Bitcoin Forum

Bitcoin => Hardware wallets => Topic started by: rohanagarwal7 on June 21, 2023, 10:54:19 PM



Title: Shamir's Secret Sharing based Wallet - Cypherock X1
Post by: rohanagarwal7 on June 21, 2023, 10:54:19 PM
Cypherock X1 uses Shamir Secret Sharing along with distributed tamper-proof hardware storage used in the banking industry to prevent single point of failure with private key security. X1 has five components- 1 X1 Vault and 4 X1 Cards. Your Crypto seed phrases are distributed in these 5 components, such that you need any 2 out of those 5 to recover or even transact your Crypto assets. You can read more about using Cypherock X1 as seed phrase backup here - https://cypherock.com/wallet-backup

This is the product's 2nd use-case for people who already have a wallet setup for themselves and need a better way to manage their seed phrases, inheritance of their assets (soon) and aggregate their portfolio across the different wallets in one single place. You can learn how it works more here - https://www.cypherock.com/wallet-backup/how-it-works

The 1st use case of the product is a hardware wallet without seed phrase vulnerability. You can read about it more here - https://bitcointalk.org/index.php?topic=5459720.0

Product Features:

  • Allows you to secure 4 seed phrases with different PIN for each in a single product. Hence 1 Cypherock X1 is enough instead of buying 4 metal backups.
  • Open Source with secure elements both on the X1 Vault and the X1 cards. Source code - https://github.com/cypherock
  • Security Audit Completed by Keylabs.io without any major vulnerabilities found. Keylabs have found vulnerabilities in Ledger and Trezor before. Read more - https://cypherock.com/keylabs
  • Extra security over your seed phrases with a PIN protection on top of shamir shares stored on the hardware to protect against collusion
  • Use the same Cypherock X1 also to make emergency wallet transactions if needed. Read more - https://cypherock.com
  • It is BIP39 compliant. Hence compatible with the seed phrases of your favorite wallets like Ledger, Trezor, Coldcard, Foundation wallet etc.

I would love to get the community's feedback on the same. Here is a coupon code for 10% off if someone wants to try it out - bitcointalk10


Title: Re: Next-Generation Seed Phrase Backup with Cypherock X1
Post by: Pmalek on June 28, 2023, 07:00:04 AM
Shamir's Secret Sharing scheme is more secure than an ordinary seed backup that could be exposed if discovered, but it's not better than multisig. SSS introduces a single point of failure because the seed and its shards are constructed on the same device. Therefore, you rely only on the security of that one device. With a multisig, you can have multiple participants on different devices holding their own keys that are required to sign transactions. You don't have one point of failure as with SSS.


Title: Re: Next-Generation Seed Phrase Backup with Cypherock X1
Post by: Yamane_Keto on June 28, 2023, 12:20:53 PM
Shamir's Secret Sharing scheme is more secure than an ordinary seed backup that could be exposed if discovered, but it's not better than multisig. 
I thought they would use SSS alongside multisig the user could distribute his wallet seed, for example, to 5 places, and the possibility of recovery from 3 places, with multisig in the background, where it could be 3-of-5, and thus a good distribution of seeds to ensure that there are no single points of failure. the current idea is currently promoting Many risks, such as knowing your seed after the first signature, because seed will be exposed, or the existence of better alternatives such as multisig, or your need to trust the third party.

  • Use the same Cypherock X1 also to make emergency wallet transactions if needed. Read more - https://cypherock.com
I don't trust that an NFC-enabled card will enhance the security of my coins.
I searched and did not find information about this emergency wallet transactions service, is it similar to Ledger Recovery?


Title: Re: Next-Generation Seed Phrase Backup with Cypherock X1
Post by: rohanagarwal7 on June 28, 2023, 07:49:03 PM
Shamir's Secret Sharing scheme is more secure than an ordinary seed backup that could be exposed if discovered, but it's not better than multisig. SSS introduces a single point of failure because the seed and its shards are constructed on the same device. Therefore, you rely only on the security of that one device. With a multisig, you can have multiple participants on different devices holding their own keys that are required to sign transactions. You don't have one point of failure as with SSS.

