Why Nostr? What is Njump?
2025-05-19 07:53:10

Nuri Bitcoin Card on Nostr: flowchart TD %% USER DEVICE subgraph "User Device" direction TB DevPasskey["Built-in ...

https://www.mermaidchart.com/app/projects/bb9914a7-5c02-4735-a741-6177a3bf1230/diagrams/c6b287c0-ebcd-4b5f-8e06-bc4286a35a6d/version/v0.1/edit

flowchart TD
%% USER DEVICE
subgraph "User Device"
direction TB
DevPasskey["Built-in Device Passkey<br/>(Face ID / Touch ID)"]:::int
WebAuthn["WebAuthn assertion<br/>(via external key OR device passkey)"]:::logic
KeyShareA["Key Share A<br/>(AES-encrypted at rest,<br/>gated by Secure Enclave)"]:::secret
FROSTSign["FROST MPC signing<br/>(runs in device RAM<br/>after user auth)"]:::compute
EncA["Encrypted backup of<br/>Key Share A<br/>(iCloud/Google — passkey-encrypted, never plain)"]:::backup
PasskeySync["Passkey backup<br/>(iCloud/Google)"]:::backup

DevPasskey --> WebAuthn
DevPasskey --> PasskeySync
WebAuthn -->|unlock| KeyShareA
KeyShareA -- "decrypted → RAM" --> FROSTSign
KeyShareA -. "passkey-encrypted<br/>export only" .-> EncA
FROSTSign -- "Partial Sig A" --> Combine
end

%% EXTERNAL: hardware FIDO2 key for normal use
HWKey["Hardware Security Key<br/>(FIDO2 token, USB/NFC)"]:::ext
HWKey --> WebAuthn

%% GUARDIAN / SOCIAL SHARE C (Shamir split, not passkey-encrypted)
GuardianShareC["Guardian/Social Recovery<br/>Share C (Shamir split, not passkey-encrypted)"]:::secret
EncC["Distributed guardian shares of C<br/>(print, cloud, trusted people)<br/>Collect quorum to reconstruct"]:::backup
GuardianShareC -- "split and distribute (Shamir)" --> EncC
EncC --> RecoveryTool

%% OPTIONAL: hardware Bitcoin wallet full signing
HWBtc["Hardware Bitcoin Wallet<br/>(Ledger/Trezor/BitBox)"]:::opt
HWBtc -.-> Combine

%% SERVER / TEE
subgraph "Server / TEE (Nitro Enclave)"
direction TB
WebAuthnSrv["WebAuthn required<br/>to access"]:::logic
ShareB["Key Share B<br/>(sealed inside TEE)"]:::secret
EnclaveSign["Partial Sig B<br/>(FROST, runs inside TEE)"]:::compute

WebAuthnSrv --> ShareB
ShareB --> EnclaveSign
EnclaveSign -- "Partial Sig B" --> Combine
end

%% THRESHOLD COMBINE & CHAIN
Combine["Combine Partial Sig A + B<br/>(FROST threshold signature)"]:::combine
Blockchain["Broadcast to Bitcoin network"]:::chain
Confirmed["Confirmed transaction"]:::chain

Combine --> Blockchain --> Confirmed

%% SOCIAL RECOVERY (MANDATORY)
EncA --> RecoveryTool
RecoveryTool -. "reconstruct C<br/>(from guardian shares)" .-> Combine

%% NOTE
Note1["Threshold MPC — full key **never** exists in one place.<br/>
Mobile share is passkey-gated; server share lives only in TEE.<br/>
Guardian/social recovery shares (Share C) are split among trusted people and NOT passkey-encrypted — collect quorum for recovery.<br/>
**Server must be present for any spending, recovery, or inheritance (as in Bitkey).**<br/>
If either share is compromised, wallet cannot be drained.<br/>
Optional hardware wallet can provide additional resilience.<br/>
Test your backup and recovery regularly."]:::note
Note1 --- Combine

%% STYLES
classDef ext fill:#dbeafe,stroke:#1e3a8a,stroke-width:2px
classDef int fill:#dbeafe,stroke:#475569,stroke-width:2px
classDef logic fill:#ffffff,stroke:#000000,stroke-width:2px
classDef secret fill:#ffe4e6,stroke:#be123c,stroke-width:2px
classDef compute fill:#fff7ed,stroke:#a16207,stroke-width:2px
classDef backup fill:#fefce8,stroke:#92400e,stroke-width:2px
classDef combine fill:#e2e8f0,stroke:#334155,stroke-width:2px
classDef chain fill:#ecfccb,stroke:#15803d,stroke-width:2px
classDef note fill:#fff3cd,stroke:#b38f00,stroke-width:2px
classDef opt fill:#f5f3ff,stroke:#6366f1,stroke-width:2px,stroke-dasharray:5 5
Author Public Key
npub1mwvwt5stgxhvzhlpacccsuq3rgdcv6dn5h8rrlgwue8clulvvagq2r5c53
Seen on
wss://relay.nostr.band/npub16r0tl8a39hhcrapa03559xahsjqj4s0y6t2n5gpdk64v06jtgekqdkz5plwss://relay.nostr.band