On May 18th, crypto wallet provider Ledger clarified the operation mechanism of its Ledger Recover seed phrase recovery software, following a controversial tweet from the company’s customer support employee on May 17th. The tweet raised concerns about the company’s introduction of a feature that could extract users’ private keys. However, the tweet was later deleted due to mixed reactions from the community.
In a series of tweets, Ledger CTO Charles Guillemet sought to explain how a hardware wallet works and emphasized the importance of private key protection. He clarified that a hardware wallet primarily serves as a signing device, with the private keys being central to its operation. The hardware and firmware work together to safeguard the private keys and ensure their protection.
1/
I’ve read several misconceptions about how a wallet works. It seems some people thought there is some magic, let me explain how it works.A thread 👇
— Charles Guillemet (@P3b7_) May 18, 2023
Guillemet delved into the cryptographic aspects of hardware wallets, discussing protocols such as Bitcoin and Ethereum that utilize the Elliptic Curve Digital Signature algorithm to prove ownership over public addresses. He emphasized that it is practically impossible to retrieve the private key based on the public key alone, highlighting the asymmetric nature of the cryptography.
Regarding Ledger’s seed phrase recovery feature, Guillemet explained that when setting up a hardware wallet, a randomly generated large number (256 bits) is created using a secure element chip. This number can be converted into a human-readable form, known as the Secret Recovery Phrase or seed phrase, using the BIP-39 standard. It is crucial for users to write down and never share this seed phrase with anyone, including Ledger. Guillemet reiterated that Ledger does not have access to the seed phrase, even when using Ledger Recover.
Private keys are deterministically derived from the seed phrase using the BIP32 standard when creating a crypto account. These private keys are used to compute public keys and public addresses specific to each blockchain. Guillemet stressed the importance of keeping private keys secret, as they are essential for cryptographic operations such as digital signatures in transactions, staking, and smart contract interactions.
Guillemet further highlighted the security advantages of hardware wallets, as the computation of cryptographic operations occurs within the device, mitigating potential risks of malware on a user’s computer. He emphasized that Ledger’s firmware and hardware implement necessary functions to interact with blockchains securely and continuously upgrade to enhance security measures.
The Ledger ecosystem supports open-source applications written by the community, although they undergo a security evaluation process before being published on the Ledger Manager. Guillemet explained that the Ledger OS has full access to the private key, while the apps are confined to specific derivation paths according to their requirements. For example, the Bitcoin app can only use Bitcoin keys, and the Ethereum app can only use Ethereum keys, ensuring isolation and security.
Guillemet acknowledged that trust is inherent in using any wallet and cautioned against assuming a wallet provider as the attacker. He stated that if a wallet wanted to implement a backdoor, there are various ways to do so, including compromising random number generation, the cryptographic library, or even creating signatures for key retrieval by monitoring the blockchain. He also acknowledged that open-source solutions do not eliminate all risks, as it is impossible to guarantee the absence of backdoors in the electronic components or firmware.
In conclusion, Guillemet summarized that a hardware wallet primarily serves as a signing device, generating and safeguarding private keys. Users’ consent is required whenever the private keys are utilized. He also addressed Ledger Recover, clarifying that the seed phrase is divided into three encrypted shards and stored with third-party providers. By combining and decrypting these shards, the user’s passphrase can be reconstructed. Guillemet emphasized the higher level of security provided by hardware wallets, as the keys are not manipulated in plaintext in an insecure environment.
The recent announcement from Ledger regarding its recovery tool faced opposition from security experts and Ledger users. Concerns were raised regarding the storage and encryption of the seed phrase shards with third-party providers. Some experts argued that relying on external entities for the storage of sensitive information could introduce additional vulnerabilities and potential risks of data breaches.
Critics also questioned the transparency and auditability of Ledger’s firmware and hardware, emphasizing the need for independent verification of the security measures implemented. While Ledger has an open-source approach for its applications and has released parts of its cryptographic library, some experts expressed reservations about the lack of public access to the chip datasheet, which prevents a fully open-source firmware for the smartcard.
Moreover, the controversy surrounding the tweet highlighted the broader debate on trust and security in the cryptocurrency ecosystem. Users were reminded of the inherent risks associated with relying on any wallet provider and the need to exercise caution in safeguarding their private keys and seed phrases.
In response to the opposition, Ledger acknowledged the concerns raised and reiterated its commitment to continuously improving security measures. The company emphasized its intention to build a platform that provides strong guarantees from the supply chain to everyday use and prioritizes the protection of user secrets, especially in the face of physical attacks.
Ledger also addressed the issue of seed phrase storage, clarifying that the encryption and distribution of the shards among third-party providers aim to enhance security by ensuring that no single entity has access to the complete seed phrase. However, the company acknowledged that it would take the feedback and concerns into consideration and work towards addressing them in future updates and improvements to their products and services.
As the controversy unfolds, it serves as a reminder to users and the wider cryptocurrency community to stay vigilant and informed about the security practices and features of the wallets and tools they utilize. Protecting private keys and seed phrases remains paramount to safeguarding one’s crypto assets and ensuring a secure digital experience in the fast-evolving blockchain ecosystem.
Read more:
- Ledger’s Controversial Update Raises Alarms In Crypto Community
- What Impact Will Europe’s Cryptocurrency Law MiCA Have On The Market?