Privy’s security architecture leverages secure execution environments to protect your users’ assets. Wallet private keys are only temporarily reconstructed within these strictly isolated, secure execution environments when needed for specific operations, under the wallet owner’s control.
Privy provides two types of secure execution environments: 1) via TEEs and 2) on the user’s device. Each environment ensures that private keys are never stored in complete form and are only temporarily reconstructed when needed.
By default, Privy uses trusted execution environments (TEEs), also known as secure enclaves, for secure wallet operations. As an advanced setting, Privy also enables wallets to be reassembled directly on user devices.
On-device execution is an advanced configuration. Please reach out to [email protected] to enable this setting.
With on-device execution, Privy secures wallets directly on user devices using browser-enforced isolation via iframes. This relies on the same browser security boundaries that have been battle-tested for decades, securing billions of dollars in daily financial transactions across the modern internet.
The Privy iframe runs in a separate process with its own isolated memory space, completely separated from your application. This isolation is enforced by:
Browser security boundaries have been battle-tested for decades, securing billions of dollars in daily financial transactions across the modern internet.
Privy’s security model is based on distributed key sharding. This means critical key entropy is split into encrypted shares, protected by separate security boundaries.
With on-device execution, there are three share types:
Two shares must be present to reconstruct the private key, which only happens temporarily within the iframe on the user’s device.
Typical operation involves sets of 2-of-2 shares, where a device-specific share and an auth share are provisioned for each device on which a wallet is used. Similarly, a recovery share and recovery-specific auth share are provisioned to enable recovery on new devices.
Privy offers two approaches to securing the recovery share:
Automatic recovery
Privy’s key management system secures the encrypted recovery share, allowing users to provision their wallet on new devices through normal authentication. Privy infrastructure ensures only the user can decrypt their recovery share on their device.
When using automatic recovery, you are trusting Privy’s infrastructure to secure the user’s recovery share, and the user’s authentication token as the sole root of trust for their wallet.
User-managed recovery
With user-managed recovery, the recovery share is encrypted via a recovery factor managed by the user. This takes two forms:
When a user creates a wallet, the secure execution environment generates strong entropy (128 bits) from a cryptographically secure random number generator (CSPRNG). This is converted to a mnemonic using BIP-39, from which Privy derives the wallet’s public key and private key. All Privy wallets are hierarchical deterministic (HD) wallets.
Immediately after creation, the wallet entropy is sharded into key shares, and the key shares are encrypted and distributed across separate security boundaries. This ensures that wallets can never be accessed outside of the secure execution environment.
Two shares must be present to reconstruct the private key. During regular operation, Privy reassembles the wallet using a device share and auth share. A device-specific share and an auth share are provisioned for each device on which a wallet is used.
In other words, when signing a transaction:
Because Privy wallets are provisioned directly on user devices, cryptographic signing is extremely fast (20 ms).
Users provision their wallet on a new device using the recovery share and auth share. This set of recovery shares is created on initialization of a new wallet.
When a user accesses your app on a new device, the iframe will retrieve the auth share for your user during the login process. Then, depending on how you’ve configured recovery, the iframe will decrypt the recovery share for your user by:
With the auth share and the recovery share, the iframe provisions a new device share for the new device. This device share allows your user to continue using the wallet on that device.
Learn how to provision new devices in our docs.
With Privy’s architecture, a user is able to recover their private key even if they lose their device or if they lose access to your app.
In all of these cases, Privy rotates keys to ensure compromised devices or authentication methods cannot be combined to maliciously reconstitute the private key.