Recap of Interview with Hardware Wallet Founder, Alexey Devyatkin
Our founder and CEO, Alexey Devyatkin, had a conversation with Sunscrypt (Sunscrypt is the official representative of hardware wallets in the Russian Federation and the CIS territory, as well as an influencer on YouTube and Telegram), where he delved into the most frequently asked questions about 1inchHW.
You will learn more about the security model, backups, multicurrency, and many other important aspects.
Below is a summary highlighting the key points covered during the interview.
The pains of the industry that you would like to change in your product
The deal with small screens is they can’t quite handle showing all the necessary info. Take, for example, when you’re making a transfer, moving your assets from one address to another. That’s when you realize there’s not sufficient space on the screen for two complete addresses. Between the beginning and the end of the address, there are just these dots, and beyond that, it’s like blank space. So, you find yourself stuck with this blind signature situation, and that’s a pretty big deal in the hardware wallet market.
We aim to make it crystal clear for the user, to have it make sense in a way that just feels natural. The user should grasp what’s going on, what they’re putting their signature on, and the whole essence of the transaction. You should feel sure that you can double-check each digit and letter without a hitch.
Over on our side, we’re getting ready to kick off some internal checks offline. The goal is to catch whether an address is flagged on a blacklist or tangled up in other security measures. We’re honing in on making sure folks get a heads-up when it comes to signing anything sketchy or downright risky. Our main focus is locking in a device that’s not just super secure and safe but also keeps things crystal clear in a way that just makes sense. It’s right up there at the top of our to-do list.
The most challenging aspect of creating a hardware wallet
Product development involves forming a team. As the founder and CEO of this project, my main duty is to gather a crew of skilled industry experts, ensuring we craft a top-notch product. If we’re aiming for something on par with, say, Apple’s phone, our specialists need to be right up there with Apple’s caliber.
For me, the major challenge was putting together a team capable of bringing their expertise to the table, using the right approaches to design such devices, and creating a product that truly stands out. Why? Well, there are numerous hurdles. To start, software and hardware development are worlds apart. With software, we can whip up a quick MVP, release it as is, and continually update and refine it with hotfixes. Hardware, on the other hand, doesn’t work that way. Because we need to thoroughly plan out a comprehensive set of features we want to embed in the device. Essentially, we’re crafting, first and foremost, a hardware platform meant for mass production.
Getting ready for production is like a whole different phase. Before diving into that stage, there are a bunch of steps leading up to creating a product ready for release and mass production. There’s all the research, the MVP phase then comes the Engineering Validation Test stage, followed by the Design Validation Test stage, and the pre-production Validation Test.
The security model of the 1inch Hardware Wallet
When exploring our strategy, our initial game plan revolved around a fundamental principle, particularly the core value embedded within the 1inch сore team — the aim was to craft predominantly open-source solutions. Consequently, we carried forward the same approach when developing the device.
However, at a certain point, it hit us that such a design was lacking in robust security. Why? Well, there are these chip manufacturers, and we’re not in that league; meaning, we’re not the vendors. Essentially, we’re putting all our trust in what the chip vendor claims. So, if there are any potential security vulnerabilities at the chip’s design level, at the crystal level, we’re pretty much hands-tied and can’t fix them.
Like many other projects, we chose to build our device using chips from STMicroelectronics, but there’s a security gap — these chips can glitch, opening up the door for unauthorized access. There are plenty of instances, like when Trezor devices got hacked. Naturally, we gathered data, researched thoroughly, and examined all these breaches.
Furthermore, we’ve been working hand-in-hand and maintaining ongoing collaboration with audit companies like KeyLab. They’re right in the thick of auditing most of the cold wallet solutions out there. We’re in constant touch with them, keeping the communication lines tight. Every design goes through their approval and gets fine-tuned with their help to reach the most fitting state. There came a moment when we recognized that crafting the utmost secure device required the integration of a secure element. In simple terms, on the second go-around, we brought in a secure element.
