How can you claim that the user does not have to store/protect a 'private key' (which basically just is sensitive information) if in your concept the user has to store and protect a 'mathematical secret' (which serves as sensitive information).
That's basically the same. Each wallet has to store sensitive information.
Your concept just creates more security flaws than it solves.
You are right. Well nearly. Some sensitive information is definitely saved on the client side. But its not the full information, meaning that stealing it does not allow the hacker to spend it. (unlike private key)
Well.. your website says the following:
An encrypted copy of your device share is stored on the ZenGo server, and the decryption code is stored separately in your personal iCloud account.
So.. one of you is lying.
Its encrypted by the client and stored encrypted on the server. The server cannot access it.
No. That's not true.
If the device is hacked or lost, the attacker can simply start a transaction.
All he needs to do that is 1) the shared secret and 2) biometric data.
Both can be found on the mobile. The data of the fingerprint is stored on the mobile.
The same applies to the shared secret.
For starters, with our solution the attacker must spend the money through our services which gives us another point of intervention.
Secondly, getting past Apple authentication is not easy, as shown with the FBI-Apple case
https://en.wikipedia.org/wiki/FBI%E2%80%93Apple_encryption_dispute (and most attackers are not FBI grade)
Which makes it as secure as a web wallet (in this specific case only).
Your concept only creates downsides. A standard mobile wallet is - by far - more secure. By design.
Our solution makes the attacker mission much harder: Instead of needing to 1 piece of secret information, they now need to get 2 pieces of secret information stored in different places. Of course, once they get 1 piece then they need the other piece. This is the same as claiming multiSig is irrelevant because when you steal one key, then its not multisig and you need just one extra key.
Btw if you want to try for yourself we have a fun security challenge with 1BTC for you if you manage to get in. And we make it very easy for you to get in.
https://zengo.com/the-zengo-challenge-win-1-btc-and-prove-us-wrong/We invite you to try it. Also check out our github, all the cryptography is open source...