I agree. Multisig transactions are generally expensive and the user experience is still a big stretch for most users. I just feel multisig is more suited for an enterprise rather than for most individuals. We wrote a blog comparing SSS to Multisig - https://www.cypherock.com/blogs/post-multi-sig-shamir

Moreover, you will still be able to create a multisig setup using Cypherock X1 also. That multisig setup will be more secure than any other wallet combination out there. Our aim with the Cypherock X1 is to create the best possible infra for securing a single seed.


Title: Re: Next-Generation Seed Phrase Backup with Cypherock X1
Post by: rohanagarwal7 on June 28, 2023, 08:04:53 PM
I thought they would use SSS alongside multisig the user could distribute his wallet seed, for example, to 5 places, and the possibility of recovery from 3 places, with multisig in the background, where it could be 3-of-5, and thus a good distribution of seeds to ensure that there are no single points of failure. the current idea is currently promoting Many risks, such as knowing your seed after the first signature, because seed will be exposed, or the existence of better alternatives such as multisig, or your need to trust the third party.


You can use SSS alongside multisig if you want. It is on the roadmap to support Multisig scripts soon. I am not sure how does the user know the seed after first signature. The seed is not even exposed during the wallet creation nor during transaction signing. Although there is an option on the device to generate the seed phrase back from X1 Vault and the X1 card + PIN again if you want to view it and still back it up somewhere.

Quote
I don't trust that an NFC-enabled card will enhance the security of my coins.

It does actually. The cards are EAL 6+ certified secure elements. Hence, they have brute force protection through a time exponential function enforced through a 4-8 character alphanumeric PIN. Hence, even if a hacker gets hold of 2 of the 4 cards, they still have to find a way to hack the card individually and bypass the PIN protection to be able to compromise your assets which is extremely improbable.

Quote
I searched and did not find information about this emergency wallet transactions service, is it similar to Ledger Recovery?

Not really. There is no emergency wallet transactions service. The same seed phrase backup product also doubles up as a hardware wallet. So, you can use the cySync desktop app along with X1 Vault + 1 X1 card to make transactions incase your Coldcard/Trezor/Ledger or any other BIP39 wallet is not available. You can read more here - https://www.cypherock.com/how-it-works


Title: Re: Next-Generation Seed Phrase Backup with Cypherock X1
Post by: Yamane_Keto on June 29, 2023, 11:42:01 AM

Not really. There is no emergency wallet transactions service. The same seed phrase backup product also doubles up as a hardware wallet. So, you can use the cySync desktop app along with X1 Vault + 1 X1 card to make transactions incase your Coldcard/Trezor/Ledger or any other BIP39 wallet is not available. You can read more here - https://www.cypherock.com/how-it-works
Hmmm I have read this article and it seems to have more details https://cypherock.gitbook.io/cypherock/design-decisions/cypherock-is-bip39-compliant

ENT> Mnemonics> BIP39 Seed> Master Node> Purpose Node> Coin Node> Account Nodeء> Change Node> Address Index Node.
all you will get is data stored inside each X1 Card and it is impossible to extract the private key from those cards right? That is, if a problem occurred and I was unable to obtain the X1 Card, are there no other solutions to access the private key?

I have read that I only need 2 cards out of 5 X1 Card. Is this option static or dynamic so that I can change the number to 3 or add more than 5 X1 Card.



Title: Re: Next-Generation Seed Phrase Backup with Cypherock X1
Post by: Pmalek on June 29, 2023, 03:36:19 PM
I have read that I only need 2 cards out of 5 X1 Card. Is this option static or dynamic so that I can change the number to 3 or add more than 5 X1 Card.
Their website mentions two different pieces of information. You can read "Five shards protect your Crypto, but you only need two to spend it" on https://www.cypherock.com/how-it-works. But their main page says "To make a Crypto transaction, just fetch and tap any 1 out of the 4 cards on the X1 wallet." (https://www.cypherock.com/)

@rohanagarwal7 How many are needed? One or two cards for spending and/or recovery? 

