Interpretation of Ledger Recover controversy and its security comparison with MPC wallet

This article will explore the controversial reasons behind Ledger’s mnemonic backup service, and discuss its similarities and differences with MPC wallet private key management.

Written by: Lucas Yang

On the evening of May 16, the hardware wallet Ledger released the Nano X cold wallet 2.2.1 firmware update, and announced that the "Ledger Recover" function will be introduced soon. This function uses a fragmented storage method to divide the user's mnemonic phrase (Secret Recovery Phrase) into three fragments, and requires the user to provide personally identifiable information as a binding. To Ledger's surprise, the launch of this feature sparked a strong backlash from its user community, with many expressing concerns about the feature's privacy and security.

According to Ledger, Ledger Recover is essentially an identity-based private key recovery service that provides mnemonic backup for customers. The service allows a Ledger device to securely recover private keys if a customer loses or loses access to the seed phrase. The seed phrase will be encrypted, copied, and divided into three pieces, each of which will be secured by a separate company: Coincover, Ledger, and an independent backup service provider. When a customer wants to recover the private key, two of the parties send the fragments back to the Ledger device to reassemble to build the private key. In addition, Ledger Recover requires users to submit personal information to Onfido, Ledger's authentication service provider.

According to Ledger's design, this backup method aims to increase the fault tolerance of data loss, but it has caused some users to worry about data security and a crisis of trust in Ledger. Some users worry that storing personal information in multiple third-party systems may increase the risk of being hacked, resulting in the loss of assets. Some users also pointed out that Ledger has always emphasized that users' private keys never leave the device, which is one of the reasons for its popularity. match.

Ledger private keys never touch the Internet?

What has long made Ledger unique compared to other hardware wallets is its Secure Element chip. Ledger claims that the chip can completely isolate and save the private key, so many people think that the Ledger hardware wallet is equivalent to the iPhone's Secure Enclave, making the private key completely inaccessible. But the release of the new feature Recover seems to break this impression, conveying to users that private keys can leave Secure Element in encrypted form. Although the Recover function is an optional service, the Nano X's firmware update will still build this function into the operating system.

From a technical point of view, Ledger actually requires users to "100%" trust it, because the entire mnemonic encryption and transmission process is closed and unverifiable. Currently, Ledger has not shown users how Ledger's recovery service securely encrypts user data and operates under the hood, and no one else can verify the security of the entire process except Ledger itself.

Although Ledger Recover does not let the seed phrase leave the device in an unencrypted state, users are concerned that Ledger has in fact provided a code that can send the seed phrase over USB/BT. In this case, there is a possibility that hackers can turn cold wallets into hot wallets through malicious attacks and obtain user mnemonic words. At the same time, users cannot be sure whether Ledger can prevent hackers from sending encrypted mnemonic fragments to one person in their entirety, or whether mnemonic fragments can only be decrypted by users themselves.

Privacy controversy brought about by the KYC process

In addition to the Recover feature itself, some users expressed concerns about user privacy. Hardware wallets are often seen as a way to store cryptocurrencies anonymously, however users who choose to use Ledger Recover will need to submit their identity information for the necessary mnemonic recovery verification. The experience is similar to the KYC process of centralized exchanges, raising user concerns about data breaches, hacking and government censorship, among other issues.

As a company with more than 4 million users, the assets managed by Ledger users are also considerable. Therefore, whether its users' personal information is directly used for phishing attacks or sold, it is of considerable value to hackers. In 2020, the company's 272,000 user information was stolen, and many users were subsequently harassed by a large number of phishing tools. Users are legitimately concerned about the authentication required to subscribe to the Recover feature, providing another potential outlet for their personal information.

Is MPC more secure?

After encountering a series of doubts and criticisms, on May 23, Ledger announced the postponement of the release of the Recover function, and said that it would release a white paper on the Recover protocol in the near future in an attempt to quell user doubts. Regardless of how the eventual event plays out, this Ledger crisis of trust could trigger a lot of thought for cryptocurrency security wallets, custody, and security practitioners. On a broader level, how to choose encrypted asset custody technology and solutions, whether to use hardware wallets or software wallets, are issues that institutional participants must carefully consider.

Break up the private key and make multiple backups to avoid exposing the private key to risks. Just as Ledger Reocver divides the mnemonic into three fragments for backup, there is actually no problem with this idea. However, the biggest technical risk of Ledger Recover is that the mnemonic word was originally stored in the hardware wallet as a piece of information, but now it is encrypted, split and transmitted to three parties. The whole process is opaque and has the risk of being hijacked. Any omission in any step may directly lead to the loss of assets.

Perhaps in the impression of many people, the custody wallet seems to be out of their control, and the hardware wallet feels more reliable in their own hands. In fact, managed wallet technology continues to advance and develop, and there are already very safe and flexible technical routes, one of which is the MPC (Multi-Party Computing) wallet.

Multi-party computing (MPC) refers to a computing method in which multiple participants collaborate to complete common computing tasks based on their own data under the condition of no central party, and all parties cannot infer other participants through the interactive data in the computing process. of the original data. Therefore, MPC has natural advantages in terms of security and ease of use. From the initial stage, the private key of the wallet has never appeared, and the private key shards are independently generated locally by multiple parties, which fundamentally eliminates single-point risks, and the MPC algorithm is open, peer-reviewed and field-tested, open and reliable.

Cobo MPC

Taking Cobo MPC WaaS (Wallet as a Service) as an example, Cobo MPC WaaS is based on MPC-TSS (Threshold Signature Scheme, threshold signature) technology, and provides digital asset coordination and blockchain technology services in the form of Wallet-as-a-Service .

MPC-TSS is a threshold signature technology based on multi-party secure computation. Using MPC-TSS technology, multiple parties each manage a private key shard (MPC Key Share), and complete the creation (Generate), signature (Sign) and recovery (Recover) of private keys through distributed computing. In the process of distributed computing, the private key fragments of any party will not be leaked due to collaborative interaction, and the complete private key will not exist anywhere in any form. MPC-TSS technology ensures that individuals and enterprises can use keys more conveniently, securely, and in compliance with business logic.

Cobo adopts a three-party cooperative management of private keys, and uses the multi-signature mode of ⅔. Three-party collaborative management means that the three participants each hold a private key shard. The multi-signature mode of ⅔ means that each transaction requires the cooperation of at least two participants to complete the operation of signing the transaction. This can ensure that Cobo cannot unilaterally misappropriate customer assets, and even if the customer's private key fragment is stolen, it cannot be used for transactions alone. In addition, customers can restore shards through Cobo and third parties. The choice of the third party is completely determined by the customer, thus ensuring the customer's complete control over the assets through technology and process.

The Ledger Recover incident made many users re-examine their private key management strategies. The MPC wallet, which seems to adopt a similar solution to Ledger Recover, actually has an essential difference in the bottom layer of security.