Don’t invest unless you’re prepared to lose all the money you invest. This is a high-risk investment, and you shouldn't expect protection if something goes wrong. Take 2 minutes to learn more

Vault

Vault: Permission & Trust in Self-Custody Solutions

  • 28 Mar, 2024

  • 5 Min read

Uphold Team photo
Written by

Vault: Permission & Trust in Self-Custody Solutions

Vault is designed as a permissionless, trust-minimized service that caters to users who want a simple, secure way to self-custody their crypto assets. 

At a glance this may seem contradictory, since some elements of Vault’s services are integrated with Uphold – a regulated and permission-based platform. As a result, it’s worth unpacking this apparent paradox and taking a closer look at the design choices that define Vault's underlying structure. 

Let’s start by recapping the requirements of Vault:

  • Vault MUST be resilient to key loss by the user
  • Uphold MUST NOT be able to spend user funds without the users approval
  • Vault assets MUST be accessible at all times - regardless of the Uphold platform or user account status
  • There MUST NOT be any reliance on proprietary tools or infrastructure to recover funds

Vault’s current design satisfies all the above requirements, which means Vault is both permissionless and has minimal trust assumptions. But what do we mean by permissionless, and what are trust minimized systems? Let’s dive in.

Permissionless Systems & Trust

Permissionless systems represent a profound development in the design of digital interactions, fundamentally distinguished by their open and decentralized nature. In a pure permissionless blockchain, such as Bitcoin, anyone is allowed to join and participate in the network without requiring approval from a central authority. This means that users can engage in transactions, participate in the consensus mechanism, and contribute to the network's security and development – all without needing to be vetted or approved by a central governing body. 

A trust-minimized system refers to a design paradigm in which the need for trust between parties is present but significantly reduced. Within a blockchain context, this is achieved through the use of cryptographic algorithms, decentralized consensus mechanisms, and protocols that automate and enforce the rules of interaction without the need for a central authority or intermediary. In such systems, the integrity and security of transactions and data are maintained by the network's protocol itself, rather than the reputation or authority of any single participant.

The main purpose of trust minimization is to create a system where the potential for malicious behavior is limited, not necessarily by the goodwill of the participants, but by the very design of the system. This is done by making all transactions transparent, verifiable by any party, and irreversible once confirmed by the network's consensus mechanism. As a result, users can interact directly with each other in a secure and predictable manner, even if they do not know or trust each other.

How this Applies to Vault

Vault was designed in a way that ensures that users' funds are always on-chain and controlled by the user alone via the 2 out of 3 keys they hold. Users' assets are exactly that – assets they own – and are never liabilities or obligations of Uphold. Within this context, the service enables users to create and manage their own Vault and transactions, including replacing or rotating keys as needed. In addition, using only the keys they hold, users MUST be able to access their Vault, via a variety of open source 3rd party tools.

As a result, Vault is permissionless due to the fact that users can access their funds without using the Uphold platform. Uphold does not have the ability to mediate or restrict a user’s access.

Separately, we have developed an open source project called the Vault Assist Tool (VAT). This is a self-hosted wallet where you interact directly with the required blockchain network associated with your Vault assets – no intermediaries, no account, no permission. Critical Vault Assist Tool code can be validated to ensure withdrawal addresses are not manipulated, keys are never maliciously withdrawn or stored, and only public blockchain infrastructure is used, such as widely available network nodes.

Why Vault is Multisig vs MPC

Some Vault-like products from other service providers rely on multi party computation (MPC) as the basis for their security. While these solutions are certainly secure, they also have a high operational cost due to the MPC algorithm. As a result, most users end up having to use a service provider to compute the signatures and broadcast their transactions. This reintroduces an unnecessary level of permission and trust into the system that Vault is designed to do away with.

Fundamentally, MPC systems are not permissionless due to their reliance on the server-side infrastructure needs of the protocol, and the complexity involved in recovering funds without the aid of the MPC operator.

