Documentation - KRAY•SPACE

Core Principle

You Choose, You Sign, You Are Responsible

Every action on the KRAY L2 Bridge requires your explicit authorization.

The KRAY L2 Bridge is a trustless, automated system. Validators do not make decisions — they only execute what you authorize with your signature.

Important

Your signature on the Bitcoin blockchain is permanent proof of your authorization. It cannot be disputed or reversed.

Responsibilities

👤 Your Responsibility

Verify destination addresses
Choose appropriate fee rates
Understand network conditions
Accept delays from congestion
Secure your private keys
Sign transactions carefully

🤖 What the Bridge Does

Execute your signed instructions
Follow automated security rules
Verify signatures are valid
Process after challenge period
Protect from fee spikes
Record proof on blockchain

Critical

The bridge cannot help you recover funds sent to wrong addresses. Bitcoin transactions are irreversible. Always triple-check before signing.

Frequently Asked Questions

What happens if I choose a low fee?

This is your responsibility. Lower fees mean slower confirmation — potentially hours or days. The bridge shows you current network conditions, but you make the final choice. Your signature is proof that you chose the fee rate.

What if network fees spike after I sign?

The bridge has protection: minor spikes (up to 2x) proceed normally. Major spikes cause the transaction to hold until fees decrease. If fees stay high for 7+ days, the transaction is cancelled and your L2 balance is refunded. However, you accepted this risk when you signed.

Can I cancel after signing?

During the 24-hour challenge period, cancellation may be possible. Once broadcast to Bitcoin, the transaction cannot be cancelled. Bitcoin transactions are irreversible.

What is the 24-hour challenge period?

A security feature that protects against fraud. After you sign, there's a 24-hour waiting period where validators verify everything is correct. If fraud is detected, the withdrawal is cancelled. This is an industry-standard practice.

Why do I provide my own UTXO for fees?

Transparency and control. You see exactly what you're paying, you choose the fee rate, and your signature proves you authorized it. The bridge doesn't need a fee reserve that could be attacked.

What if I send to the wrong address?

Your funds are lost forever. Bitcoin transactions are irreversible. The bridge cannot recover funds sent to wrong addresses. Nobody can. Always verify addresses before signing.

Fee Structure

L2 Operations

Transfers: Free with membership, or 1 KRAY
Staking: Free
DeFi operations: 1 KRAY

Bridge Operations

Deposit (L1 → L2): Free (you pay Bitcoin network fee)
Withdrawal (L2 → L1): You provide UTXO for Bitcoin fee

Note

For withdrawals, you choose the fee rate. The bridge uses your sats to pay the network fee. Any change is returned to your address.

Security Model

Multi-Layer Protection

Your Signature — Only you can authorize transactions
24-Hour Challenge — Time to detect fraud
2-of-3 Multisig — Validators must agree
Fee Protection — Hold during fee spikes
Automatic Refund — If cancelled, funds return
Blockchain Proof — Immutable record

Your Security Responsibilities

Never share your seed phrase or private keys
Always verify addresses before signing
Use hardware wallets for large amounts
Check network conditions before withdrawing

🔐 Cryptographic Security (Schnorr Signatures)

KRAY L2 uses Schnorr signatures (BIP-340) — the same cryptographic standard used by Bitcoin Taproot. This ensures maximum security for your transactions.

Your Private Key is ALWAYS Safe

Your private key NEVER leaves your device. When you sign a transaction, only the signature is sent to the server — never your private key.

How Signing Works

YOUR DEVICE (KrayWallet Extension)          SERVER (Validators)
═══════════════════════════════════         ═══════════════════

1. Private Key stays HERE                   ❌ Never sees private key
   (encrypted in your browser)

2. Creates message:
   "from:to:amount:nonce:type"

3. Signs with Schnorr:
   signature = sign(message, privateKey)

4. Sends to server:                    →    5. Receives:
   ├── signature (64 bytes)                    ├── signature
   ├── public key (32 bytes)                   ├── public key
   └── ❌ NEVER the private key                └── message data

                                            6. Verifies signature
                                               using ONLY public key
                                               
                                            7. If valid → executes
                

Why This is Mathematically Secure

One-way function: It's mathematically impossible to derive the private key from a signature
secp256k1 curve: Same elliptic curve used by Bitcoin since 2009
128-bit security: Would take longer than the age of the universe to crack
BIP-340 standard: Audited and battle-tested by the entire Bitcoin ecosystem

What Gets Sent Over the Network

✅ Sent (Safe)

Your public address
Transaction details
Signature (64 bytes)
Public key (32 bytes)
Nonce (replay protection)

❌ Never Sent

Private key
Seed phrase
Wallet password
Any data that could sign other transactions

Protection Against Attacks

Intercept signature: Useless — each signature only works for that specific transaction
Replay attack: Impossible — nonce increments with each transaction
Modify transaction: Invalid — any change breaks the signature
Brute force: Impossible — 2¹²⁸ attempts needed (more than atoms in the universe)
Man-in-the-middle: Protected — HTTPS + signature verification

Same Standard as Bitcoin

We use the exact same cryptographic standards as Bitcoin Taproot, Lightning Network, and all major cryptocurrency wallets. Your security is guaranteed by the same mathematics that protects billions of dollars in Bitcoin.