It does actually. The cards are EAL 6+ certified secure elements.
That's another point I noticed that doesn't match with what your website mentions.

I quote:
Quote
X1 Cards are NFC-based smartcards with EAL 5+ secure elements.
https://www.cypherock.com/

Again, which one is it?


Title: Re: Next-Generation Seed Phrase Backup with Cypherock X1
Post by: rohanagarwal7 on June 29, 2023, 06:27:03 PM
Quote
Hmmm I have read this article and it seems to have more details https://cypherock.gitbook.io/cypherock/design-decisions/cypherock-is-bip39-compliant

ENT> Mnemonics> BIP39 Seed> Master Node> Purpose Node> Coin Node> Account Nodeء> Change Node> Address Index Node.
all you will get is data stored inside each X1 Card and it is impossible to extract the private key from those cards right? That is, if a problem occurred and I was unable to obtain the X1 Card, are there no other solutions to access the private key?

I have read that I only need 2 cards out of 5 X1 Card. Is this option static or dynamic so that I can change the number to 3 or add more than 5 X1 Card.


On a high level, the card stores one of the Shamir shares of the ENT. The card have 4-8 alphanumeric PIN based brute force protection to protect the share. As long as you have device + 1 card or 2 cards working, your assets are fine. If you think, you still require to backup the seed phrase separately, you can always do that as well.

There are 4 X1 cards having the 4 Shamir shares. The 5th share is in the device. So you need the device + any 1 card to operate. It is currently static to make it easy for most users. We will offer customizations in the future.


Title: Re: Next-Generation Seed Phrase Backup with Cypherock X1
Post by: rohanagarwal7 on June 29, 2023, 06:36:21 PM
Quote
Their website mentions two different pieces of information. You can read "Five shards protect your Crypto, but you only need two to spend it" on https://www.cypherock.com/how-it-works. But their main page says "To make a Crypto transaction, just fetch and tap any 1 out of the 4 cards on the X1 wallet." (https://www.cypherock.com/)

@rohanagarwal7 How many are needed? One or two cards for spending and/or recovery? 

It is actually the same. There are still only 4 cards. The thing you are getting confused is that one of the shards is also stored on the device. Hence you need 1 device + 1 card or 2 cards (along with PIN if set) to view the seed phrase or make a transaction.

Quote
Again, which one is it?

Apologies on this. The older set of cards were EAL 5+. We have shifted to EAL 6+ certified Javacards for the current batch. We will update the website soon to reflect the same.


Title: Re: Next-Generation Seed Phrase Backup with Cypherock X1
Post by: Pmalek on June 29, 2023, 06:49:45 PM
It is actually the same. There are still only 4 cards. The thing you are getting confused is that one of the shards is also stored on the device. Hence you need 1 device + 1 card or 2 cards (along with PIN if set) to view the seed phrase or make a transaction.
OK, got it. The positive thing is that users have an option to view their seed phrases and could make offline backups of them if they wanted. If I forget the PIN to my cards, is there a way to reset it? Or, will I have to order a brand new set of cards?


Title: Re: Next-Generation Seed Phrase Backup with Cypherock X1
Post by: rohanagarwal7 on July 01, 2023, 08:15:13 AM
Quote
OK, got it. The positive thing is that users have an option to view their seed phrases and could make offline backups of them if they wanted. If I forget the PIN to my cards, is there a way to reset it? Or, will I have to order a brand new set of cards?

There is no way to reset it. Instead of deleting the wallet which could be more catastrophic if the user forgets the PIN, we decided to implement a time exponential function instead. After 3 wrong attempts, the timer to enter a new PIN attempt increases exponentially upto 100 years. You can as you mentioned can order new cards.

For people who think they can forget the PIN, we advise the user to backup the PIN somewhere which is still exponentially more secure than backing up a seed phrase. We will as mentioned also launch a no-KYC inheritance service soon that will allow users to recover the forgotten PIN also apart from passing on the assets to their loved ones.


