The key lesson we learn from the ongoing financial crisis is that we can no longer trust anybody with our money. We cannot trust the banks, we cannot trust our governments, and we should not grant a company or a service operator the right to control our funds.
Smart people are leaving the banking system and use crypto-currencies to be their own bank. But to go mainstream, we need wallets that combine security and usability out of the box, without bamboozling potential users with geek jargon and obscure concepts.
Security can be achieved through multi-signature wallet services. There are efficient to protect your funds from thieves, but they raise another problem: you grant the wallet operator the right to lock/unlock your funds.
What happens if the company hosting the service stops operation, if their servers are seized by a government agency, or if they lock your account because you are not "compliant" with their KYC/AML policies or any obscure, ever-changing regulation? You no longer have access to your funds.
Multi-signature wallets generally use 2/2 or 2/3 signatures to secure your funds. In a 2/2 configuration, one key is kept on a server, in encrypted form, and under the control of the service operator. To spend your money, the operator's signature is required, otherwise your funds cannot be unlocked. This guarantees that nobody will steal your coins, but it doesn't guarantee that you will always have access to your funds!
Other multi-signature wallets support 2/3 addresses. The user controls 2 keys, and the operator controls one key. So, to release your funds, you can theoretically use your 2 keys. Great! But how do you do that? Can you unlock your funds independently of their system, or do you have to use their interface? Is the recovery procedure practicable for a normal user? These are very important questions, because if you must use their system to recover your funds - or worse, a recovery service -, you still depend on a third-party and their willingness or ability to get your money back.
The only safe option is to keep your funds fully under YOUR control. Not only the keys, but also the method to recover your money. You should always be able to move your funds without relying on a third-party to allow the transfer. Remember: If you don't hold it, you don't own it!
Welcome to Pueblo, a highly secure multi-signature, multi-currency mobile wallet based on a Zero-Trust approach. Easy to use and lightweight.
Pueblo's basic design concept is to offer a user experience that is quite similar to what people already know and understand: home banking. Online banking users know what a password, a PIN and a Super PIN are. Not all users are geeks, and they don't want to struggle with technical mumbo-jumbo, such as blockchain-based applications, brain or deterministic wallets, DAOs, BIP-32/44/47/75, etc.
Mainstream users want a product that is easy to use and secure, out of the box. Most of them are not primarily interested in the technology itself, but in the improvements the technology can offer. So we decided to make such a product: portable, highly secure, easy to use, and lightweight.
Pueblo uses P2SH multi-signature addresses with 4 signatures (*), and 2 of them are required to spend your coins. In a normal situation, the user key (protected by your Login Password) and the server key (encrypted with your PIN) are used. In an emergency situation, the 2 recovery keys (stored offline) are available to recover your funds.
Nobody can see your balance without entering the Login Password. Nobody can spend your coins without the Login Password and the Payment PIN. Before being executed, a payment transaction must be signed by the application AND the server.
So, if your phone is stolen, your money is safe. And because your control the recovery keys, nobody can lock or confiscate your funds.
For additional security, there is a maximum number of 5 PIN attempts before locking payments for 24 hours. Of course, you can reset the lock using your SuperPIN. A daily spend limit and configurable number of PIN attemps will be implemented in a future release.
(*) In fact, a one-time, "throw-away" public key is added as 5th key just to generate new addresses.
No mickey-mouse security, but military-grade encryption with AES-256, PBKDF2 "key stretching" with 20,000 iterations to protect the application. The same level of protection is applied to your Payment PIN.
Network traffic between client and server is protected by SSL/TLS (self-signed RSA 4096/512 certificate) and signed (HMAC-SHA256). Additionally, the SSL certificate is pinned to avoid man-in-the-middle attacks. And finally, Pueblo supports PFS (Perfect Forward Secrecy), so that a compromise of a session's private key cannot be used to decrypt past and future communications
A SuperPIN is also available to recover your password and PIN, should you forget them.
And if you lose your password, your PIN and your SuperPIN, you can still recover your funds using the 2 offline recovery keys.
The application includes powerful recovery procedures that connect directly to the crypto-currency networks. So, even if the Pueblo service is down, you can always unlock your funds using the recovery keys.
Besides being the most secure mobile wallet available today, Pueblo is available to anyone, everywhere. The user interface is easy to understand and to use. The true power is under the hood.
You can install Pueblo on several devices and share the same configuration. Once it is installed on one device, just repeat the installation on the other devices using the "Restore Configuration" option. Then scan the QR code on the PDF document generated during the initial installation. You're done. No long passphrase to remember.
The same procedure can be used if you have to reset your smartphone: reinstall the application from scratch and restore the Configuration.
We collect no personal information about users and we share nothing with nobody.
We run our own full nodes behind the Tor network for optimal privacy.
We operate our own Tor and I2P Hidden Services. For the user, it means that there is no risk of being spied on by Tor exit nodes or I2P outproxies. Of course, the user can easily switch between Tor Proxy, I2P Proxy and direct connection for optimal flexibility.
Pueblo encryption relies on the Bouncy Castle libraries, which are open-source and reviewed by security experts on a regular basis.
For normal operations, we use AES-256 because it is secure and fast. But AES is not the most secure algorithm. The simple fact that AES is recommended by the NSA and the US Government is a good reason for not fully trusting it!
Because Configuration backups are saved in the cloud (i.e. not under your control), we add another security layer by using the Serpent algorithm, which is slower but has a much higher security margin than AES.
So Configuration backups are encrypted twice: a first time with your Login password and AES-256, and a second time with your Unique ID (a randomly-generated password) and the Serpent-256 algorithm. Therefore, even if the Login password is weak (easy to remember), the Configuration backup is protected against brute-force attacks.