Bootstrap Example

CYPHEROCK WIKI

Welcome!

We’re always here to help you with all your queries and doubts.

Abstract

Wallets have been the go-to method of securing one’s private keys for crypto transactions ranging from cold wallets(hardware wallets) to hot ones(software wallets). Though wallets provide good security for a user’s private keys, the same importance is not given to recovery phrases. Cypherock with the ShieldX provides a robust hardware device with distributed recovery for safely securing your wallet’s recovery phrases.

Background


Current Problem:

People in the blockchain space believe that using a hardware wallet ensures safety of their assets. This problem is that having a secure wallet but writing down the recovery phrase on piece of paper just shifts the attack vector from the wallet to the recovery phrases. Since paper is a fragile architecture it can get easily and funds are lost forever if both wallet & paper get destroyed. Since blockchain based transactions are pseudo-anonymous, a user can never get back his funds once they are lost. Another major problem facing the space is the inheritance problem with no proper way to transfer ownership of digital assets of an user to someone after his death like in the case of QuadrigaCX founder.

What is ShieldX?

ShieldX is the world’s ultimate crypto backup solution. It provides a physical-digital solution for the safe custody of crypto assets so that users never lose their digital assets and private keys. The ShieldX device consists of 2 parts: The ShieldX reader and The ShieldX cards.

ShieldX reader is a microcontroller based device with built-in memory. The share generation and recovery process takes place inside the ShieldX reader.

ShieldX cards are NFC enabled hardware cards that store parts of the recovery phrase that is generated and sent to them from the ShieldX reader.

The ShieldX reader allows the user to divide their recovery phrases into unique shares that can be transferred onto tamper-proof NFC-enabled hardware cards protected by a user defined password. To recover back the phrases, 2 out of 4 cards along with the correct password shall be required.

What is ShieldX?

Features

Distributed Architecture: The ShieldX reader divides the recovery phrase into 4 shares which are then sent onto the ShieldX cards. The user then either keeps the cards at different geographic locations or distributes them to people whom he trusts. At any point in time, the user can get back the recovery phrase using just 2 of the 4 cards. This ensures that even after a loss/theft or damage of upto 2 cards the recovery phrase is still safe. This distributed architecture prevents any single point of failure.

Isolated and Cold: Most of the internet connected devices like PC’s and smartphones are susceptible to get infected by malware. This means that these devices are one of the worst way to do crypto transactions and store one’s recovery phrases. The ShieldX is a completely standalone device does that requires no internet connectivity. It is thus completely cold, isolated and protected from malware attack and becomes the best solution to hold your recovery phrase.

Multiple wallets: Hardware wallet users resort to buying multiple devices since each hardware wallet allows them to only store one wallet on the device. So an user who requires multiple wallets is not only burdened into using multiple hardware wallets but also requires multiple paper wallets to store the recovery phrases for each one. ShieldX however allows the user to store multiple mnemonic phrases of different wallets on a single device becoming a perfect solution for multiple wallet users.

Quantum-Proof: Since ShieldX uses Shamir secret sharing scheme to distribute the recovery phrase, a minimum number of cards are required to recover the seed phrase. Less than the minimum shares will not yield any useful information about the secret. For an attacker this means that even with the most powerful quantum computers of the future it will not be possible to retrieve any useful information without minimum shares.

Environment Proof: The ShieldX cards allow you to backup the recovery phrase in a distributed way. The user can thus keep the ShieldX cards in different geographic locations. For recovering back the master seed just 2 out of the 4 are sufficient. This ensures that even if there are fire, water and other environmental damages the master seed can be recovered completely with just 2 cards.

Secure Paper Wallet Generation: For users who actively transact using crypto wallets, ShieldX serves as the guardian for wallet mnemonic phrases. But for users who are passive HODLers, the device can generate new wallets also which they can use to accumulate crypto thereby making it the most secure paper wallet for every crypto.

What is ShieldX?

Hardware Specifications

The following are the specifications for the ShieldX device:

ShieldX Reader

Material : Polycarbonate(PC)

Secure element : CC EAL5+

USB 2.0 enabled

USB wire rating: 5V and 500mA

Weight : 45g



ShieldX Cards

Material : Polyvinyl chloride acetate (PVCA)

Heat resistance : 105 C

Specifications of NFC : ISO/IEC 14443

Data retention time : 10 years

Write endurance : 200000 cycles

What is ShieldX?

Security Principles

The ShieldX works on a 3 layer security model that ensures that the data on the device is impenetrable to attacks. This ensures that the user has a reliable backup system for his recovery phrases.

The 3 layers of security are:

i) Shamir Secret Sharing scheme : Shamir Secret Scheme splits a master sensitive information into unique secrets that has a special property. Only a specified minimum number of parts is required to be supplied in order to reconstruct the original secret. Knowledge of fewer than the required number of parts does not leak information about the master secret. Shamir’s secret-sharing provides a better mechanism for backing up secrets by distributing custodianship among a number of trusted parties in a manner that can prevent loss even if one or a few of those parties become compromised. It is the same technology used by Coinbase to secure their own assets Cypherock uses 2 of 4 Shamir Secret Sharing Scheme, that is any 2 of the 4 cards can be used to recover back the recovery phrase.

NOTE : Using Shamir secret sharing doesn’t mean the mnemonic phrases are replicated on each of the cards. This means a hacker cannot get any information from a single card. Even with 2 cards he still needs a password to access the funds.

ii) Password encryption of shares : The process of transfer and recovery of the seed phrase from the cards is additionally secured by a password. This ensures that even if the trusted guardians of the share collude, they will not be able to recover the seed without the password that the user possess.

iii) Decentralised distribution : The main motive of the ShieldX device is to remove the single point of failure of the paper-wallet model. By ensuring that the recovery phrases are distributed across 4 cards ensures redundancy of data which removes the single point of failure. This allows the user to have each of the cards at geographically different locations so that a single external event will not be able to successfully destroy the recovery phrase.

