Self-custody keys

Self-custody represents the foundational principle of cryptocurrency ownership: maintaining complete control over your private keys and, by extension, your digital assets. In the context of Lockx, self-custody mode allows users to bring their own cryptographic keys to the platform while still benefiting from the smart contract security and organizational features that Lockboxes provide.

Unlike managed wallet solutions where third parties control key generation and storage, self-custody places the full responsibility and authority of key management directly in the user's hands. This approach aligns with the core ethos of decentralized finance: "not your keys, not your coins." With Lockx self-custody mode, users generate their own private keys using their preferred methods and tools, ensuring that no third party ever has access to the cryptographic material that controls their assets.

The Lockx implementation of self-custody maintains full compatibility with existing cryptocurrency security practices while extending functionality through smart contract automation. Users retain complete ownership of their signing keys and can export them at any time, ensuring that their assets remain under their direct control regardless of platform availability or policy changes.

Key management architecture

In Lockx self-custody mode, users provide their own public keys during Lockbox creation. These keys are generated and managed entirely by the user using their preferred hardware wallets, software wallets, or key generation tools. The platform never has access to the corresponding private keys, maintaining the fundamental security property of self-custody.

When creating a Lockbox with self-custody keys, users specify their public key as the `lockboxPublicKey` parameter in the smart contract. This public key becomes the authoritative signature verification key for all operations on that specific Lockbox. The smart contract stores only the public key, which is cryptographically safe to expose and cannot be used to derive the private key or sign transactions.

All subsequent operations on the Lockbox—including withdrawals, swaps, key rotation, and burning—require signatures produced by the corresponding private key. These signatures follow the EIP-712 standard for structured data signing, ensuring that users can verify exactly what they are authorizing before signing.

The signature verification process is handled entirely on-chain through the SignatureVerification smart contract, which uses elliptic curve cryptography to mathematically verify that signatures were produced by the holder of the private key corresponding to the stored public key. This approach provides cryptographic proof of authorization without requiring the platform to store or access private keys.

Smart contract integration

The Lockx smart contract system is designed to seamlessly integrate with self-custody key management while providing advanced functionality beyond simple private key storage. The core Lockx contract inherits from multiple specialized contracts, including Withdrawals and SignatureVerification, creating a comprehensive system for asset management and cryptographic authorization.

When users create Lockboxes, they provide their public key alongside the assets they wish to deposit. The smart contract initializes the Lockbox with this public key through the SignatureVerification system, establishing the cryptographic link between the user's private key and their on-chain assets.

Each operation that moves or modifies assets requires a valid EIP-712 signature from the user's private key. The signature covers all relevant parameters of the operation, including token addresses, amounts, recipients, and a unique nonce to prevent replay attacks. This comprehensive signing approach ensures that users maintain granular control over every aspect of their asset management.

The smart contract enforces these signature requirements at the protocol level, making it cryptographically impossible for anyone without the private key to access or move the user's assets. This provides the same security guarantees as traditional self-custody while enabling sophisticated asset management features through smart contract automation.

Operational requirements

Self-custody mode requires users to take active responsibility for key security and operational procedures. Unlike managed systems where platforms handle signing operations automatically, self-custody users must manually authorize every transaction that affects their Lockbox contents. This includes withdrawals, swaps, metadata updates, key rotations, and Lockbox burning operations.

Users must maintain secure storage of their private keys using industry-standard practices such as hardware wallets, air-gapped computers, or secure key management systems. The security of the entire self-custody system depends on protecting these private keys from compromise, loss, or unauthorized access. Unlike managed systems, there is no recovery mechanism if keys are lost or compromised.

Each signing operation requires users to review and authorize specific transaction parameters through their wallet interface. The EIP-712 standard ensures that users can see human-readable descriptions of what they are signing, including specific amounts, token addresses, and operation types. This transparency allows users to verify that they are authorizing exactly the operations they intend.

Operational complexity scales with the sophistication of the user's key management setup. Simple software wallets provide basic signing capabilities, while hardware wallets add security at the cost of additional steps. Advanced users may implement multi-signature schemes or air-gapped signing processes for enhanced security, though these approaches require additional technical expertise and operational overhead.

Security properties and trade-offs

Self-custody provides the highest level of individual control over cryptographic assets, but this control comes with corresponding responsibilities and trade-offs. The primary security advantage is the elimination of trust in third parties for key storage and management. Users who properly secure their private keys can be confident that their assets remain under their exclusive control.

However, self-custody also introduces single points of failure centered around private key security. Key loss results in permanent asset loss, while key compromise potentially grants attackers full access to the user's Lockbox contents. These risks require users to implement robust backup and security procedures, including secure key storage, regular backup verification, and operational security practices.

The self-custody model provides protection against platform-level attacks and regulatory actions. Since users maintain direct control over their private keys, platform compromise or unavailability does not directly threaten asset security. Users can potentially interact with the smart contracts directly or through alternative interfaces, maintaining access to their assets even if the primary platform becomes unavailable.

Operational security depends entirely on the user's implementation of security best practices. This includes protecting private keys from malware, using secure transaction signing procedures, verifying transaction details before signing, and maintaining secure communication channels. The decentralized nature of self-custody means that users bear full responsibility for these security measures.

Integration with existing tools

Lockx self-custody mode is designed to integrate seamlessly with existing cryptocurrency security tools and practices. Users can generate keys using established methods such as BIP-39 mnemonic phrases, hardware wallet key generation, or offline key generation tools. The platform accepts standard secp256k1 public keys, ensuring compatibility with the broader Ethereum ecosystem.

Hardware wallet integration provides enhanced security for self-custody operations. Popular hardware wallets can generate and store private keys while providing secure signing interfaces for Lockx operations. The EIP-712 signing standard ensures that hardware wallets can display transaction details clearly, allowing users to verify operations before authorization.

Advanced users can implement custom key management solutions, including multi-signature setups, threshold schemes, or enterprise key management systems. As long as these systems can produce valid ECDSA signatures over EIP-712 structured data, they can be used to control Lockx self-custody Lockboxes.

The system also supports key rotation for users who need to change their cryptographic keys due to security concerns or operational requirements. Key rotation requires a signature from the current key authorizing the change to a new public key, ensuring that only the legitimate key holder can modify the Lockbox's authorization parameters.

Conclusion

Lockx self-custody mode represents a pure implementation of the cryptocurrency principle of individual sovereignty over digital assets. By allowing users to bring their own keys while benefiting from smart contract automation and organization features, the system provides the security benefits of self-custody without sacrificing advanced functionality.

This approach serves users who prioritize maximum control and are prepared to accept the operational responsibilities that come with self-custody. For users with the technical expertise and security infrastructure to manage private keys effectively, self-custody mode offers the strongest possible guarantee of asset ownership and control within the Lockx ecosystem.