How crypto hardware wallets work?

Learning about crypto often starts with the what and why questions - ‘what is a cryptocurrency hardware wallet?’, and ‘why do I need one?’ - before moving on to the how. Such as ‘how does a cryptocurrency hardware wallet work?’

To answer that question, you have to appreciate the difficulty of satisfying contradictory usability requirements. Users want total offline security, but with the ability to transact. To explain how that is possible, we’ll take you under the hood of the NGRAVE ZERO and explain our unique methodology for minimising risk.

Addressing the Private Key Paradox

In order to spend the funds held by a cryptocurrency address you need to connect to the blockchain - via the internet - and provide two signatures specific to that address. A Public Key that only specifies its location (address) and a Private Key, that enables any crypto associated with that address, to be actually spent.

As the name suggests, a Public Key is intended to be shared, while a Private Key - like a password - is for your eyes only and so must be protected at all costs.

This is where the name crypto-currency comes from; money protected by cryptography. Mathematics enables crypto to function as decentralised money, free from central authority - with all its associated problems. But being ultimately responsible for your money, via Private Keys, presents a paradox.

It is near mathematically impossible to crack the cryptography used to generate Private Keys, but if they are stolen or lost, there is no way back. So any storage device must be designed to handle the zero sum nature of Private Key ownership; but that isn’t all, as users want their crypto cake and eat it.

Like any other money, holders of crypto want to exchange it, so different crypto wallet solutions have emerged, trying to balance these contradictory requirements.

• Protecting your Private Keys from theft & loss (being offline)
• Providing a convenient way of transacting (being online)

The three core functions of a hardware wallet

Crypto hardware wallets are the solution of choice where offline security is the priority. They are small purpose-built pieces of computer hardware - comparable to flash drives - with an operating system that can generate and manage Private Keys without being online. Cold Storage - the industry term for keeping keys offline - is the most effective form of security.

The challenge that hardware wallet makers face is offering cold storage AND the convenience of transacting. This means hardware wallets are shipped with a companion software that runs on a laptop or mobile phone and provides the bridge between the online blockchain and offline storage; the challenge is in minimising the potential security blindspot transacting opens up.

Finally, given the zero sum nature of Private Keys, and potential fallibility of the hardware, software or human in possession, you need an analogue fail-safe, if any or all of them are lost, stolen or irreparably damaged.

Crypto hardware wallets are what is known as Hierarchically Deterministic (HD for short). They combine the Private Keys for all addresses generated into one manageable piece of information, a collection of 12-24 phrases (often described as mnemonics) generated during device set-up, and known as a Seed.

A hardware wallet Seed provides a recovery path if the device is lost, stolen or damaged. The challenge is to provide a practical and secure way for the user to take ultimate responsibility for their Seed. And if the user is no longer around, a way for the Seed to be retrieved by whoever they would want to inherit it.

So, this gives us three broad functions to explore in understanding how a crypto hardware wallet works:

1. Generate Private Keys/Seed offline & minimise their online exposure
2. Enable transacting - via a companion software - without exposing Private Keys
3. Provide a secure offline method to backup the Seed & posthumous continuity

Let’s look at how the NGRAVE ZERO addresses each.

Applying the ‘what if’ methodology

Using our backgrounds in computer science, cryptography and personal (painful) experience of crypto hacks, NGRAVE spent three years applying a ‘what if’ methodology to managing, what appear to be, mutually exclusive requirements. By iterating away the risks, we eventually arrived at a completely new approach to crypto cold storage consisting of three components:

• The NGRAVE ZERO cryptocurrency hardware wallet.
• The LIQUID companion mobile application.

Two part GRAPHENE stainless steel Seed backup.

How the ZERO securely generates a Seed offline

A microchip within the ZERO hardware wallet generates a Seed during the device set-up process, which is then only required should the user lose access to the device. But what if the Seed isn’t truly random? That would impact its security.

The chip used by the wallet needs to be certified for TRNG (True Random Number Generation). NGRAVE uses one of the strongest TRNG certified key generator chips available, it is also CC EAL5+ certified - EAL being the Evaluation Assurance level, a scale running from 1-7).