So, we have a secure store directly embedded in the microcontroller. The main task is to encrypt the secure store, where private keys are stored, in the most secure way possible. In other words, entering the PIN code is linked to the fact that all crucial information is stored in the secure element.
If we’re talking about security, my initial usage experience revealed that most solutions on the market are based on a PIN code. Accordingly, the PIN code protects the user from unauthorized access to the device. No matter how solid we make the device, the whole security game boils down to the complexity of that PIN code — it’s the lock and key. When I found out that all these PIN codes are sticking strictly to numbers, I got to thinking: Why not throw in special characters, mix in some uppercase and lowercase letters, just to shake things up and maybe lower the chances of someone messing with your data? So, I made up my mind that we ought to roll out a full QWERTY keyboard, throwing in special characters, plus both uppercase and lowercase letters, to crank up the complexity of the PIN code that locks down the device.
Waterproofness
It would be foolish to rely on a non-waterproof device to provide truly secure storage for your private keys. Any port, such as USB, essentially creates a potential opening for moisture to sneak in. That’s why I went for crafting the most straightforward device that still ticks all the boxes. Simple example: you forget your wallet in your pocket, and it takes a detour through the washing machine. No biggie. Just give it a good wipe down with a cloth, power it up right away, and you’re back in business like nothing ever went down.
The physical characteristics of 1incHW
The device itself has the form factor of a credit card, matching its dimensions completely. The only difference is in the thickness; we are currently aiming for approximately 4–5 millimeters. Slip this right into your regular wallet, no problem.
Personally, I’m a firm believer that a touch screen can outlast any mechanical button. It’s plain and simple — even if your touchscreen picks up a few scratches, it’s likely to keep on trucking at a solid 100%.
This wallet comes decked out with an E-ink display, just like the kind you find in an electronic book, say, like a Kindle. I’d call it an energy-smart display. See, we had some pretty tight size rules for this device, sticking to the credit card shape with a slim 4 mm thickness. Squeezing in a big battery with that kind of setup? Nearly impossible. So, we went with this compact 1 mm thick battery, not a powerhouse in terms of capacity, but with this move, the device keeps chugging along for a good stretch.
So, we did some rough calculations, and it looks like if you’re signing one or two transactions a day, this device ought to keep running for about two weeks on a single charge. Now, if you’re more of a once-a-week transaction kind of person, you’re looking at the device going strong for several months on just one charge. Seems like a pretty efficient setup, keeping the device rolling as long as possible on a single charge.
The device has a metal body, and the frame is crafted from aluminum. Topped off on both ends with Gorilla Glass 6, making it sturdy and robust. Right now, it’s got this sleek design, giving off vibes similar to an iPhone or the usual smartphones used in today’s world.
We’ve woven in a 2.7-inch touchscreen display for that natural back-and-forth with users. It lets users glide through actions just like they would on a smartphone, keeping them in the loop without missing a beat in the process.
(Comment from the editor: It’s possible that we may switch to a larger screen once we finalize EVT2. Stay tuned!)
How transactions go down
Right now, we had the game plan for the device to be fully air-gapped, and we geared up the wallet with a camera. In the initial version, we laid out two interfaces: the main camera setup and NFC as an extra interface.
But looking ahead, we figured there’s a demand for Bluetooth too. We’re in the exploration phase with that idea. Can’t say for sure if Bluetooth will make the cut in the current release, as it might stretch out our roadmap. It’s a bit of a balancing act, needing extra resources for both the hardware and the matching software. So, at this point, we’re leaning toward the main interfaces, which are the camera and NFC.
This is quite convenient, especially for users who prioritize signing transactions securely. The camera makes it a breeze to scan QR codes from a mobile phone or any other device, whether it’s a laptop or desktop. It’s lightning-fast, so when you’re linking up to a computer, like, no need to bother with installing any drivers or extra software.
Backups
Here are the two main queries from our community. The top one is directly about blind transaction signing, especially in the realm of DeFi operations. Now, the second most frequent question is all about how we manage backups. Currently, we’re brewing up two main approaches to tackle this. The first notion involves regular backups, jotting things down on paper or a Metal Sheet, and exploring any other available options at the moment to keep the Seed phrase intact in its clear form.
