borodutch pfp
borodutch
@warpcastadmin.eth
just got my cypherock.com in mail! i'm an avid ledger fan (been gifting them on xmas to basically everyone i could reach my hands to) however, the premise of having physical multi-party cards instead of a seed on a piece of paper is intriguing maybe this xmas i'll be sending cypherock https://i.imgur.com/3uysQLs.jpg
6 replies
0 recast
0 reaction
borodutch pfp
borodutch
@warpcastadmin.eth
@cassie where do you stand on hardware wallets?
2 replies
0 recast
0 reaction
Cassie Heart pfp
Cassie Heart
@cassie
I trust in redundancy and math over hardware which is never fully auditable (without an electron microscope) — hardware implementations may be better than software, but MPC of hardware or software is better than either alone
1 reply
0 recast
0 reaction
borodutch pfp
borodutch
@warpcastadmin.eth
if i understood correctly this is a hardware version of mpc
1 reply
0 recast
0 reaction
Cassie Heart pfp
Cassie Heart
@cassie
It’s not — they just Shamir split 2-of-5 with four onto tap cards and one on the wallet, then combines in memory on demand for use. The secret split might be MPC, but when the signing is performed, it’s plain old 1PC
2 replies
0 recast
0 reaction
borodutch pfp
borodutch
@warpcastadmin.eth
tyty can always count on you reviewing the cryptography you're saving lives
1 reply
0 recast
0 reaction
Cassie Heart pfp
Cassie Heart
@cassie
And tbf it’s not even really MPC for Shamir sharing necessarily, although allegedly in this case it is joint randomness. Haven’t dug in enough to verify it’s true.
1 reply
0 recast
0 reaction
Dan | Icebreaker pfp
Dan | Icebreaker
@web3pm
Accurate? I've seen a few similar over the last few months https://i.imgur.com/aQaQqkt.png
1 reply
0 recast
0 reaction
Cassie Heart pfp
Cassie Heart
@cassie
There’s a few that are genuinely MPC, Coinbase’s Web3 Wallet in the retail app uses DKLs18, which is an oblivious transfer-based approach to calculating ECDSA signatures over multiplicative shares of the private scalar. ZenGo also has an MPC approach, IIRC it’s GG-18 or similar
1 reply
0 recast
0 reaction
rohanagarwal94 pfp
rohanagarwal94
@rohanagarwal94
Hi Cassie, yes it is SSS. Infact what I last read from a Coinbase blog, even they used SSS to secure their own assets at some point. The key advantage here is your complete key is never stored in a single place, and the tx signing only happens in the temporary memory before it gets deleted.
2 replies
0 recast
0 reaction
Cassie Heart pfp
Cassie Heart
@cassie
I worked on the team that maintained the system doing the Shamir splitting process for cold storage — I’ll illuminate a little bit. We had very strict rules about how keys were generated: in temporary hardware, airgapped from the world, in a faraday tent at a random pop-up location. The keys were generated and spli
1 reply
0 recast
0 reaction
Cassie Heart pfp
Cassie Heart
@cassie
Then printed on paper, to be stored in vaults. The hardware involved in producing this key material was shredded immediately after use. When we needed to use an address for a key (for deposit), the keys would be restored in batches as encrypted bundles from the paper, …
1 reply
0 recast
0 reaction
Cassie Heart pfp
Cassie Heart
@cassie
then when finally ready to complete a transaction to sign (withdrawal), the shards would be decrypted by having operators fetch the bundles, confirm the transaction info, decrypt the shards in yet another secure location, and sign and send the transaction signature. And once performed, the key is permanently discarded
1 reply
0 recast
0 reaction
Cassie Heart pfp
Cassie Heart
@cassie
The philosophy is: for cold storage, once the key is hot in memory, you either have to destroy the key or destroy the hardware, or both. With MPC, you gain significant advantage for non-UTXO chains because now you don’t need to worry about cycling keys — you can just incorporate share rotation into the MPC protocol
2 replies
0 recast
0 reaction
rohanagarwal94 pfp
rohanagarwal94
@rohanagarwal94
Very interesting! I think the method you described works for Coinbase, but an individual investor's threat model is a little different than that to justify the operational overhead. What we believe is you can use Cypherock for a single key/shard storage and couple it with MPC/Multisig to support that key security model
0 reply
0 recast
1 reaction