This puts it on par with, or better than, the competition, or any government or bank deployment. This is a powerful process that allows for unpredictably deriving a totally random secret key.

But what if the device was tampered with before delivery, in such a way to disable or compromise the TRNG process?

The standard solution to this is to use a tamper-evident seal on the packaging, which provides visual assurance that the package has arrived untainted, but doesn’t consider deeper levels of potential compromise. NGRAVE takes a three-level approach to the risk of device tampering.

• Read the five essential tips for crypto security

The ZERO’s Three Level Tamper Security

The NGRAVE ZERO uses a strong metal outer device casing, tightly sealed to a tamper proof screen. Each of the internal components, such as the secure element, microcontroller unit and firmware, also have their own tamper-proof features.

Anti-tamper measures must also account for non-physical, so-called side channel attacks. NGRAVE’s metal casing shields it from radio frequencies that could otherwise be picked up by an attacker to pin down and reduce the range of potential Private Keys.

On a second level, the ZERO is tamper evident, so in the unlikely event that someone did successfully break-open the device, it would be obvious to the end user because:

• the device cannot be opened without breaking
• attempting to remove the screen will cause it to break.
• the casing consists of a single piece of metal housing, so it is almost impossible to open the device without leaving a trace.

Tamper evidence is also incorporated into the set-up process through a “cryptographic attestation”, a challenge sent by NGRAVE's servers, requiring a unique secret key response, which proves it is authentic.

The third level - being tamper responsive - ensures that if someone tries to open up the device, or attempts to tamper with it, the device will respond by wiping itself.

We cannot share exactly how we achieve this - or we’d have to kill you. We’re joking of course, but some security features must be kept deliberately secret as they would make a hacker’s job easier.

The User’s Eyes Only Principle

In our desire to make the device as resistant as possible to any interference, we have developed a unique way of making key generation more random and therefore safer, by incorporating you, the user, into the process.

To generate what is known as genuine entropy (randomness) NGRAVE combines user interaction - from your fingerprint - and input from your environment, during key generation (via an in-built light sensor). This approach works far better than conscious user inputs; no offence, but people are inherently predictable.

Those inputs act as a salt to make the generated key truly personal to the user, and so random as to be collision resistant.

That doesn’t mean it has a built-in airbag, it just means that the chances of two personal keys being the same are 2256, which is equivalent to the total number of atoms in the universe.

It is statistically near-impossible to brute force the key with today’s available computational methods. This also happens to be the strength of the cryptographic algorithm - SHA256 - which is used to generate Bitcoin’s Private Keys.

The inclusion of these inputs in the key generation process, provided once the device has left the factory, can reassure the user that it is known only to them. This is known as the User’s Eyes Only Principle.

Handling Firmware Updates

One of the biggest points of potential vulnerability is when device firmware gets updates, as this requires a flow of data from the internet. This is unavoidable given the need for improvement and patching, and is the only occasion that the ZERO requires USB connection, but is handled in such a way to minimise risk.

To receive new firmware, the ZERO boots in a separate, empty partition, specifically for the purpose of receiving the update, which is cryptographically signed by NGRAVE’s secret keys.

This will also trigger the Integrity Verifier, a trademarked technology (ARM®TrustZone®) that checks during the update process that the NGRAVE software stack side of the platform is free from unintended modifications, and has no alien tasks running.

So a new firmware is both verified, and received in isolation. That partition provides total separation between the update process and any software actually running the device.

The Integrity Verifier will also run at every boot to continually verify that only the genuine software is running, without unauthorised modification, ensuring authenticity and integrity.

To prevent any possibility of malicious firmware being added directly to the chip - aka flashing - any debugger access has been disabled. Even if the chip were exposed, there would be no way to modify the currently loaded firmware as we've iterated the ‘what if’ approach, and addressed the possibility of modifying the bootloader responsible for verification of the firmware.

The relevant part of the chip is locked from write access, encrypting its contents and employing the basic hardware and firmware authenticity protections provided by the Micro Processing Unit’s (MPU) TrustZone® module.

Any attempt to access the chip in any other way will trigger the tamper response described earlier which would wipe the stored secrets.

