CAUTH2.0: A Open Security Framework for Smart Cryptographic Wallets


Although Bitcoin, Ethereum and the general concept of Cryptocurrency is much more widespread then when I got into it, I am still surprised to find how difficult it is for my friends and family to get started. Whether they have to create paper wallets via and having to save their seed to a password manager (or for the less tech savy to a text file on their desktop) or trying to use Ledger the experience feels alien compared to pretty much every other software ecosystem.

CAuth2.0 is my proposal to solve this issue. The original goal was to create a user experience as close to what users commonly experience (email, password, 2FA) but with the same “level” of security as hardware wallets. At a high level the solution utilizes client-side encryption similar to secure password managers but combined with 2FA multi-signature workflows to ensure network security.

You can read the full framework here.

Key access: How does it work?

The framework proposes a client encrypted key storage system that ensures that the service-provider never has access to private keys. This methodology results in users having access to their keys using a Email + Password + Master Password. Admittedly the master password is an additional piece of information users must store however it has a added advantage of being disposable and customizable which is not the same as a seed or private key.

Vault Creation and Key Storage Process

Key Retrieval Process

Two-factor Multi-signature: How does it work?

By using smart-account functionality and a intermediary security layer, users are able to provide authorization for transactions via a second methodology i.e. Email or SMS.

Transaction Broadcasting Communication Flow

Sample Deployment Architecture


By addressing these challenges, users of CAuth2.0 can have a familiar experience for primary authentication/authorization (OAuth2.0) and transaction broadcasting (two-factor confirmations). The proposed framework is compatible with all Smart Account enabled blockchains and can be implemented in a multi-service provider ecosystem.


Hook-line and sinker…

Now that I have your attention, let’s have a rational conversation about buying cryptocurrencies. Quick test to see whether this article will be a waste of your time.

  1. Do you understand the relationship between time and risk?
  2. Do you own ETF’s, Index Funds or have money in a Robo-advisor?
  3. Do you understand compound interest?
  4. If I give you 101% return on a flip of a coin, should you take it?
  5. Do you have more than 4 months of expenses in a spending account or bank savings account?

If your answer to the first 4 was “Yes” than go ahead and skip this article. If your answer to 5 was yes…personally message me immediately so we can discuss the list of things you need to do before you invest in crypto…

It goes without saying that I am not a professional financial adviser and do not take any responsibility for any decisions you as a rational adult make.

(P.s. Calculations could be wrong.)

Lets start.

Risk vs. Return

It is important to understand the relationship between risk and return not only in finance but also life. Go snowboarding potentially break a leg. Ask a girl out, she says yes…than dumps you 5 days later, that’s life (That one still hurts).

The relationship between risk and return in gambling is very easy to understand.


If for every $1 you gambled, I gave you $3 if its heads and you lose the $1 if its tails would you take the gamble?

The university answer is yes, you should always take the bet because you have a positive Return / Risk (3/2 = (1.5/1 – 1) or 50%). This means that over the long run, you should theoretically get ROI of 50% on investment ie. take this bet as often as possible.

Over the long run

Something key was just mentioned, “over the long run“. Why does the time matter in this gambling example? Very simply, because the odds are in your favor, the more often you take the gamble, the higher the probability you will gain 50% overall which will approach 100% certainty.

To demonstrate this concept, lets take our game of heads and tails where you bet $1, get back $3 if you win and play it twice, reinvesting the winnings (Heads = Win):

On the left is the probability, on the right are the outcomes.




The simple formula for calculating return vs risk:

Estimated ROI =(probability * outcome)/originalInvestment – 1

In round 1 the return is calculated as 50% ($3 * 0.5 – $1). Nice job on taking the bet!

Now lets do the second round.

There are four outcomes so it is .25 chance that you will get $9 return.

Calculating that in we get 125% (($9*.25)/$1 – $1). Wait a minute?!!! How did the Estimated return gets bigger, we took the same odds…

This is the intimate unappreciated relationship between time and money, when odds are good, the more “times” you make that investment the better off you are.

Catch 22

Here is the thing, if you have played the flipping game enough and accrued enough to retire, would you still risk it all to 3x? The short answer is no. Money has a depreciating return on individuals (Unless you are insatiable) and as people gain more money, they tend to rightly choose more risk adverse options (This does not necessarily hold true for the extremely wealthy). In the coin game, you could lose everything on a 50% coin flip… That’s very scary. If you make the choice not to make that flip, not only should you not be judged, I applaud you for exercising financial restraint…Flip ya anyway…Huon, Saxon?!

What you were waiting for…

The ideas expressed in this article are relatively simple concepts and for some reason when dealing with cryptocurrencies, people tend to throw away reason.


In conventional investments, due to regulation and financial market practices there is a fair amount of transparency in the associated risks. Things like liquidity risk is clearly disclosed in things such as Stocks.

In fact, more reason and care should be taken as even conventional risks have a fairly big cryptocurrency twist e.g.


Conventional Meaning Cryptocurrency Risk
Equity Risk The value of the equity is affected by the supply and demand of investors. Volatility is limited and large investors usually need to disclose large sale orders. Large whales own large amounts of certain cryptocurrencies. Any large sell off by a single investor could cause a fall-on effect due to the market uncertainty (ie. Imagine if Satoshi started selling his BTC).
Concentration Risk Lack of diversification in your portfolio means that specific changes in the underlying factors related to your investment (Industry, geography etc.) which may greatly increase your risk. Most cryptocurrencies are tied to a very specific idea or potentially only on currency utility. As such investing in a coin greatly increases your concentration in that one underlying factor. This is different from lets say investing in a more complex investment such as Apple stocks (Even if their iPhones fail, their MacBooks could be killing it)
Liquidity Risk The risk of not being able to get a good market value for your investment. This is most present in illiquid assets as transparency is very low in regards to market price.

There is a lot of associated uncertainty with selling off your cryptocurrency. If it is in a private wallet you need to move it, than onto an exchange. Due to the volatility, the moment you hit sell, the price of the asset may have dropped 5% no joke. There could even be a 5% difference in prices between exchanges.

WARNING! Technical Risks.

The arguably largest and most ignored risk for cryptocurrencies is something I call “Technical Risk”. The risk that a technical detail beyond the understanding of the investor may affect the investment.

Case and point Parity.

What is the required return to make up for the technical risk for cryptocurrencies? That is for you the investor to decide however some great every-man alternatives are

Robo-advisors such as Stockspot.

ETFs or Index funds are also a very effective investment vehicle.

If you continue to insist on Crypto than a diversified approach such as C20 are a much safer approach.

Please at least read the White Papers of any ICO you participate in…

The real secret is cryptocurrency is not for the lazy. Do not HODL especially if you have met your investment horizon or goal (Look up BCC). Technical Risk may increase (i.e. developer teams leaving the project). Pay attention and try to understand the risks. Do not get emotionally attached! You are not some savant of finance for choosing ETH@$30.

Me? I am going to keep investing into crypto because Yolo, but definitely don’t copy me.