Ardor HD Wallet Cryptography

The cryptography behind the Ardor HD wallet implementation

Lior Yaffe
Mar 16 · 2 min read

We at the Jelurida R&D lab wanted to implement HD wallet for Ardor for a long time. However, for a while, we were missing the basic building blocks and the knowledge necessary to develop this feature. Especially since we wanted to make sure not to “role our own cryptography” as is commonly advised. Instead we were looking to reuse prior work as much as possible and rely on existing standards.

More specifically, our problem was that the BIP32 standard for HD wallets used by Bitcoin and Ethereum is tightly coupled to the properties of the Secp256k1 elliptic curve, but Ardor uses elliptic curve cryptography based on Curve25519 which requires a different approach for BIP32 key derivation. More about this in the appendix below.

The breakthrough came when we started working on the Ledger hardware wallet integration. Ledger does not support Curve25519 key derivation but luckily it does support the Ed25519 curve, and as we learned, key pairs generated on Ed25519 can be converted to Curve25519. Once we implemented this key conversion algorithm in the Ardor ledger app, we were able to generate valid Curve25519 key pairs and use them for signing and encryption on the Ledger device.

During the work on Ledger we realized we can take this a step further and leverage the knowledge we gained to implement this key derivation ourselves in software. The great thing about this approach is that we can use the same algorithms used by Ledger itself and make sure we are 1:1 compatible with Ledger at the byte level. The result is a BIP32 software implementation that takes away the risk of rolling our own cryptography and is fully integrated into the Ardor core itself.

In my next article I will discuss possible applications of this technology.

Appendix

Why are we using Curve25519 in the first place? Good question, this was a decision made by the original developer of Nxt, which has some trade-offs.

Curve25519 is a relatively modern curve, it provides 128 bit security like most other elliptic curves, it is good for generating shared keys necessary for symmetric encryption using AES, we rely on this for message encryption. For digital signatures, Ardor uses the Korean digital signature standard ECKCDSA implemented over Curve25519. Overall Curve25519 has proven to be secure and fast when implemented in Java and even browser based Javascript, it provides good performance even on a Raspberry PI and various mobile devices.

For us, the biggest disadvantage of Curve25519 is that it is less mainstream and is therefore not supported directly by most hardware and software wallets. We intend to help change this in the future.

Lior Yaffe

Written by

Co-Founder and Managing Director of Jelurida. Ardor and Nxt core-developer

More From Medium

Related reads

Related reads

Related reads

Alpha

Aug 1, 2018 · 4 min read

2.4K

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade