 |
January 30, 2026, 05:33:02 PM |
|
Hi everyone
I wanted to share the technical architecture of a system I have been building called Epheris. It is a hardware based secure terminal designed for off grid messaging and payments. The goal was to move away from software wallets where keys can be extracted and build something that actually uses hardware constraints to enforce security.
The hardware side is what I call the Vipper. It is built on an ESP32 paired with an NXP SE050 Secure Element. I am not using the SE just for key storage but for state management. The master identity uses a persistent Secp256k1 key pair generated internally at ID 0x7B000404 which never leaves the chip. This is central to the design because it means no KYC or passwords are required. Your identity is simply the cryptographic proof that you hold the hardware key, established via ECDH.
The critical part for offline security is a hardware enforced 4 byte monotonic counter at ID 0x7B000405. This prevents replay attacks physically. Every time you spend or load funds the firmware increments this via atomic APDU commands. I also locked down the firmware to explicitly block any raw blind signing so if the phone gets compromised it cannot force the hardware to sign a transaction it did not verify.
For offline payments I implemented a model I call the Magazine. It is a state machine with 5 slots mapped to specific SE050 Key IDs ranging from 0x7B000410 to 0x7B000414. The address for these slots is created internally by the Vipper and never exposed. This leads to a specific design trade off: there is no seed recovery for the spending wallet. This is intentional. If seed recovery were possible, a malicious user could pay someone offline, run to an internet connection, recover the wallet, and broadcast a conflicting transaction with a higher fee to steal the funds back before the offline receiver syncs. By locking the key in silicon, we treat the funds as a bearer asset, like digital cash.
The firmware fully implements BIP-143 for P2WPKH Segwit transactions inside the chip. It reconstructs the entire transaction preimage including version and amounts using the internal slot data before signing. This means the hardware verifies the math independently of the app.
Communication is handled via asynchronous LoRa on an SX1262 module using non blocking transmits so the main loop can still handle BLE requests. I implemented a lock system to prevent race conditions between the bluetooth tasks and the crypto operations.
On the backend which I call epheris-core I am using Cloudflare Workers with Durable Objects to create a real time multiplexer. Every user gets assigned a dedicated Durable Object based on their public key which acts like a personal inbox that never sleeps. For privacy I added a broadcast relay that acts as a proxy for Bitcoin transactions so your IP address is never exposed to the blockstream API or the network.
The syncing uses monotonic sequence IDs for the inbox so if you are offline for a week you just request everything since your last ID and get zero data loss. On the frontend app the philosophy is zero trust. The app never handles private keys it just requests signatures from the hardware. To further secure the input I added a native keyboard with a scramble function that randomizes the touch coordinates to prevent keyloggers from capturing sensitive inputs. I also implemented JIT decryption where messages are stored encrypted in the local database and only decrypted on the fly when loaded into the UI.
This has been a long time coming but I think the combination of monotonic counters in hardware and the sequence IDs in the cloud solves a lot of the resilience issues we usually see in these kinds of mesh projects. I am keen to hear what you guys think of the architecture.
|
