1 of 8

Knox

A new secure coin that democratizes safe DeFi by ensuring that even if an attackers steals your private key, your account remains secure.

2 of 8

Jane in Ecuador

  • Puts savings in Cryptocurrency
  • Uses a wallet on her phone
    • Free App
    • Can’t afford $$$ wallet app (thousands of $)
  • Attacker wants to steal her savings
  • Attacker can...
    • Hack her wallet app
    • Compromise her phone OS
    • Steal her device
    • Remote access into her device
    • Social engineer her key

3 of 8

Secure wallet apps are $$$ expensive

If someone steals your private key, your savings are gone

Banking is not universal, some need to rely on DeFi

4 of 8

In Knox, Jane can

  1. Specify n security codes and a transaction delay time to associate with her public key, broadcast to miners to place on the blockchain
    1. Security codes → private keys, where public keys are included in public block
    2. Public counterparts are immutable, easily retrievable
  2. Jane stores security codes across locations (hardware wallet, QR code, diary, parent…)

Sk1

Sk2

Sk3

Pk0 Delay

Pk1

Pk2

...

...

Sk0

Pk0

** As long as Jane retains 1 more valid security code than any attacker, she will remain in control of funds **

She can even lose some of these

5 of 8

Jane wants to execute a transaction...

Attacker wants to execute transaction...

  • She initiates a transfer request, sent to miners
  • After delay period, sends execute request

  • Attacker has stolen Jane’s private key
  • Attacker initiates transfer request
  • Jane’s wallet notifies her via Twilio SMS
  • Jane cancels the transaction (wallet may automatically do this)

If attacker attempts to execute, miner verification will fail

Sk

Pk

6 of 8

Jane sees the malicious transaction...

ReKey verifies and transfers

  • After cancelling the transaction, Jane initiates a ReKey request
    • This executes the Knox ReKey smart contract

  1. Verifies that the signature is valid
  2. Verifies that the Pkn is associated with Pk0 and stored on the blockchain (described in initialization)
  3. Verifies that the message is signed by the Skn associated with Pkn
  4. Verifies that the user has not executed a previous ReKey request to Pkn.

If all true, immediately transfers all funds → Pkn. This renders the previous private key that the attacker has stolen completely useless.

Sk

Pk

7 of 8

Our Submission

Frontend Wallet

Altcoin (published)

Backend Full Node

8 of 8

Demo