ZenGo has raised $4 million from investors including Benson Oak Ventures, Samsung, and Elron. Their aim is to make storing and managing cryptocurrencies less intimidating for the average user.
The message “not your key, not your bitcoin” is often repeated in the cryptocurrency world. However, the process of having to write down a private key and safely store it might be too much of a hassle for newcomers. This is where ZenGo wants to make a product fit for the mainstream, by utilising a unique cryptographic protocol to provide security and ease of use.
The company uses threshold signatures, which means that you need both ZenGo’s servers and your smartphone to initiate a transaction. If you lose your device, you can recover your funds, but the startup itself can’t access your cryptocurrencies.
The ZenGo system uses a two-of-two signature system, requiring two “shares”, one from ZenGo and one from the user, to send a transaction. An encrypted copy of a share is stored on ZenGo’s server, while the decryption code is stored on the user’s iCloud account.
The signing process all happens in the backend. If a ZenGo user wants to send transactions they only need to scan their face, via Apple’s FaceID feature, which will signal ZenGo’s servers to send over the encrypted share for signing.
The security model has been open-sourced and this should allow developers to find vulnerabilities. That’s the only way you can know for sure that it’s a secure system.
ZenGo is currently in private beta, when it publicly launches it will face stiff competition, due to the influx of various crypto custody providers. On such crypto custody provider Casa announced the launch of Keymaster, its mobile app offering similar technologies used by ZenGo.
Some observers have commented on the potential problem if ZenGo’s server shuts down. However, when ZenGo launches, the firm plans on hiring an independent trustee to trigger a share recovery process and allow ZenGo’s users to continue using its service. Another concern is ZenGo’s use of facial verification, could allow an attacker to trick Face ID into signing a transaction without the users’ knowledge. When CEO Ouriel Ohayon was asked about this he said ZenGo’s tech is “spoof free.”