Signata

Signata operates as a zero-knowledge service for all secrets stored in the system. Users must

configure a BIP396 mnemonic recovery passphrase to retain the ability to recover their account

should they lose their YubiKeys. The encryption key that resides on their YubiKeys remains on

the user’s YubiKey in unexportable smartcard storage, and an encrypted version is stored within

the Signata service as a backup. To ensure Signata itself does not become a target for attack, the

user’s mnemonic is never sent to the storage that the service operates.

For users to interact with their addresses, they simply need to connect their YubiKey, provide

their PIN (similar to authorising a payment using a credit card, but only the YubiKey and user

knows the PIN), and the keys are decrypted for the user to use them. Unlike common hardware

wallets the keys themselves don’t actually reside on the YubiKey, only the encryption key does.

The encryption key is protected from unauthorized use by the user’s PIN (not known by

Signata), and repeated failed PIN attempts will send the YubiKey into a locked state to ensure

brute-forced access cannot be attained

token integration and a marketplace of smart contracts for integration with 3rd party service providers.