Title: Re: Next-Generation Seed Phrase Backup with Cypherock X1
Post by: rohanagarwal7 on September 04, 2023, 12:15:54 PM
We got reviewed by Athena Alpha - https://www.athena-alpha.com/cypherock-x1-review/


Title: Re: Next-Generation Seed Phrase Backup with Cypherock X1
Post by: rohanagarwal7 on November 01, 2023, 01:12:53 PM
Cypherock X1 now ships with a Hard Case - https://twitter.com/CypherockWallet/status/1719697106984972728

  • Comes FREE as part of the packaging
  • Is a Faraday Cage to protect against unintended EM waves
  • Use it to keep other hardware wallets along with your Cypherock X1 safe against scratches
  • It is Dust & Water Resistant


Title: Re: Shamir's Secret Sharing based Wallet - Cypherock X1
Post by: rohanagarwal7 on January 12, 2024, 02:33:24 PM
Cypherock X1 became the highest rated hardware wallet by Coinbureau - https://www.coinbureau.com/review/cypherock-review


Title: Re: Shamir's Secret Sharing based Wallet - Cypherock X1
Post by: Pmalek on January 12, 2024, 03:06:36 PM
Cypherock X1 became the highest rated hardware wallet by Coinbureau - https://www.coinbureau.com/review/cypherock-review
No offence to you or your product since I have never had the chance to try one or read much about it, but I wouldn't trust CoinBureu to be a neutral source of information. I have seen many of his videos and have no complaints regarding the quality, but many of his content is sponsored and even paid-for-promotion.


Title: Re: Shamir's Secret Sharing based Wallet - Cypherock X1
Post by: rohanagarwal7 on January 22, 2024, 01:07:21 PM
Quote
No offence to you or your product since I have never had the chance to try one or read much about it, but I wouldn't trust CoinBureu to be a neutral source of information. I have seen many of his videos and have no complaints regarding the quality, but many of his content is sponsored and even paid-for-promotion.

I completely understand your concern and we know a lot of wallets that paid them for a review. However as written in the review itself, we did not pay them anything upfront at all. All we gave them are a couple of devices and an affiliate commission for every sale which is standard for every reviewer.


Title: Re: Shamir's Secret Sharing based Wallet - Cypherock X1
Post by: rohanagarwal7 on April 23, 2024, 10:42:20 AM
We just announced Cypherock Cover, a non-custodial & non-KYC inheritance-style recovery service for all your Crypto - https://twitter.com/rohanagarwal94/status/1782504675620655176


Title: Re: Shamir's Secret Sharing based Wallet - Cypherock X1
Post by: DaveF on April 23, 2024, 12:27:30 PM
From: https://www.cypherock.com/blogs/cypherock-cover
Quote
As discussed, most people buy a hardware wallet to hold Crypto assets for the long term

Do people really use hardware wallets for long term? Most of the people I know use them for more security in their hot storage and use other methods for long term cold storage.

Admittedly Dave and the people he discusses crypto with is a very small sample size. Has there been any real research done into what / how people are using hardware wallets for.
Long term? Short term? Both?

-Dave


Title: Re: Shamir's Secret Sharing based Wallet - Cypherock X1
Post by: satscraper on April 23, 2024, 04:30:07 PM
We just announced Cypherock Cover, a non-custodial & non-KYC inheritance-style recovery service for all your Crypto - https://twitter.com/rohanagarwal94/status/1782504675620655176

Cypherock Cover,the  scheme that makes the  simple stuff   unfeasibly large and bulky.

Speaking of inheritance itself. Split SEED phrase into SSS blobs using 2 of 3 scheme.  Encrypt each blob with your hardware based  pgp key (How the setup such keys is described here (https://bitcointalk.org/index.php?topic=5469280.msg63961732#msg63961732)). Give one of the encrypted  blobs and   HW security key to your nominee.  Include one of the remaining  encrypted blobs into you legal will with  assigned   nominee as the lawful beneficiary under will. Instruct lawyer to hand over this will to nominee after your passing.As simple as that. A simple and reliable  inheritance plan that doesn't require Cypherock Cover.


