Juicebox 🧃

While exploring options for securely storing encryption keys in a decentralized and trust-minimized way, I came across Juicebox — and it was exactly what I was looking for. I wanted a solution that wouldn't rely on centralized storage or risky backups, but also wouldn't require users to remember anything more than a simple PIN.

The Problem Juicebox Solves

Backups are hard and risky. If a user loses their device, they lose access to their secret. If someone steals their backup, they can take everything. What's needed is a solution that:

• Doesn't rely on centralized trust

• Protects against brute-force attacks

• Doesn't require remembering long passwords or writing down recovery phrases

• Works across multiple servers, devices, and threat models

Juicebox delivers on all of this by combining cutting-edge cryptography with a developer-friendly design

How Juicebox Works (in Simple Terms)

Juicebox breaks your secret into multiple pieces and distributes them to different servers, called realms. To recover the secret, a user must interact with a threshold number of realms (e.g., 2 out of 3). Each realm contributes a piece of the puzzle, but no single realm can access the full secret.

To recover a secret, the user just enters their PIN. Juicebox performs a threshold-based Oblivious Pseudorandom Function (T-OPRF), allowing the realms to validate the PIN without ever seeing it. Once the correct PIN is validated, the user gets the pieces needed to reconstruct the secret.

Realms: The Core of Juicebox's Security

There are two types of realms:

• Software Realms: Easy to deploy, run on commodity cloud infrastructure.

• Hardware Realms: Backed by physical HSMs (like Entrust nShield), offering tamper resistance and brute-force protection.

You can mix and match realms. For example, a 2-of-3 setup could involve 2 software realms and 1 hardware realm. This flexibility allows you to design a trust model that fits your app's security profile.

Built-in Brute-force Protection

Juicebox doesn’t just validate PINs; it defends them. Each secret is protected by a maximum guess count. If a user enters the wrong PIN too many times, the share at that realm becomes unrecoverable. This means even if an attacker gets access to all realms, they can't brute-force their way into a user's secret.

Use Cases

• Crypto wallets: Replace 12-word seed phrases with a simple PIN.

• Secure messaging: Recover encryption keys securely even after device loss.

Resources:

• Juicebox Protocol on GitHub

• Running a Software Realm

• Running a Hardware Realm

• Juicebox Whitepaper