🏗️ Complete Security Architecture

Here's everything we do to keep your funds safe. Full transparency — no hidden mechanisms.

1. Wallet Security (Your Device)

┌─────────────────────────────────────────────────────────────────┐
│  YOUR KRAYWALLET EXTENSION                                       │
├─────────────────────────────────────────────────────────────────┤
│                                                                  │
│  🔐 SEED PHRASE                                                  │
│  ├── Generated using BIP-39 standard (2048 words)               │
│  ├── 128-256 bits of entropy (cryptographically random)         │
│  ├── Created LOCALLY in your browser                            │
│  └── NEVER sent anywhere — stays on your device only            │
│                                                                  │
│  🔑 PRIVATE KEY                                                  │
│  ├── Derived from seed using BIP-32/BIP-44/BIP-86               │
│  ├── Encrypted with YOUR password (AES-256)                     │
│  ├── Stored in browser's localStorage (encrypted)               │
│  └── Decrypted ONLY when you enter password                     │
│                                                                  │
│  📍 ADDRESS DERIVATION                                           │
│  ├── Path: m/86'/0'/0'/0/0 (BIP-86 Taproot)                     │
│  ├── Creates bc1p... addresses (Taproot/P2TR)                   │
│  └── Same standard as Bitcoin Core, Sparrow, etc.               │
│                                                                  │
└─────────────────────────────────────────────────────────────────┘
                

2. L2 Transaction Security

┌─────────────────────────────────────────────────────────────────┐
│  L2 TRANSFER FLOW                                                │
├─────────────────────────────────────────────────────────────────┤
│                                                                  │
│  STEP 1: Create Transaction                                      │
│  ├── You enter: recipient address + amount                       │
│  ├── Extension fetches your current nonce from server           │
│  └── Creates message: "from:to:amount:nonce:type"               │
│                                                                  │
│  STEP 2: Sign Locally (YOUR DEVICE)                              │
│  ├── Message is hashed with SHA-256                              │
│  ├── Hash is signed with YOUR private key (Schnorr)             │
│  ├── Creates 64-byte signature                                   │
│  └── Private key NEVER leaves your device                       │
│                                                                  │
│  STEP 3: Send to Server                                          │
│  ├── Sends: signature + public key + transaction data           │
│  ├── Does NOT send: private key, seed phrase, password          │
│  └── All over HTTPS (TLS 1.3 encrypted)                         │
│                                                                  │
│  STEP 4: Server Verification                                     │
│  ├── Recreates the same message hash                             │
│  ├── Verifies signature using YOUR public key                   │
│  ├── Checks nonce matches (prevents replay attacks)             │
│  ├── Checks you have sufficient balance                          │
│  └── If ALL checks pass → executes transaction                  │
│                                                                  │
│  STEP 5: Confirmation                                            │
│  ├── Transaction recorded in Supabase database                  │
│  ├── Nonce incremented (can't reuse signature)                  │
│  ├── Balance updated atomically                                  │
│  └── ✅ INSTANT confirmation returned                           │
│                                                                  │
└─────────────────────────────────────────────────────────────────┘
                

3. Bridge Security (L1 ↔ L2)

┌─────────────────────────────────────────────────────────────────┐
│  BRIDGE MULTISIG ARCHITECTURE                                    │
├─────────────────────────────────────────────────────────────────┤
│                                                                  │
│  🏦 BRIDGE WALLET: 2-of-3 Taproot Multisig                       │
│  ├── Requires 2 out of 3 validators to sign                     │
│  ├── No single point of failure                                  │
│  ├── Uses MuSig2 aggregated signatures                          │
│  └── Address: bc1p... (same Taproot standard)                   │
│                                                                  │
│  👥 VALIDATORS (3 Independent Servers)                           │
│  ├── Each has unique private key                                 │
│  ├── Keys stored in secure environment variables                │
│  ├── Never exposed in code or logs                               │
│  └── Geographically distributed                                  │
│                                                                  │
│  📥 DEPOSIT (L1 → L2)                                            │
│  ├── You send KRAY to bridge multisig address                   │
│  ├── QuickNode monitors for incoming transactions               │
│  ├── After 1 confirmation → L2 balance credited                 │
│  ├── Automatic, trustless, no manual intervention               │
│  └── 1:1 mapping (1 KRAY L1 = 1 KRAY L2)                        │
│                                                                  │
│  📤 WITHDRAWAL (L2 → L1)                                         │
│  ├── You sign withdrawal request with YOUR key                  │
│  ├── 24-hour challenge period (fraud protection)                │
│  ├── You provide UTXO for Bitcoin network fee                   │
│  ├── 2-of-3 validators sign the PSBT                            │
│  ├── Transaction broadcast to Bitcoin network                   │
│  └── KRAY sent to YOUR L1 address                               │
│                                                                  │
└─────────────────────────────────────────────────────────────────┘
                

