Mermaid Chart
Mermaid Chart makes diagramming simple: create and edit flowcharts, sequence diagrams, and more online. Collaborate in real time and save hours.
flowchart TD
%% USER DEVICE
subgraph "User Device"
direction TB
DevPasskey["Built-in Device Passkey<br/>(Face ID / Touch ID)"]:::int
WebAuthn["WebAuthn assertion<br/>(via external key OR device passkey)"]:::logic
KeyShareA["Key Share A<br/>(AES-encrypted at rest,<br/>gated by Secure Enclave)"]:::secret
FROSTSign["FROST MPC signing<br/>(runs in device RAM<br/>after user auth)"]:::compute
EncA["Encrypted backup of<br/>Key Share A<br/>(iCloud/Google β passkey-encrypted, never plain)"]:::backup
PasskeySync["Passkey backup<br/>(iCloud/Google)"]:::backup
DevPasskey --> WebAuthn
DevPasskey --> PasskeySync
WebAuthn -->|unlock| KeyShareA
KeyShareA -- "decrypted β RAM" --> FROSTSign
KeyShareA -. "passkey-encrypted<br/>export only" .-> EncA
FROSTSign -- "Partial Sig A" --> Combine
end
%% EXTERNAL: hardware FIDO2 key for normal use
HWKey["Hardware Security Key<br/>(FIDO2 token, USB/NFC)"]:::ext
HWKey --> WebAuthn
%% GUARDIAN / SOCIAL SHARE C (Shamir split, not passkey-encrypted)
GuardianShareC["Guardian/Social Recovery<br/>Share C (Shamir split, not passkey-encrypted)"]:::secret
EncC["Distributed guardian shares of C<br/>(print, cloud, trusted people)<br/>Collect quorum to reconstruct"]:::backup
GuardianShareC -- "split and distribute (Shamir)" --> EncC
EncC --> RecoveryTool
%% OPTIONAL: hardware Bitcoin wallet full signing
HWBtc["Hardware Bitcoin Wallet<br/>(Ledger/Trezor/BitBox)"]:::opt
HWBtc -.-> Combine
%% SERVER / TEE
subgraph "Server / TEE (Nitro Enclave)"
direction TB
WebAuthnSrv["WebAuthn required<br/>to access"]:::logic
ShareB["Key Share B<br/>(sealed inside TEE)"]:::secret
EnclaveSign["Partial Sig B<br/>(FROST, runs inside TEE)"]:::compute
WebAuthnSrv --> ShareB
ShareB --> EnclaveSign
EnclaveSign -- "Partial Sig B" --> Combine
end
%% THRESHOLD COMBINE & CHAIN
Combine["Combine Partial Sig A + B<br/>(FROST threshold signature)"]:::combine
Blockchain["Broadcast to Bitcoin network"]:::chain
Confirmed["Confirmed transaction"]:::chain
Combine --> Blockchain --> Confirmed
%% SOCIAL RECOVERY (MANDATORY)
EncA --> RecoveryTool
RecoveryTool -. "reconstruct C<br/>(from guardian shares)" .-> Combine
%% NOTE
Note1["Threshold MPC β full key **never** exists in one place.<br/>
Mobile share is passkey-gated; server share lives only in TEE.<br/>
Guardian/social recovery shares (Share C) are split among trusted people and NOT passkey-encrypted β collect quorum for recovery.<br/>
**Server must be present for any spending, recovery, or inheritance (as in Bitkey).**<br/>
If either share is compromised, wallet cannot be drained.<br/>
Optional hardware wallet can provide additional resilience.<br/>
Test your backup and recovery regularly."]:::note
Note1 --- Combine
%% STYLES
classDef ext fill:#dbeafe,stroke:#1e3a8a,stroke-width:2px
classDef int fill:#dbeafe,stroke:#475569,stroke-width:2px
classDef logic fill:#ffffff,stroke:#000000,stroke-width:2px
classDef secret fill:#ffe4e6,stroke:#be123c,stroke-width:2px
classDef compute fill:#fff7ed,stroke:#a16207,stroke-width:2px
classDef backup fill:#fefce8,stroke:#92400e,stroke-width:2px
classDef combine fill:#e2e8f0,stroke:#334155,stroke-width:2px
classDef chain fill:#ecfccb,stroke:#15803d,stroke-width:2px
classDef note fill:#fff3cd,stroke:#b38f00,stroke-width:2px
classDef opt fill:#f5f3ff,stroke:#6366f1,stroke-width:2px,stroke-dasharray:5 5
The chart gives a walkthrough of events. I downloaded the SVG, made a PDF out of it, and gave it NotebookLM from Google, this is the result of the AI generated podcast https://notebooklm.google.com/notebook/75835e6c-7cdb-4d0d-bc5d-d98fbd1930bd/audio
https://blossom.primal.net/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