Title: Re: Shamir's Secret Sharing based Wallet - Cypherock X1
Post by: SFR10 on April 23, 2024, 05:18:19 PM
We just announced Cypherock Cover, a non-custodial & non-KYC inheritance-style recovery service for all your Crypto - https://twitter.com/rohanagarwal94/status/1782504675620655176
Would you mind sharing the rough estimates of the costs for both of the plans?

Nominee #2 receives the encrypted message 3 months after nominee #1 receives it, which allows nominee #1 to take precedence in estate recovery but still ensures recovery in case nominee #1 is also deceased.
Am I correct in assuming that there aren't any inactivity checks for nominee #1?
- Not sure if I'm just being pessimistic, but I do have mixed feelings about the second nominee option.

Additionally, the user can also define an executor as part of the setup who does not have any financial stake but can be assigned as a helper by the user in the estate recovery process for the nominee.
Does the executor have a similar set of requirements to the nominees?


Title: Re: Shamir's Secret Sharing based Wallet - Cypherock X1
Post by: rohanagarwal7 on April 30, 2024, 06:16:40 PM
Quote
Do people really use hardware wallets for long term? Most of the people I know use them for more security in their hot storage and use other methods for long term cold storage.

Yes, you would be surprised at how many actually.

Quote
Admittedly Dave and the people he discusses crypto with is a very small sample size. Has there been any real research done into what / how people are using hardware wallets for.
Long term? Short term? Both?

Very hard data to gather to be honest. But if you manage to find it, please do share it here.


Title: Re: Shamir's Secret Sharing based Wallet - Cypherock X1
Post by: rohanagarwal7 on April 30, 2024, 06:28:31 PM
Quote
Cypherock Cover, the  scheme that makes the  simple stuff   unfeasibly large and bulky.

Speaking of inheritance itself. Split SEED phrase into SSS blobs using 2 of 3 scheme.  Encrypt each blob with your hardware based  pgp key (How the setup such keys is described here (https://bitcointalk.org/index.php?topic=5469280.msg63961732#msg63961732)). Give one of the encrypted  blobs and   HW security key to your nominee.  Include one of the remaining  encrypted blobs into you legal will with  assigned   nominee as the lawful beneficiary under will. Instruct lawyer to hand over this will to nominee after your passing.As simple as that. A simple and reliable  inheritance plan that doesn't require Cypherock Cover.

You don't know how difficult that is for 99% of the people to do what you just described. So many ways you can screw things up and prevent the assets from being inheritable. Not to forget how expensive it can be to update this setup over time relative to our solution.


Title: Re: Shamir's Secret Sharing based Wallet - Cypherock X1
Post by: rohanagarwal7 on April 30, 2024, 07:06:47 PM
Quote
Would you mind sharing the rough estimates of the costs for both of the plans?

We are going with $25/wallet/year for silver plan which includes just PIN recovery and $100/wallet/year for gold plan which includes estate recovery also.

Quote
Am I correct in assuming that there aren't any inactivity checks for nominee #1?

Yes

Quote
- Not sure if I'm just being pessimistic, but I do have mixed feelings about the second nominee option.

You can choose not to have nominee #2. Its optional.

Quote
Does the executor have a similar set of requirements to the nominees?

Its a little different. Unlike the nominee, the helper won't know upfront that he is a helper. It is again optional.


Title: Re: Shamir's Secret Sharing based Wallet - Cypherock X1
Post by: satscraper on May 01, 2024, 06:07:52 AM
Quote
Cypherock Cover, the  scheme that makes the  simple stuff   unfeasibly large and bulky.

