2.5 Secure Key Management & Recovery

Key Management Architecture

Cryptic’s key management architecture is engineered to exceed the security profile of mainstream messengers and wallets, delivering long-term protection against both classical and post-quantum cryptographic threats.

Hardware-Anchored, Zero-Knowledge Key Storage

Private keys are generated and stored on-device using OS-native secure storage mechanisms accessed via React Native Keychain, with optional biometric gating.

• Keys are stored in hardware-backed secure storage where supported by the device

• Keys are non-exportable under configured security policies

• Keys are protected against direct extraction and brute-force attacks

• Cryptic does not have access to user private keys

mportant clarification: Hardware backing (Secure Enclave / TEE) depends on device capabilities and key attributes. Cryptic enforces the strongest protection available per platform.

Encrypted Backups (Google Drive – Optional)

For users who opt in, Cryptic supports end-to-end encrypted Google Drive backups.

• Backup data is encrypted client-side before upload

• Cryptic cannot access backup contents

• Google cannot decrypt the data

• Restoration requires possession of the user’s device credentials and cryptographic material

This enables account recovery while preserving non-custodial control and user sovereignty.

Device-Bound Identity Protection

Account recovery and key restoration are protected through device-bound cryptographic identity and local authentication controls.

• Device binding mechanisms

• Biometric or OS-level authentication enforcement

• Cryptographic verification during restore flows

These measures significantly reduce the risk of unauthorized restoration, even if encrypted backup data is compromised.

Anti-Fraud Defense Layer

Cryptic incorporates multiple defensive signals and verification steps to mitigate:

• SIM swap attacks

• Unauthorized device restoration

• Cloud credential compromise

• Social-engineering-based recovery attempts

These protections combine OS security guarantees, cryptographic verification, and user-controlled authentication rather than relying on centralized trust.

Cryptic’s key management approach is anchored in device-level security, protected by cryptographic controls, and designed to minimize reliance on centralized infrastructure. By combining non-custodial key storage, encrypted recovery options, and strong local authentication, Cryptic delivers a security model suitable for high-risk communication and settlement use cases.