How Wallets Created on Zora Work

Edited

Digital asset wallets (“Wallets”) allow users to store, send, and receive NFTs, cryptocurrency, and other tokens. Users who do not already have a wallet can now create their own directly on Zora!

Wallets created on Zora are self-custodial; you have sole access and control over your wallet. Neither Zora nor our infrastructure partners ever have access to the private key that controls your wallet's contents. This is possible thanks to Privy, a wallet infrastructure provider that allows you to create your wallet more easily than ever!

What is Privy?

Privy is a non-custodial wallet service provider that allows you to create a wallet using familiar credentials, like your email. Privy wallets are not browser extensions - rather, they live directly on the site that hosts them.

Your new wallet will live embedded on Zora with no third-party app downloads or browser extensions required. Privy employs a wallet design based on key-splitting cryptography. (discussed in more detail below) so you are the only one with access to your wallet’s private key. You can access your wallet using just the device you logged in with and a password. Neither Zora, Privy, nor any other party can access your wallet!


How wallets created on Zora work.

Typical self-custodial wallets are browser extensions that help a user generate, store and secure a private key, i.e. a code necessary to access and control digital assets (e.g. NFTs or ETH) on a blockchain.

  • The private key can be represented as a string of letters and numbers or as a sequence of 12 or 24 randomly generated words (also known as a seed phrase).

  • The private key is then used to sign transactions from the wallet (e.g., to make purchases, send funds, or confirm wallet ownership).

Using a wallet often requires downloading an extension, configuring your wallet for the app you want to use, and securing your seed phrase. When you create a wallet on Zora, all you need to do is sign in with an email and add a password to your account to secure your wallet. That’s it - you’re on your way!

Let’s dig into how this works:

  • When you create an account with an email and add a password to it, a private key is generated for you on your device. It is immediately split into three pieces, or “shards,” using a method known as Shamir’s Secret Sharing.

  • Two of the three shards are needed to constitute the wallet's private key so you can perform wallet operations like signing messages and transacting.

    • The first shard is stored on the device you use to create the wallet

    • The second shard is stored with Privy and only accessible to you if you’re able to sign in with your email.

    • The third shard is encrypted on your device using your password and Privy stores it for your convenience. This ensures Privy can’t access it, but you have access to it on any device you use.

      • Soon, you will have the option to store this shard with third-party storage services, like iCloud or Google Drive.

  • To use the wallet, you need two shards. These shards are only ever reassembled on your device when using your wallet. You are the only one who can use your wallet.

    • Typically, you’ll use the device shard and the shard stored by Privy for common operations.

    • When you try to access the wallet on a new device, you'll be prompted to input the recovery password to access the third shard. Upon success, the Privy and device shard is used to reconstitute the key and provision your new device.

To learn more about how to create a wallet on Zora, you can follow our guide here.


Backing up your Wallet

The wallet creation experience is designed so that you don’t ever have to handle your raw private key data directly if you don’t want to. However, you always have the option to export your private key at any time. That way, if, for any reason, the Zora wallet interface or Privy is unavailable, you will still have a way to access your wallet independently. This also allows you to take your embedded wallet assets with you to third-party apps. You can access the Backup option in your settings here.

Only you can access your private key this way - neither Zora, Privy, nor any other third party can do this.

If you export your private key, store it securely and NEVER share it with anyone! Here are a few tips:

  • Keep it offline - Store it on an offline hard drive.

  • Write it down on paper - Place it with your other important documents. This way, you know exactly where it is, and people won’t stumble across it.

  • Never share it with anyone. If you are ever asked to share your private key, do not interact, as it is likely a scam. You should be the only person who knows your private key!

⚠️ No one from Zora or Privy will ever ask you for your private key, email authentication code, or wallet password. Keep these secure, and do not share them. ⚠️