Secure Your Backup and Mnemonic

Secure Your Backup and Mnemonic: Best Practices and Guidelines

Introduction

Securing your backup and mnemonic is critical to protecting access to your digital assets. Losing your 12/24-word mnemonic or ML-KEM private key means permanent loss of access, as backups are encrypted with a combination of ML-KEM (post-quantum encryption) and symmetric encryption. This guide outlines best practices, workflows, and common pitfalls to ensure your assets remain secure.

Understanding Your Security Tools

ML-KEM (Post-Quantum Encryption)

• A quantum-resistant encryption algorithm used to protect your backup.

• Losing the ML-KEM private key renders backups irrecoverable.

Symmetric Encryption

• Used alongside ML-KEM for encrypting backups (e.g., AES-256).

• Requires a strong password to decrypt.

SLH-DSA Keys

• Used for digital signatures. Never share these keys, as they authenticate transactions.

Mnemonic Phrase

• A 12/24-word seed phrase that regenerates your wallet’s private keys.

• It is the ultimate backup. Losing it means losing access forever.

Best Practices

1. Store Your Mnemonic Offline

• Write it down physically: Use paper or fire/water-resistant metal (e.g., steel plates).

• Multiple secure locations: Store copies in a safe, bank deposit box, or with trusted parties.

• Never store digitally: Avoid photos, cloud notes, or text files.

2. Encrypt Backups Securely

• Use strong passwords: Combine uppercase, lowercase, numbers, and symbols (e.g., Nv7@qT!3xLp).

• Separate backups from mnemonics: Never store encrypted backups and mnemonics together.

• Use trusted cloud services: Enable 2FA for cloud accounts storing backups.

3. Test Recovery Periodically

• Simulate recovery: Restore your wallet using the mnemonic every 3–6 months.

• Verify decryption: Ensure backups can be decrypted with your password.

4. Never Share Keys

• Avoid phishing/scams: Never share your mnemonic, ML-KEM key, or SLH-DSA keys via email, calls, or messages.

• Beware of fake support: Legitimate services will never ask for your keys.

Step-by-Step Workflow

Exporting an Encrypted Backup

1. Navigate to Settings: Go to Settings > Backup & Restore in your wallet/app.

1. Export Backup:

   • Select Encrypt Backup and set a strong password.

   • Save the encrypted file to a secure cloud service (e.g., Google Drive with 2FA).

2. Verify Decryption:

   • Immediately test decrypting the backup with your password.

   • Confirm all data (e.g., wallet addresses, balances) is intact.

Restoring from Backup (Testing)

1. Initiate Restore: Use Settings > Backup & Restore > Restore Backup.

2. Enter Password: Provide the password to decrypt the backup.

3. Validate Recovery: Ensure restored wallet matches original (e.g., transaction history, balances).

Common Mistakes to Avoid

Storing mnemonics digitally: Even encrypted digital copies are vulnerable. Reusing passwords: Use unique passwords for backups and accounts. Ignoring recovery tests: Assume backups are corrupt until proven otherwise. Storing keys/mnemonics together: A single breach could compromise both.

Note :

Your mnemonic and ML-KEM private key are the gatekeepers to your assets. By following these practices—storing offline, encrypting backups, testing recovery, and guarding keys—you ensure resilience against loss or theft. Security is your responsibility. Stay proactive, stay safe.