That’s why we chose a native multi-signature solution for Vault, despite this being more work for us. Multi-sig protocols are a native part of the blockchains we support within Vault. These native multi-sig capabilities have, and are currently securing, billions of dollars’ worth of crypto assets. It is a battle-tested, provably safe mechanism to securely store crypto assets – and one which puts the user in full control of their assets no matter what.

What Are Users “Trusting” With Vault?

The phrase "Don't Trust, Verify" serves as a reminder for crypto users to refrain from relying on any assertion that they cannot independently confirm. Given that the Uphold application is a proprietary codebase, users are trusting that we do not keep a copy of the users private keys after they are generated. However, you don’t need to take our word for it. A technically competent user can simply run the application and inspect all the API calls we make to the Uphold platform to verify that no user keys are ever exported. 

Once a Vault is created within the Uphold app, users can inspect the resulting on-chain wallet and verify for themselves that the quorum of the multi-sig is indeed 2 of 3 as designed. Furthermore, they can prove that the two keys they own are included signers in the multi-sig. This explicitly verifies the fact that Uphold is unable to spend user funds, since we only have one key (to assist users in account recovery and transaction co-signing) and two keys are required to approve a transaction.

Security experts may correctly point out that users are trusting that the random number generator used in Uphold’s mobile app is sound and not compromised in a way that theoretically enables private keys to be recreated later. Currently, it is not possible for users to independently verify this. To mitigate this risk, a future version of Vault will include support for hardware wallets, allowing the user to generate one or more of their keys outside of the Uphold ecosystem entirely.

All of which is to say, Vault is designed to be as permissionless and trustless as possible while providing a wide range of user benefits that are unavailable through traditional non-custodial solutions, including trading and private key replacement. Under this setup, users remain in complete control of their Vault assets at all times in a way that is verifiably secure and self-sovereign.


Don’t invest in crypto unless you're prepared to lose all the money you invest. This is a high-risk investment and you should not expect to be protected if something goes wrong. Take 2 minutes to learn more.

Uphold Team photo
Written by
  • Digital Money Platform
  • Other

Share article

Uphold Team photo
Written by
  • Digital Money Platform
  • Other

Share article



Uphold Europe Limited, Reg No. 09281410, Registered Office: Eastcastle House, 27/28 Eastcastle Street, London, United Kingdom, W1W 8DH

Uphold (FRN: 938277) is registered with the Financial Conduct Authority (FCA) for AML purposes and complies with the Money Laundering, Terrorist Financing and Transfer for Funds (Information on the Payer).

Uphold is also an EMD agent (FRN: 938277) of Optimus Cards UK Limited (FRN: 902034) which is authorised and regulated by the Financial Conduct Authority to issue e-money pursuant to the Electronic Money Regulations 2011.

Cryptoasset services offered by Uphold Europe Limited are unregulated and not covered by the Financial Services Compensation Scheme as well as the FCA’s consumer protection regulations. Cryptoassets are very high risk and speculative. You should be aware and prepared to potentially lose some or all of your money. You should carefully consider whether trading or holding cryptoassets is suitable for you in light of your financial circumstances. Gains may be subject to Capital Gains Tax and there may be extra charges when paying via credit card from your provider. Geographic restrictions may apply.

Fiat money payments and balances (fiat is another name for traditional currencies, such as GBP, USD and EUR) constitute regulated e-money and payment services. In providing fiat balances, you are being issued with e-money by Optimus and Uphold is acting as its agent. See specific e-money terms. E-money is not a deposit or investment account which means that your e-money will not be protected by the FSCS. Your funds will be held in a designated safeguarding account with a regulated financial institution. E-money will not earn any interest.

Uphold is certified for SOC 2 Type 2, ISO 27001, and PCI DSS, ensuring rigorous control over our information security management systems, data handling, and payment processing practices. Furthermore, we comply with the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and the UK Data Protection Act, underscoring our dedication to protecting the personal data and privacy rights of our global customers.

© 2024 Uphold Europe Limited. All rights reserved.