Malware Resistance
The 2PC(-MPC) eliminates single points of failure for the private key. This means a compromised user, server, or network can at most suggest a transaction to be signed that the other party must approve for it to actually be signed.
Compromised WaaP Server
In the case of a compromised server, the user must also be compromised to steal any key or sign transactions. The Security Share alone cannot reconstruct the full signing key or authorize transactions without the Sovereign Share, which is derived from user-specific inputs via the Human Network. An attacker who compromises only the server gains no ability to move funds.
Compromised User Device
In the case of a compromised user device, the server must also be compromised to steal any key or sign transactions. Malware on the user’s device can observe the Sovereign Share, but it cannot forge the Security Share held in the TEE. The TEE enforces policy checks — such as spend limits, transaction simulation, and multifactor authorization — before co-signing. This means even a fully compromised browser or operating system cannot unilaterally sign a transaction.
Compromised Network
In the case of a compromised network (man-in-the-middle attack), the attacker can observe encrypted traffic between the user’s device and the TEE but cannot decrypt or modify it. The communication channel between the user’s device and the TEE is end-to-end encrypted and authenticated. Even if the attacker intercepts and replays messages, the TEE will reject replayed or tampered requests because each signing session uses unique nonces and is bound to the specific transaction data.
Defense in Depth
WaaP layers multiple independent defenses so that a single breach in any component does not lead to loss of funds:
- Key splitting (2PC) — No single party holds the full signing key. Both the Sovereign Share and Security Share must cooperate to produce a signature.
- TEE isolation — The Security Share runs in a Trusted Execution Environment with a minimal codebase, reducing the attack surface and preventing even the server operator from extracting the key.
- Transaction simulation — Before co-signing, the TEE runs transaction simulations and presents human-readable results to the user on a secure device, preventing blind signing.
- Policy engine — Configurable spend limits, per-transaction authorization, and risk-threshold blocking provide additional guardrails even if the user’s device is compromised.
- Multifactor authorization — High-value or high-risk transactions can require additional confirmation on a separate secure device (mobile phone or hardware wallet).
The combination of these layers means an attacker must simultaneously compromise the user’s device, the TEE, and the network to steal funds — a scenario that is orders of magnitude harder than compromising any single component.
Related
- Core Architecture — How the Sovereign Share and Security Share work together
- Blind Signing Resistance — Transaction simulation and secure device channels
- Audits & Security Partners — Independent audits and security consulting
- Compared to WaaS — Security comparison with WaaS solutions