Cypherock
  • Introduction
  • Design Decisions
    • The balance between security and convenience
    • Cypherock X1 Hardware architecture
      • Using ultrasonic welding for the X1 Vault enclosure
      • Encrypted NFC communication for X1 cards
      • Using Javacards instead of MicroSD
      • Choosing USB vs QR Code
      • Why the X1 cards are not upgradeable
    • Cypherock is BIP39 compliant
    • Private keys should be near to impossible to extract
    • Conflict between trusted parties should not result in unauthorized access
    • Using Shamir Secret Sharing vs. Multi-sig
      • How is Shamir Secret Sharing implemented within Cypherock X1
      • Why Cypherock has a default 2/5 threshold scheme
      • Rejected Key Schemes
    • PIN Protection on Cypherock X1
      • Difference between backing up your PIN vs. Seed Phrase
  • Security Overview
    • Introduction
    • Keylabs - Third Party Security Audit
    • Remote Attacks
    • Physical Attacks
      • $5 Wrench Attack
      • PIN Brute Force Attack
      • Evil Maid Attack
      • Flashing Malicious Firmware
      • Side Channel Attack
      • Supply Chain Attack
  • Cypherock X1 Features
    • Eliminate messy paper backups
    • Open source with secure elements
    • Use Cypherock as a seed phrase vault
    • All-in-one Portfolio Manager
  • Getting Started
    • Download cySync
    • Import Seed Phrase from existing BIP39 compatible wallet
    • Generate a new wallet with Cypherock X1
    • How Cypherock generates your 24-word seed phrase
    • Best practices in keeping your X1 cards secure
      • Use the protective card sleeves
      • Geographical Seperation
      • Choosing your guardians
    • How do I know I am not locked-in to using only Cypherock X1
    • How do I know my Cypherock X1 is genuine?
      • Email 2FA for Product Authentication
    • How to recover your Crypto assets in the case of loss or theft
    • What happens to my Cypherock X1 if Cypherock goes out of business?
Powered by GitBook
On this page
  • Security concerns
  • Cypherock: open source, but secure?

Was this helpful?

  1. Cypherock X1 Features

Open source with secure elements

Open-source technology has spurred innovation and has also allowed various applications to maintain security as well as garner interest from the developer community to further the technology. In the world of web3 wallets, open-source technology especially is important since verifiability around key operations is a primary concern. Although open-source software has been a boon, there are security concerns that come with a project being open-source - especially when it comes to cryptocurrency wallets, where sensitive information could be at risk.

Security concerns

There are essentially three main risks that come with using open-source software from a security perspective:

  1. Open-source software development is decentralized. This means that there is essentially no authority that is ensuring the safety of any given fork of the software.

  2. Crypto wallets inherently access sensitive information, and vulnerabilities discovered in the source code can be exploited by attackers before a patch is released.

  3. Electronic chips that allow the firmware to be open-source generally lack security measures that can be used to secure data stored on them.

To mitigate security risks, crypto wallets take the closed-source approach and utilize a component called a secure element that is required to generate and secure private keys. For the most part, secure elements require NDAs between the wallet company and the manufacturer of the component which restricts wallet companies from making their wallet code open-source. However, the risk of closed source systems is also valid, where the company could be privy to a zero-day attack. So, how can a system be open-source, but also be highly secure?

Cypherock: open source, but secure?

Cypherock X1 has a unique architecture when it comes to managing private keys because, unlike other wallets, the private key does not suffer from a single point of failure. Cypherock uses an algorithm called Shamir Secret Sharing that splits the private key upon wallet creation into 5 cryptographic parts, which are independently stored on 5 hardware components - the X1 Vault and 4 X1 cards. Each individual component has a secure element, but their nature in regard to NDAs is different. The X1 Vault utilizes a secure element called ATECC608A which does not require NDAs to be signed by Cypherock whereas, the X1 cards possess an EAL6+ secure element which does require NDAs to be signed by Cypherock but is significantly proven to be more secure than ATECC608A.

The advantage of this architecture is that Cypherock can make the X1 Vault code open for review while keeping the code for the X1 cards proprietary. Making the X1 Vault open source ensures that anyone can verify the wallet operations performed with the private keys while ensuring that 4 out of 5 parts are stored securely on the 4 X1 cards which have EAL 6+ secure elements. Hence, any associated risks of being open source become futile for the Crypto private keys secured through Cypherock. Since the private keys are split into the X1 Vault alongside the X1 cards, keeping the X1 card code proprietary, and not upgradeable helps Cypherock be open source, as well as secure.

PreviousEliminate messy paper backupsNextUse Cypherock as a seed phrase vault

Last updated 1 year ago

Was this helpful?