In this way the NGRAVE ZERO operates in a similar way to the fictional cryptex device author, Dan Brown, introduced in the ‘Da Vinci Code’ and attributed to Leonardo Da Vinci. A small, portable, cylindrical vault protecting secret codes written on paper, and opened by aligning five disks featuring letters of the alphabet. The codes inside would leave to the Holy Grail, but align the disks incorrectly and the cryptex would break a vial liquid inside destroying the paper contents.

How NGRAVE LIQUID securely enables transactions

The standard approach to enabling hardware wallets to transact is via a companion software, such as a desktop or mobile app. This immediately puts the requirement for offline/cold storage at risk as this is generally achieved by USB or Bluetooth.

USB or Bluetooth connections to apps are inherently online, with proven vulnerabilities. One of the most famous and sophisticated cases of state-sponsored hacking - the Stuxnet attack by Israel on Iran’s nuclear enrichment facility2 - was achieved via USB.

To mitigate this, the ZERO ships with an app, called LIQUID, which it only communicates with via QR codes. The device set-up process and key/Seed generation happens offline (as already described) during which you can set up your portfolio with the required coins, then sync these accounts - generated offline - to LIQUID (the mobile app) by exporting them via one, or more, QR codes generated by the ZERO.

Private keys remain offline, so the user is in control of the accounts. Based on the public data the app fetches from the blockchain, the user can then access the real-time status of account balances and transaction history.

Protection from the Man In The Middle

One of the additional vulnerabilities of using an app - whether online or offline - to sign and execute outgoing transactions from your hardware device, is what is known as the Man In the Middle Attack.

In order to send or receive transactions you need to share address details, often using chat services and/or your device clipboard. The Man In the Middle attack relies on compromising the device the App is running on - laptop or smartphone - and using the remote access to intercept/replace the shared address details with details of their own choosing.

If you are using an address for the first time, the only way you can know with 100% certainty that transaction detail hasn’t been altered is by treating the detail on the screen of your hardware wallet as the source of truth, and visually double-checking it against the original address detail. This is also why we offer address whitelisting, allowing you to work from a safe list of known addresses.

LIQUID takes this unsigned transaction detail and encodes it into a QR code. Using its built-in camera, the NGRAVE ZERO decodes and displays the transaction data on its screen so that you can verify what the QR code contains, and compare it with the original, at source. This is a crucial verification step given the Man In the Middle type vulnerability.

Your fingerprint and the pin-code two-factor authorization - created during the set-up process - provide extra security to unlock the relevant private key to cryptographically sign the transaction.

Most existing hardware wallets rely solely on the PIN code, NGRAVE introduces two-factor authentication access management, consisting of a fingerprint reading and a PIN-code validation that triggers a wiping of the device in case of multiple subsequent error attempts. The PIN has to be a number of minimum four and maximum eight characters. All input values are scrambled on the screen to prevent vulnerabilities from side channel attacks targeting the PIN code.

Once confirmed, the ZERO then encodes the transaction signature into a QR code. Due to the cryptographic nature, this QR code contains no information that can lead back to the Private Key. Hence, the secret key remains fully offline and protected.

The user can then use the LIQUID mobile app to scan the QR code on the NGRAVE ZERO. The app now has a valid transaction signature it can send to the blockchain. The blockchain will not accept any other signatures than the valid one, so no fake or corrupt transactions can take place without the user’s consent.

How GRAPHENE provides a secure offline failsafe for you Seed

Given the zero sum nature of Private Keys, represented in a HD crypto wallet - like the HGRAVE ZERO - by your recovery Seed, protecting a record of it is of paramount importance. A Seed is the only way to recover funds held by a non-custodial wallet.

The standard solution to storing a Seed, used by 90% of non-custodial wallet owners, is to write it on a piece of paper. This might be free and simple, but has obvious security shortcomings that completely undermine the overall security focus, given paper’s physical characteristics,

• Easily damaged from exposure to water
• Easily destroyed by exposure to fire
• Easily lost or accidentally discarded
• Easily damaged by direct sunlight, damp, insects, rodents or pets

NGRAVE’s solution is GRAPHENE, consisting of two stainless steel plates - resistant to temperatures up to 1375°C (2507°F), water, corrosion damage and shocks. The steel sheets are used to physically imprint a 64 character pattern - the equivalent of a traditional mnemonic phrase Seed - generated from a combination of number and letters. We call this the NGRAVE Perfect Key.

