Thread by Christopher Allen
- Tweet
- May 18, 2023
- #Cryptocurrency
Thread
There's been a lot of controversy over @Ledger's new recovery service, which will shard your seed out to third-parties for storage. Why? In large part because we didn't expect seeds to ever leave the Ledger device. [1/11]
As it turns out (as all hardware wallet designers already know), all it requires is a signed firmware update, and seeds can go wherever they want. Why?… [2/11]
Ledger's hardware *is* based on a Secure Enclave (aka "SE"). That's is what generates and stores your private keys. [3/11] www.ledger.com/academy/security/the-secure-element-whistanding-security-attacks
The problem is that no existing SE chips can do secp256k1 (the curve used by Bitcoin & Ethereum) natively and safely in semiconductor logic. This isn't an issue with Ledger; it's an issue with all current chips used by wallets today. [4/11]
This means that in order to do secp256k1, a SE has to hand a key off to a code execution process in the SE or to an MPU. That's what opens the doors for doing unexpected things with that key — things that most didn't expect from a personal hardware wallet. [5/11]
In other words, the public might have had the expectation that keys weren't going to ever leave the Ledger, but that expectation is actually impossible to support today, because keys already have to leave the most trusted part of the Secure Enclave to be used! [6/11]
There are some advantages of this architecture — flexibility & future proofing. Doing cryptography using updatable code means as standards change, new curves are needed, the hardware wallet can adapt. [7/11]
This is why @BlockchainComns hosts #SiliconSalon. We have been working with chip manufacturers such as @cramiumlabs, @tropicsquare, and RED Semicondutor. They recognize the need for new chips that support cryptography natively in silicon logic. [8/11] www.siliconsalon.info
Based on presentations over the last year, we'll actually be able to fulfill the promise that seeds *can't* leave a device, something that's impossible today! And we can still offer future-proofing to enable new approaches like multisig & zk-proofs [9/11] www.siliconsalon.info/salons/
If you are interested in this topic, join the #SiliconSalon community so that you can attend our next salon and talk about the future of cryptographic semiconductors. [10/11] #silicon-salon' target='_blank'>www.blockchaincommons.com/subscribe.html
This is essential work to bridge between the cryptographic engineers, wallet developers, and semiconductor designers. Financially support @Blockchaincomns to ensure that we can continue to protect your keys and self-sovereignty! [11/11] github.com/sponsors/BlockchainCommons
A related thread on Shamir’s Secret Sharing…
Another related thread on being free to make your own choices:
A thread on Shamir vs multisig, and why the open source work toward Collaborative Seed Recovery (aka CSR) by the wallet devs that are part of the Gordian Wallet Community is important:
