flowchart TD
%% USER DEVICE
subgraph "User Device"
direction TB
DevPasskey["Built-in Device Passkey
(Face ID / Touch ID)"]:::int
WebAuthn["WebAuthn assertion
(via external key OR device passkey)"]:::logic
KeyShareA["Key Share A
(AES-encrypted at rest,
gated by Secure Enclave)"]:::secret
FROSTSign["FROST MPC signing
(runs in device RAM
after user auth)"]:::compute
EncA["Encrypted backup of
Key Share A
(iCloud/Google — passkey-encrypted, never plain)"]:::backup
PasskeySync["Passkey backup
(iCloud/Google)"]:::backup
DevPasskey --> WebAuthn
DevPasskey --> PasskeySync
WebAuthn -->|unlock| KeyShareA
KeyShareA -- "decrypted → RAM" --> FROSTSign
KeyShareA -. "passkey-encrypted
export only" .-> EncA
FROSTSign -- "Partial Sig A" --> Combine
end
%% EXTERNAL: hardware FIDO2 key for normal use
HWKey["Hardware Security Key
(FIDO2 token, USB/NFC)"]:::ext
HWKey --> WebAuthn
%% GUARDIAN / SOCIAL SHARE C (Shamir split, not passkey-encrypted)
GuardianShareC["Guardian/Social Recovery
Share C (Shamir split, not passkey-encrypted)"]:::secret
EncC["Distributed guardian shares of C
(print, cloud, trusted people)
Collect quorum to reconstruct"]:::backup
GuardianShareC -- "split and distribute (Shamir)" --> EncC
EncC --> RecoveryTool
%% OPTIONAL: hardware Bitcoin wallet full signing
HWBtc["Hardware Bitcoin Wallet
(Ledger/Trezor/BitBox)"]:::opt
HWBtc -.-> Combine
%% SERVER / TEE
subgraph "Server / TEE (Nitro Enclave)"
direction TB
WebAuthnSrv["WebAuthn required
to access"]:::logic
ShareB["Key Share B
(sealed inside TEE)"]:::secret
EnclaveSign["Partial Sig B
(FROST, runs inside TEE)"]:::compute
WebAuthnSrv --> ShareB
ShareB --> EnclaveSign
EnclaveSign -- "Partial Sig B" --> Combine
end
%% THRESHOLD COMBINE & CHAIN
Combine["Combine Partial Sig A + B
(FROST threshold signature)"]:::combine
Blockchain["Broadcast to Bitcoin network"]:::chain
Confirmed["Confirmed transaction"]:::chain
Combine --> Blockchain --> Confirmed
%% SOCIAL RECOVERY (MANDATORY)
EncA --> RecoveryTool
RecoveryTool -. "reconstruct C
(from guardian shares)" .-> Combine
%% NOTE
Note1["Threshold MPC — full key **never** exists in one place.
Mobile share is passkey-gated; server share lives only in TEE.
Guardian/social recovery shares (Share C) are split among trusted people and NOT passkey-encrypted — collect quorum for recovery.
**Server must be present for any spending, recovery, or inheritance (as in Bitkey).**
If either share is compromised, wallet cannot be drained.
Optional hardware wallet can provide additional resilience.
Test your backup and recovery regularly."]:::note
Note1 --- Combine
%% STYLES
classDef ext fill:#dbeafe,stroke:#1e3a8a,stroke-width:2px
classDef int fill:#dbeafe,stroke:#475569,stroke-width:2px
classDef logic fill:#ffffff,stroke:#000000,stroke-width:2px
classDef secret fill:#ffe4e6,stroke:#be123c,stroke-width:2px
classDef compute fill:#fff7ed,stroke:#a16207,stroke-width:2px
classDef backup fill:#fefce8,stroke:#92400e,stroke-width:2px
classDef combine fill:#e2e8f0,stroke:#334155,stroke-width:2px
classDef chain fill:#ecfccb,stroke:#15803d,stroke-width:2px
classDef note fill:#fff3cd,stroke:#b38f00,stroke-width:2px
classDef opt fill:#f5f3ff,stroke:#6366f1,stroke-width:2px,stroke-dasharray:5 5