One plate is a blank piece of stainless steel, while the other is a grid consisting of 64 columns, each with 16 character options (0-9 & A-F) and holes, for a total of 1,024 positions.

The grid plate fits exactly onto the blank sheet, and the user punches the Seed generated by the ZERO during set-up, through the corresponding holes in the upper plate, embossing the Seed onto the lower plate.

A pen is provided featuring a click-mechanism that automates the physical power exertion required to “punch” the hole in the lower GRAPHENE plate without damaging the upper one.

Given the user interaction step included in the Seed generation, NGRAVE has no way of knowing what the key is or might be as the difficulty to brute force it becomes too high. The order of the columns is unique to each plate so there is no way to have prior knowledge of the upper GRAPHENE template.

The use of two plates enables the Seed to be split into two parts, which on their own are agnostic and reveal no detail of the Seed, but still allow for an ingenious recovery mechanism in case the user loses the upper template.

Allowing for Graphene Recovery

Following our ‘what if’ approach to all aspects of securely storing your crypto on an NGRAVE hardware wallet, we have built in a redundancy for losing the upper GRAPHE template. When a customer orders an NGRAVE GRAPHENE there are three options:

1) Default option: NGRAVE adds an order number to the package it sends to the user, which can be used to recover the upper plate configuration via a dedicated NGRAVE server, or directly via a blockchain interface, the latter being the more decentralized approach.

2) Personalized option: the user can provide additional KYC data at purchase to identify themself should a replacement upper plate be required. They can call NGRAVE customer support who keeps offline records of which order numbers and hence which upper plate configuration(s) are linked to a specific customer;

3) Right to be forgotten option: the user can also ask to be forgotten, i.e. that NGRAVE does not store the order number. This entails that the user cannot ask NGRAVE for a recovery of the upper plate but provides complete confidence that this information could never fall into anyone else’s hands.

In case of the ultimate loss

As an illustration of how meticulous we were in our ‘what if’ approach to the design of our crypto hardware wallet, we even considered a way to deal with the ultimate loss of access to a Seed - the unfortunate circumstance of its owner dying.

We cannot elaborate on the details for fear of assisting bad actors, but it is possible to disclose the locations of the upper and lower plate to separate heirs as part of estate planning.

The respective locations of the plates could, for example, be stipulated in a will, managed either by a traditional notary, a blockchain notary system (e.g. upon death certificate, the blockchain can release the locations), or otherwise.

It could also be automated, for example, by sending notifications to the user, if he or she has been inactive on the app for a specific period of time, and reminder notifications are also not responded to. These events could then trigger additional smart contract logic communicating the location of the plates to any heirs.

We are still working on elements of posthumous continuity as part of our ongoing efforts to continually improve the security of the NGRAVE cryptocurrency hardware wallet. We think that our unique ‘what if’ methodology has helped to produce the safest cryptocurrency hardware wallet work on the market, but we’ll let our customers be the judge of that.

NGRAVE ZERO Review By Coin Bureau

"As many of our readers and viewers know, here at the Coin Bureau, we preach the importance of self-custody and securely storing funds in cold storage via hardware wallets. Using a hardware wallet is one of the most important steps every crypto user can take to truly own their own crypto in the most secure manner possible, which is why I’m excited to be bringing this NGRAVE ZERO hardware wallet review to you today.

The folks over at NGRAVE were kind enough to send us their new ZERO wallet to test out for ourselves and review. I must admit, it has been pretty interesting diving into this nifty piece of kit. As you guys also know, here at the Coin Bureau, we don’t do paid or sponsored reviews, so, as always, this review will remain unbiased and honest. We would never recommend or positively review something that we would not use ourselves, and if the NGRAVE ZERO is [not good], you bet I wouldn’t sugarcoat it. At the Coin Bureau, our number one priority is always honesty and transparency." - By Tayler McCracken, Coin Bureau, July 10th, 2022