Safe, previously Gnosis Safe, powers Linen’s multi-signature, self-custodial architecture, providing security that was once primarily accessible to institutions and now available to all users. This document outlines our security model and our commitment to creating the most secure solution for protecting your crypto wealth.
In cryptographic systems, private keys – crucial for blockchain account access – are increasingly at risk from hacks and lost seed phrases (Secret Phrases). For many crypto asset holders, preempting these asset-loss threats is a significant concern.
Linen security model
Enter Smart Contract Technology powered by Safe
As a more versatile alternative, ‘smart wallets’ like Linen, powered by Safe, are set to alleviate most of the problems associated with wallets that rely only on a single Secret Phrase. Indeed, smart wallets are:
- More secure;
- More flexible;
- Generally more convenient;
Smart Contract Technology
We have chosen Safe smart contracts, the gold standard in smart contract security. Having developed blockchain-based infrastructures since 2016, Safe is the only multi-signature solution that has passed formal verification, the highest possible security standard in the crypto industry.
Besides being formally verified, its smart contracts have also passed three independent security audits. To this day, no major or critical issues have been found in the codebase, and that’s why Safe offers up to $1,000,000 to anyone who can find a bug in the code (that’s the richest bug bounty program in the industry!).
With all that being said, it’s no coincidence that the latest deployment of Gnosis Safe smart contracts secures more than $39 billion worth of crypto assets as of February 2023.
Considering all of this, we find it very unlikely that any other wallet operator could write smart contracts that can even come close to the level of security provided by Safe because Safe is essentially a modular operating system for crypto asets custody and anyone can develop modules that enhance overall security and functionality of Safe. For these reasons, we chose to use Safe’s established smart contracts rather than developing our own from scratch.
In the current implementation, users of Linen can choose between the two options – Safe powers both and are user self-custody – with different security assumptions:
- Linen Easy Recovery. Best for ease of use.
- Linen Vault: Multisig with Hardware Wallet (Ledger X) Support. More secure for large asset holdings (currently in testing).
Linen Easy Recovery
This custody option has three keys, and this wallet design is optimized for easy wallet recovery if a user loses their mobile device or one of their Secret Phrases is compromised. The keys are stored in the following places:
- User Device Key – stored in a secure area on a user mobile device using Secure Enclave. This key can’t be accessed by any other app.
- User Device Key is available for export. User Cloud Drive Key – stored on the user’s cloud storage, such as iCloud Drive. A copy of this key is stored on a user’s mobile device for easy co-signing of transactions along with the User Device Key. This key is also available to export.
- Linen Recovery Key – resides on Linen’s secure software infrastructure and can be accessed for wallet recovery only by a user authenticating with their verified email, SMS one-time passcode verification, and Cloud Drive Key.
To execute a transaction, such as withdrawing assets or swapping, a user needs access to 2 of those 3 keys. In the Linen Easy Recovery option, each transaction is signed with the User Device Key and a copy of the User Cloud Drive Key, which is stored on the user device too.
Linen Vault: Multisig with Hardware Wallet (Ledger X)
This wallet option has three keys physically separated, which is optimized for increased security for those users who hold high balances and need that extra piece of mind. Since all the keys are stored separately from one another, it is very unlikely that a hacker can gain access to two keys at the same time. This security setup gives users enough time to react accordingly and protect their assets, for example, remove the compromised key with a new one.
- User Device Key – stored in a secure area on a user mobile device using Secure Enclave. This key can’t be accessed by any other app. User Device Key is available for export.
- User Hardware Key (Ledger X) – stored offline by the user and used to co-sign transactions along with the User Device Key.
- Linen Recovery Key – resides on Linen’s secure software infrastructure and can be accessed for wallet recovery only by a user authenticating with their verified email, SMS one-time passcode verification, and the Hardware Key.
To execute a transaction, such as withdrawing assets or swapping, a user needs access to 2 of those 3 keys. In the Linen Multisig with the Hardware option, each transaction is signed with the User Device Key and a Hardware Key.
So what happens if your mobile device where one of the keys stored is stolen, lost, or damaged beyond repair, or if you simply have to reinstall the Linen app and delete the device key?
Linen is designed to have two wallet recovery options:
- Linen mobile app recovery using Wallet Recovery Kit – optimized for ease of use;
- Sovereign Mode – for those who choose third-party interfaces to recover their wallets or access their wallets if, in the unlikely event, Linen, the company behind Linen wallet, is no longer around.
Linen mobile app recovery using Wallet Recovery Kit
Regaining access to your wallet is easy thanks to the Linen Wallet Recovery Kit — it requires you to have access to:
- The email address you’ve provided and verified while signing up. Here are 7 tips on how to keep your email secure;
- The phone number you provided and verified while signing up;
- The Cloud Drive Key, saved to your iCloud or Google Drive, which is associated with the Apple ID or Google Account you used when setting up your Linen wallet. The Cloud Drive Key on its own is not enough to regain access to your wallet. Linen Vaults use the Hardware Wallet Key instead of the Cloud Drive Key.
To recover your wallet, download the Linen app, launch it, and select ‘Recover Wallet’ from the main screen. The app will guide you through the process.
As mentioned earlier, one of our guiding principles is censorship resistance. Sovereign Mode is a testament to it, as users can access their Linen wallet using third-party interfaces without reliance on Linen. To do this, users need their User Device Key and either the User Cloud Drive Key or Hardware Key and connect them to third-party interfaces such as the Safe app. A detailed guide on how to do that is here.
Please note that in the current version of Linen, once you use Sovereign Mode, you cannot revert to using the Linen mobile app to sign transactions.
Using cloud drives as key storage
As mentioned earlier, the User Cloud Drive Key is stored in iCloud Drive on iOS and Google Drive on Android in the Linen Easy Recovery option. Access to the User Cloud Drive Key alone does not grant access to the wallet as access to the wallet requires a second key (User Device Key or Linen Recovery Key), hence the name multi-signature.
To upgrade cloud drive security, it is advisable that users also set up 2FA for their cloud storage.
Using hardware wallets as key storage
Hardware wallets provide extra security when used as a signer in a multisig wallet setup because they allow users to sign transactions without exposing the key to the online environment. At the same time, even if the hardware wallet key is lost or compromised, that will not be enough to gain unauthorized access to the user assets.
Keeping the Secret Recovery phrase for hardware wallets offline and separate from your Device Key is important.