Speaking of inheritance itself. Split SEED phrase into SSS blobs using 2 of 3 scheme.  Encrypt each blob with your hardware based  pgp key (How the setup such keys is described here (https://bitcointalk.org/index.php?topic=5469280.msg63961732#msg63961732)). Give one of the encrypted  blobs and   HW security key to your nominee.  Include one of the remaining  encrypted blobs into you legal will with  assigned   nominee as the lawful beneficiary under will. Instruct lawyer to hand over this will to nominee after your passing.As simple as that. A simple and reliable  inheritance plan that doesn't require Cypherock Cover.

You don't know how difficult that is for 99% of the people to do what you just described. So many ways you can screw things up and prevent the assets from being inheritable. Not to forget how expensive it can be to update this setup over time relative to our solution.

Time is flying  and who knows what will happen with Cypherock  (and as consequence with all its so called inheritance scheme) let's say in 25 years

Solution I have proposed is in the hands of people rather than of 3rd  (http://d)company .

Besides it is more cost effective. In my estimation it requires 3 flash drives/SDcards ( two of them as a backup just for the case) ~ $8-10  to keep SSS blob and  two pgp HW key (again one for backup, ~$60) and of this for all period, let's take  25 years. Your solution for the same period will cost $25 x 25 + cost of hardware (silver plan) or $100 x 25 + cost of hardware (gold plan)  :)


Title: Re: Shamir's Secret Sharing based Wallet - Cypherock X1
Post by: rohanagarwal7 on May 01, 2024, 07:12:11 AM
Quote
Besides it is more cost effective. In my estimation it requires 3 flash drives/SDcards ( two of them as a backup just for the case) ~ $8-10  to keep SSS blob and  two pgp HW key (again one for backup, ~$60) and of this for all period, let's take  25 years. Your solution for the same period will cost $25 x 25 + cost of hardware (silver plan) or $100 x 25 + cost of hardware (gold plan)  :)

You should add the legal costs to this.


Title: Re: Shamir's Secret Sharing based Wallet - Cypherock X1
Post by: satscraper on May 01, 2024, 07:53:38 AM
Quote
Besides it is more cost effective. In my estimation it requires 3 flash drives/SDcards ( two of them as a backup just for the case) ~ $8-10  to keep SSS blob and  two pgp HW key (again one for backup, ~$60) and of this for all period, let's take  25 years. Your solution for the same period will cost $25 x 25 + cost of hardware (silver plan) or $100 x 25 + cost of hardware (gold plan)  :)

You should add the legal costs to this.

Adding the legal will  cost nothing  to users who already have their wills. To include into the  will just an envelope with SSS blob will cost nothing.

Here you are the cost for hardware needed.

2GB Flash Drive (https://www.amazon.com/Flash-Wooolken-Memory-Portable-Storage/dp/B0BZ876DLS) - $5.68 . And you can get even cheaper if buy such things in pack. Just do a search. :)

Security Key C NFC (https://www.amazon.com/s?k=yubikey+5) (for setting up pgp key) - $29.00

Looks much cheaper than your hardware, isn't it.  

And besides, no 3rd party.


Title: Re: Shamir's Secret Sharing based Wallet - Cypherock X1
Post by: SFR10 on May 01, 2024, 07:21:47 PM
Its a little different. Unlike the nominee, the helper won't know upfront that he is a helper. It is again optional.
Thank you for the above explanations, but I still need clarification about how the executor can help a nominee in the estate recovery process.
- Despite not getting the whole picture yet, I think it'd be better to assign someone willing to act as the helper than assigning someone who might end up not helping the nominee at all.


Title: Re: Shamir's Secret Sharing based Wallet - Cypherock X1
Post by: rohanagarwal7 on September 09, 2024, 04:03:21 PM
Quote
Thank you for the above explanations, but I still need clarification about how the executor can help a nominee in the estate recovery process.

Think of the executor as someone who has technical know hows but does not have have financial skin in the same. This is could be your family friend. Again it is optional and you can completely choose against nominating someone here.
After careful scrutiny, Cypherock X1 has been listed on the official Bitcoin.org website - https://bitcoin.org/en/wallets/hardware/?platform=hardware&step=5