezor, or one Coldcard, one Trezor, and one Ledger.

Likewise, a 2-of-3 multisig setup with two Trezor hardware keys would NOT be recommended. A better setup would be, for example, one Trezor and one Coldcard.

Hardware devices are great tools in key management, but can be vulnerable to exploits, firmware update bugs and failures, and manufacturing flaws. By creating your keyset so that it does not rely too heavily on a single device manufacturer, you are taking one step further toward bulletproofing your security.

Articles in this section

Was this article helpful?
0 out of 0 found this helpful