In addition to the 3 layer security model, ShieldX device also uses a secure element on the ShieldX reader. The secure element makes it impossible to read any data present on it through any means. This technology is also used by iPhones to protect the user’s fingerprints.

What is ShieldX?

Advanced Features

Advanced features are a set of features that give the user complete customizability over the ShieldX device.These settings are loaded onto the ShieldX device through a firmware update. Enabling advanced features allows the user to use the ShieldX product in a variety of ways based on his requirements. This customization allows greater flexibility in the overall card distribution model and also more security in case of passwords for wallets.

The following are the features unlocked for an advanced user :

Number of Cards : The user can customize the number of cards that contain the shares. It is currently fixed at 4 for basic users.

Number of Shares : The user can set the minimum threshold of cards that are required to retrieve back the mnemonic phrase. It is currently fixed at 2 for basic users.

Setting different passwords for different wallets : The user will be able to choose a different password for each of the wallets. This ensures a higher security and customizability for each wallet. For basic users, only a single password can be set for all the wallets.

Multiple wallets : The user will be able to store more than 3 mnemonic phrases on the ShieldX device.

Please send a mail to [email protected] if you are interested to become an Advanced User.

Glossary

You can read about the following Articles for a better understanding.

Pin

PIN is set by the user so that they could prevent unauthorized usage of their ShieldX device by someone else. PIN acts as a second layer of security in both the secure and recover wallet stages. Without the PIN, the shares distributed cannot be used to retrieve the original mnemonic phrase.

Mnemonic Phrase

A Recovery or Mnemonic phrase is used to derive a chain of private keys that are used to sign blockchain transactions. It is the responsibility of wallet software that it does not leak recovery phrase or any derived private key to malicious software.

A recovery phrase is usually a set of 12/18/24 random words out of 2048 predefined words using BIP39.

So there are are 2048^12 combinations for 12 word mnemonics 2048^18 for 18 word mnemonics and 2048^24 for 24 word mnemonics.

However BIP 39 currently supports 8 languages, so there are (2048^12 +2048^18+2048^24)*8 possible combinations.

Users generally write down their recovery phrase on a piece of paper separately as a backup so that they could recover the wallet private keys in case they lose their wallet.

BIP 32

BIP32 is a general standard for HD (Hierarchical Deterministic) wallets. This allows users to derive an extended public and private keys from the master seed. From a single master seed, one can derive unlimited such pairs. Thus, with the master seed, the user has control over all his key-pairs.

BIP 39

BIP39 is a general standard for converting the master seed derived through BIP32 into a mnemonic phrase that the user can easily remember. The words of the mnemonic phrase are derived from a dictionary of 2048 words and the mnemonic phrase can contain 12,18 or 24 such words.

Shamir Secret Sharing

Shamir Secret Sharing is a cryptographic protocol that allows to split a given secret into N parts such that with any M-out-of-N pieces you can reconstruct the original secret.

With only M-1 pieces, no information is exposed about the secret. This allows the user to set up a safety threshold of ‘M’ number of pieces required. The original secret is decoded by the owners after reaching threshold shares using Lagrange polynomial. Shamir Secret Scheme splits a master secret into unique parts that can be distributed among participants. A specified minimum number of parts is required to be supplied in order to reconstruct the original secret. Knowledge of fewer than the required number of parts does not leak information about the master secret.

Wallet

Wallets are either a software or a physical device that helps to hold all the private keys of the user safely. Wallets can be broadly categorized into 2 categories based on the tradeoff between accessibility and security.

Hot wallets : Wallets that are easily accessible and user for everyday transactions. They are mostly on software and can be for mobile apps or PC.

Cold wallets : Wallets that are completely isolated from internet and can sign transactions for the user in a secure manner. These are usually a physical hardware device.

Public/Private keys

Asymmetric cryptography is a cryptographic mechanism that works by the generation and usage of 2 keys-public and private keys. Public keys help in the user’s identification and thus can be shared publicly. Whereas, private keys help the user to authorize their identity and thus should not be shared by the user. In a blockchain system, the public keys are used to derive the public address which is shared for receiving funds or to identify the sender when sending funds. The Private keys are used to sign the transaction and ensure that the transaction is a genuine one from the user for validation on the blockchain.

Frequently Asked Questions

1.Why hardware solution is important over a software solution?

The ShieldX device has chosen a hardware solution approach to protect the user from any kind of malware attacks. This is possible since the whole device is offline at all times. Additionally by using the ShieldX cards, the user doesn’t need to rely on a software or a flimsy paper wallet to secure his most crucial data. Instead, the ShieldX cards can be either stored in different geographic locations or given to people the user trusts giving him a secure mechanism for backing up the recovery phrase.

2.Why 2-of-4 Shamir secret sharing scheme is chosen?

After extensive user feedback, 2 out of 4 SSS was optimal for most of the users we talked with. If a user needs more flexibility around the product, they can refer the advanced section for further details.

3.What if I need more than 4 cards?

Please refer to the Advanced Features section of the Wiki.

4.What all wallets does this product support?

Every software, hardware & paper wallet. The device is complementary to existing wallets.

5.Can the company somehow steal the digital assets of the user?

It is not possible for the company to steal the digital assets of the users. You can use the device without internet access.