Security Model
On-Chain Identity
Your handles are linked to your wallet addresses on-chain:
- Verified ownership: You prove you own the handle via OAuth, SMS, or email
- Permanent link: Once registered, your handle is bound to your address
- Privacy preserved: Phone and Email are hashed on-chain
- On-chain proof: The link is verifiable
This registration happens on both Solana and Polygon using native smart contracts so your account is secured even from a whole blockchain failure.
Key Shares
Drop uses a distributed key architecture that ensures your private key never exists in one place—not even on your own device.
Your wallet is protected by multiple key shares stored in different secured environments:
| Share | Location | Protection |
|---|---|---|
| Client | Your device | Passkey (biometrics) |
| Server | Cloud Servers | Hardware isolation |
Neither share alone can sign transactions. All must participate together.
The private key reconstruction and signing is able to occur using a MPC protocol or using XOR cipher conjoining encripted shared on the user's devices.
Both paths allow to make a robust key backup system in the future if a user opts-in to it.
How Signing Works
When you make a transaction:
- You authorize with your passkey (Face ID, fingerprint, etc.)
- Your device's key share participates in signing
- The server's key shares participates in signing
- A valid signature is produced in a server relay
- The full private key cannot be reconstructed without your approval
The server-side key shares is stored in a trusted environment that includes:
- Hardware isolation: Physically separated from other systems
- Memory encryption: Data is encrypted even in RAM
- Tamper-proof: Even Drop engineers cannot extract keys
- Attestation: Cryptographic proof the correct code is running
Your Passkey
The passkey on your device:
- Requires biometrics: Every transaction needs your Face ID or fingerprint
- Never leaves your device: Protected by your device's secure hardware
- Cannot be phished: It's not a password that can be stolen
- Is one of the key shares: Without it, no transactions can happen
Security Guarantees
- No single point of failure: An attacker would need access to both your device AND all backend infrastructure
- Private key never exists: The full private key is never assembled without your request and only on your device in case of an key export.
- Biometric required: Every transaction needs your explicit approval
- Self-custodial: No one can move your funds without your authorization
- Hardware-backed: All key share servers use secure hardware
Comparison
vs. Traditional Wallets (Seed Phrase)
| Traditional | Drop | |
|---|---|---|
| Key storage | One place | Distributed |
| If device lost | Funds at risk | Passwordless - protected |
| If seed lost | Funds at risk | Seedless - protected |
| Recovery | 12-24 word phrase | Passkey sync or backup recovery |
vs. Custodial Wallets (Exchange)
| Custodial | Drop | |
|---|---|---|
| Who controls keys | The company | You |
| Can company take funds | Yes | No |
| Your approval needed | Not always | Always |
Is the code open-source?
Partially yes, we will strive to be fully open-source in the future