As an extra option, we’re mulling over the chance of crafting backups on an NFC card. That means bundling NFC cards with the device and letting users create a backup on them. The approach here is quite straightforward: we create a backup on an NFC card and encrypt it with a PIN code. In terms of the process, it’s easier for any individual to remember a PIN code, decrypt the phrase, and restore the wallet. At this moment, I can’t confirm whether this will be an added feature or part of the package; we’re currently in the approval process. There might be a card included, perhaps one card in the set, and extra cards could be available for an additional fee.
Once again, I aim to bring as much value to the community as possible and keep the project as open as can be. When the release time rolls around, we’ll go through all the audits, open it up as open source, and possibly even uncover not just the software but also the hardware. This means that users deeply concerned about security might have the chance to put it together themselves.
Multi-seed
During our initial customer development and discussions with founders from different projects, we found it quite peculiar that you have to buy a device that allows setting up only one wallet with a unique seed phrase. At first, I thought it was a constraint of the secure chip, but it turned out to be more of a marketing strategy. Because, when it comes to hardware, there’s no distinction.
Yet, if we’re talking about the right approach in crafting embedded software architecture, it doesn’t matter if you want to store one or five private keys. From a resource and memory standpoint, it’s a minor difference. In terms of security organization, it’s a bit more intricate but still a manageable task. Looking at it from a marketing standpoint, it’s evident that any project would prefer to sell you five devices if you have five different wallets rather than just one.
As of now, in 1inchHW, there is enough memory for, let’s say, about five distinct wallets, each with its separate seed phrase. It’s crucial to mention that right from the start, we’ll also endorse derivation, using an HD Wallet with BIP44 compatibility. This means that from one seed phrase, from one private key, you can create multiple wallet addresses. This expands the device’s functionality and effectively increases the number of sets, so to speak, of wallets that can be stored in one device.
Integration with other services
Anyone intrigued might have the chance to integrate our wallet down the road. To make this happen, we’re in the process of developing an SDK, making the integration of our wallet into any solution swift and effective. This move doesn’t just widen our reach but also extends the user base of the projects that incorporate our device. In essence, we’re proponents of integration and collaboration. To back this up, we’ve even incorporated the IP4527 open protocol into our device, leveraging QR codes. It stands as a universal standard, and if an application is in sync with this standard, chances are our wallet will seamlessly mesh with it.
Multicurrency
Currently, it’s clear that we’re backing EVM chains. This stems from our integration into the existing Hot Wallet solution by 1inch. Consequently, the primary focus has been on EVM chains in that domain. Essentially, 1inch stands as a DeFi project inherently leaning towards and concentrating on EVM solutions.
However, at the same time, we acknowledge that for any wallet striving to be a comprehensive solution, it needs to support classic blockchains like Bitcoin. We are actively working on this aspect as well. So, I believe that initially, our support will encompass EVM networks, as present in the 1inch Wallet. Still, shortly, we have plans for integrating Bitcoin support.
Wallet Update
Originally, the plan was to push firmware updates directly through QR codes, especially since we crafted the solution to be fully air-gapped. However, our tests uncovered that this method is quite clunky. While it’s technically doable, users would have to sit tight for about an hour to get the entire firmware updated through a string of QR codes. Moreover, this approach presents a one-way interface with no way to confirm the integrity of data reception.
Wreck on this method is more fitting for tech enthusiasts, given the complexity of updating firmware via QR code. Hence, we settled on including NFC on board, offering a much wider and convenient route for firmware updates. Simply put, if updates are expected to roll out approximately once a month, spending 15 minutes to update the firmware via NFC is way more straightforward than investing an hour and a half in the QR code marathon.
Join the waitlist!
Stay connected with us!
Website: https://hw.1inch.io/
Twitter: https://twitter.com/1inchHW
Telegram Announcement Channel: https://t.me/OneInchHW
Medium: https://medium.com/@OneInchHW
LinkedIn: https://www.linkedin.com/company/hwlt