4. Database Security

┌─────────────────────────────────────────────────────────────────┐
│  SUPABASE DATABASE                                               │
├─────────────────────────────────────────────────────────────────┤
│                                                                  │
│  🗄️ WHAT WE STORE                                                │
│  ├── L2 account IDs (derived from your address)                 │
│  ├── L2 balances                                                 │
│  ├── Transaction history                                         │
│  ├── Public keys (for signature verification)                   │
│  └── Nonces (for replay protection)                             │
│                                                                  │
│  ❌ WHAT WE NEVER STORE                                          │
│  ├── Private keys                                                │
│  ├── Seed phrases                                                │
│  ├── Passwords                                                   │
│  └── Any data that could access your funds                      │
│                                                                  │
│  🔒 DATABASE SECURITY                                            │
│  ├── Hosted on Supabase (enterprise-grade)                      │
│  ├── Row-level security policies                                │
│  ├── Encrypted at rest and in transit                           │
│  ├── Regular automated backups                                   │
│  └── Access only via authenticated API                          │
│                                                                  │
└─────────────────────────────────────────────────────────────────┘
                

5. Anti-Fraud Protections

✅ Built-in Protections

Nonce system: Each tx has unique number, can't replay
Signature verification: Cryptographic proof required
24h challenge period: Time to detect fraud
Rate limiting: Prevents spam attacks
Balance checks: Can't spend more than you have
Fee spike protection: Holds tx if fees too high

🛡️ Additional Safeguards

Membership tiers: Free tx for card holders
Minimum balance: Prevents dust spam
Auto-refund: If withdrawal cancelled
Clean UTXO check: No inscriptions in fee input
Address validation: Must be valid bc1p...
Amount validation: Must be positive integer

6. Open Standards We Use

BIP-39: Mnemonic seed phrases (same as all Bitcoin wallets)
BIP-32: Hierarchical deterministic wallets
BIP-44: Multi-account hierarchy
BIP-86: Taproot derivation paths
BIP-340: Schnorr signatures
BIP-341: Taproot spending rules
secp256k1: Elliptic curve (Bitcoin standard)
SHA-256: Hashing algorithm
AES-256: Encryption for stored data
TLS 1.3: Network encryption (HTTPS)

100% Open Standards

We don't use any proprietary or custom cryptography. Everything is based on Bitcoin's battle-tested standards that secure over $1 trillion in value. Your wallet is compatible with any BIP-86 compliant software.

7. What Happens If...

What if the KRAY L2 servers go offline?

Your L1 funds (on Bitcoin blockchain) are always safe — they're secured by Bitcoin itself. L2 balances are backed 1:1 by KRAY in the bridge multisig. If servers go offline temporarily, you just wait. If permanently, the multisig keys can be used to return all funds to users.

What if someone hacks the database?

They can't steal funds. The database only contains public information (addresses, balances, public keys). To move funds, you need to sign with your private key — which is ONLY on your device, never on our servers.

What if a validator is compromised?

One compromised validator can't steal funds. The bridge requires 2-of-3 signatures. An attacker would need to compromise at least 2 independent validators simultaneously, which are geographically distributed and use different security measures.

What if I lose my seed phrase?

Your funds are lost forever. We cannot recover them — we don't have your seed phrase. This is the tradeoff of true self-custody: you have complete control, but also complete responsibility. Always backup your seed phrase securely (offline, multiple copies, never digital photos).

🔐

Your Keys, Your Coins

We built KRAY L2 so that YOU always control your funds. Not us, not validators, not anyone else. This is true self-custody on Bitcoin.

Terms of Use

1. Acceptance

By using the KRAY L2 Bridge, you agree to these terms. If you do not agree, do not use the bridge.

2. User Responsibility

You are solely responsible for:

Verifying all transaction details before signing
Choosing appropriate fee rates
Understanding Bitcoin network conditions
Securing your private keys and seed phrases
Any losses resulting from your errors

3. No Liability

The KRAY L2 Bridge, its operators, and validators are not liable for:

Delays caused by low fee selection
Delays caused by network congestion
Transactions stuck in mempool
Funds sent to wrong addresses
Losses due to user error
Any indirect or consequential damages

4. Automated Execution

Validators are automated systems that execute transactions based on your signed authorization. They follow predefined rules and do not make subjective decisions. They cannot reverse or modify transactions.

5. Blockchain Finality

Once a transaction is broadcast to the Bitcoin network, it cannot be reversed or cancelled. Your signature is permanent proof of authorization.

6. No Refunds

There are no refunds for user errors including wrong addresses, low fees, or misunderstanding how the system works. The bridge protects you from fee spikes, but not from your own mistakes.

Agreement

By using the KRAY L2 Bridge, you acknowledge that you have read, understood, and agree to these terms. Your use of the bridge constitutes acceptance.