← diviko

A Guide to the Diviko Wallet

~2025.3.13
Sigillographie — the study of seals

Sigillography is the study of seals — devices used since antiquity to authenticate documents, mark ownership, and prove identity without revealing a secret. A wax seal proved that a letter came from its sender because only the sender possessed the signet ring that made the impression. The seal was public; the ring was private.

Diviko is a self-custodial wallet for the Canton Network. Your keys never leave your browser. The wallet generates a unique visual seal — a sigil — for each account, derived from your cryptographic fingerprint. Like a medieval seal, your sigil is a public mark of identity tied to a private key that only you hold.

Sigils

Every Canton party has a cryptographic fingerprint — a long hex string derived from the SHA-256 hash of your public key. This fingerprint uniquely identifies you on the network, but it's not something a human can glance at and recognise.

Diviko converts your fingerprint into a sigil: a geometric symbol generated by feeding the fingerprint through a deterministic scramble function (a Feistel cipher using MurmurHash3) and rendering the result as an abstract glyph. The same fingerprint always produces the same sigil. Different fingerprints produce visually distinct sigils. You can recognise your account — or someone else's — at a glance without reading hex.

Sigils appear next to your account on the dashboard, in the settings page, and on multisig accounts. They are purely visual — a human-friendly representation of your on-chain identity.

Creating a wallet

When you create a new wallet, Diviko generates a 24-word recovery phrase (a BIP-39 mnemonic). This phrase is the master secret from which all your keys are derived. Write it down on paper and store it somewhere safe — it is the only way to recover your wallet if you lose access to your device.

You also set a password. The password encrypts your recovery phrase locally (AES-256-GCM with 600,000 rounds of PBKDF2). It protects your wallet if someone gains access to your browser. It does not leave your device and cannot be reset — if you forget it, you'll need your recovery phrase to restore the wallet.

During setup you are asked for an account name. This name becomes the prefix of your Canton party ID — the name::fingerprint string that identifies you on the network. It is visible to anyone you transact with and to validators who process your transactions. Choose something you're comfortable being public. You might use your name, a pseudonym, or a label like "treasury". Once registered, the party ID (including the name) is permanent on that network.

Locking and unlocking

When you close the wallet or navigate away, it locks automatically. A locked wallet keeps your encrypted data in the browser's local storage but discards the decryption key from memory. No one can view your balance, sign transactions, or access your keys without entering the password again.

Unlocking decrypts your keys in memory for the duration of the session. Your recent transaction history is cached locally, so it appears instantly on unlock even before the network is queried for fresh data.

Your portfolio

The dashboard shows your token holdings with their current balances. CC (Canton Coin) is the Canton Network's native token. The wallet fetches the current CC price and displays your total portfolio value in USD at the top of the dashboard.

Canton uses a UTXO model — your balance may be spread across multiple holding contracts, like having several banknotes rather than one account balance. The wallet aggregates these automatically so you see a single number.

Sending and receiving

To send tokens, enter the recipient's Canton party ID and the amount. The wallet prepares the transaction on the server, then signs it locally with your private key. Your key never leaves the browser — the server sees only the signed result.

To receive tokens, share your party ID. The wallet sets up a TransferPreapproval during registration so incoming transfers settle automatically — the sender doesn't need to wait for you to be online.

Multiple accounts

A single wallet can hold multiple accounts. Each account is derived from the same recovery phrase at a different position in the key derivation path (m/44'/1022'/0'/0'/0', .../1', .../2', and so on). They share one password and one recovery phrase, but each has its own Canton party ID, its own sigil, and its own on-chain balance.

This is useful for separating concerns — you might keep a personal account and a business account under the same wallet, or create a dedicated account for interacting with a specific application. Think of it like having multiple bank accounts at the same bank, accessible with one login.

Vaults

Diviko supports M-of-N multisig vaults — shared accounts that require multiple people to approve a transaction. If you create a 2-of-3 vault, any two of the three co-signers must sign before a transfer can go through.

This is not a smart-contract simulation. Canton enforces the signing threshold at the protocol level: the network's validator nodes reject any transaction that doesn't carry enough valid signatures. The threshold is baked into the party's identity when it is registered, not checked by application code after the fact.

To create a vault, choose the number of co-signers (N) and the approval threshold (M), then share the invite code with your co-signers. Each person joins from their own wallet. Once everyone has joined, all N co-signers sign the initial setup transaction to prove they own their keys. After that, only M signatures are needed for transfers.

Security model

Diviko follows the same trust model as browser-based Ethereum wallets like MetaMask: