Citadel Wallet Development Update

On March 29th, 2023, we kicked off the pre-orders for the Citadel Wallet. Instead of sticking to the usual Web 2.0 pre-order methods, we embraced the Web 3.0 wave using NFTs. Alongside the wallet’s launch, we introduced an exclusive NFT collection featuring Knight Characters called Guardians of the Citadel. This allowed our earliest supporters to mint these special knights, bundled with the hardware wallets and a range of other cool features tied to our project. It’s just another way we’re innovating and bringing new perspective to our ecosystem!

A few months have quickly passed since our initial pre-order launch, and the response has been nothing short of remarkable. With over 2100 hardware wallet pre-orders, 1222 Knights minted, and an impressive 4 million HBAR raised, our experimental approach has truly proven to be very practical and successful. It’s evident that our cutting-edge hardware wallet and the approach we have taken resonates with many.

Today’s post is dedicated to sharing a comprehensive update on our journey thus far. From hardware and software enhancements to packaging, supply chain logistics, and manufacturing, our team has been tirelessly pushing the project forward at an impressive pace. Join us as we delve deep into the strides we’ve made, and get a sneak peek into the final touches needed before our grand market debut.

New GOTC Knight:

During our hardware wallet pre-order launch through GOTC Knights, we experienced a rapid spike in the HBAR to USD exchange rate. Specifically, on the day of our launch, the price of HBAR saw a spike, moving from 6 to over 7 cents. This shift impacted the pricing of our NFTs as they were pegged to a fixed USD amount but were to be paid in HBAR. Due to the inherent nature of the smart contract, we were unable to make immediate adjustments to this rate during the initial 3-day window. As a result, early buyers ended up paying slightly more in HBAR than the intended USD price of the Knight NFT and associated hardware wallet.

Recognizing the importance of fairness and transparency to our community, we had decided to take corrective measures. To acknowledge and compensate those affected by this price discrepancy, we introduced a special ‘Ocean Knight’. After over a month of developments this NFT was distributed at no additional cost to all individuals who purchased the Knight NFTs during the impacted period. We deeply value our community’s trust and commitment, and always strive to ensure that every action we undertake resonates with the principles of fairness.

GOTC Ocean Knight: 5th Knight in the Collection

Supply Chain:

Recognizing the challenges of the current global supply chain, particularly with IC shortages, we have taken a proactive approach in securing essential components for our wallet. As of now, we’ve ordered long lead time components such as the secure element, secure microprocessor, power management IC, enough to assemble 3000 units which are the most important components in the wallet and have no alternative replacements. We have also purchased more than 500 batteries and LCDs to have them ready for the first batch of wallet assemblies even though these are shorter lead time parts and don’t pose significant risk to the project. This strategic move ensures that we meet our delivery commitments, mitigating potential risks associated with supply chain disruptions.

In today’s dynamic market, being proactive in supply chain management is not just an advantage but a necessity. IC shortages can significantly delay projects, increasing costs and undermining community members’ confidence. By securing these components early, we are not only safeguarding our delivery timelines but also emphasizing our commitment to delivering a reliable and secure product to our supporters. The rest of the parts in the electronic BOM are readily available in the market with multiple alternative replacement options and don’t pose any risk in terms of supply chain.

Mechanical Enclosure Developments:

We are thrilled to share a significant milestone in the journey of our hardware wallet development. During the pre-order phase, we acknowledged that our mechanical enclosures were approaching their final design but required further refinements to ensure optimal functionality and aesthetics. After multiple iterations with our manufacturer, we have addressed concerns related to mold sizes for enhanced internal latch snapping, button fitting, as well as finalizing the desired surface finish color and type. We’re pleased to announce that our designs have now reached a stage of perfection, and we stand ready to initiate mass manufacturing of the plastic parts. These parts will include high-quality logo prints, precise button placements, and a robust highly polished stainless steel band.

The funds raised during pre-orders played an instrumental role in this achievement. They ensured we could promptly cover the essential costs associated with the manufacturing molds for our plastic enclosures, the buttons, and the tooling required for the stainless steel band. When we transition into the mass production phase, we’re ever more committed to assembling top-tier mechanical enclosures, ensuring our hardware wallets stand out in both function and form.

Look at the Pink, Grey and Blue Citadel Wallets

Electronic Board Developments:

When pre-orders launched, our wallet’s electronic board was already at an advanced maturity level with the majority of its features extensively tested. Over the past few months, we’ve undertaken a slight redesign of the PCB to prepare it for FCC and CE certification tests, essential for wireless communication devices intended for US and global markets. Alongside, we’ve promptly addressed a few minor bugs, enhancing features such as LCD backlight control, to ensure flawless performance.

Prioritizing security has been a cornerstone of our development philosophy. To that end, we’ve introduced an additional robust feature: a custom designed metal shield encasing both the secure element and the secure microprocessor. This shield is filled with epoxy, reinforcing the wallet’s defense mechanisms. While we utilize industry’s latest and most sophisticated high-security chips, we want to make sure we implement any additional security measures available in the industry. This enhancement not only amplifies the protection from potential physical hacking attempts but also protects the electronic chips from humidity, temperature change, vibration, dust etc.

20 electronic boards have been manufactured per latest design and will be assembled into wallet prototypes. These wallets will be shipped to community partner projects, few community members to test out and provide us early feedback.

Citadel Wallet Electronic Board with the Metal Protection Shield

Packaging:

Packaging is often the first impression a product makes, and we’ve dedicated significant effort to ensure ours mirrors the premium quality of our hardware wallet. Drawing inspiration from elite electronic brands such as iPhone and Samsung, we delved deep into exploring advanced packaging technologies, premium materials, and sophisticated printing options. After a comprehensive search, we partnered with a top-tier electronic package manufacturer renowned for their exemplary standards.

We’re proud to share that after several prototypes, we have finalized a design that not only meets but exceeds our expectations. The box is crafted with meticulous attention to detail, ensuring it feels luxurious and conveys the premium nature of the product within. Even before unveiling the actual device, the packaging will give users a sense of acquiring a state-of-the-art electronic gadget, on par with the world’s leading tech companies. Our commitment to excellence is evident in every facet, and we’re eager for you to experience it firsthand.

Citadel Wallet Package top side view

Citadel Wallet Package bottom side view

Barcodes:

As we move closer to launching our hardware wallet, we are ensuring every aspect of the product meets global standards. A testament to this effort is our recent acquisition of UPC barcodes from the GS1 standards body. This essential step guarantees that each of our products will have a unique product serial number, ensuring global recognizability and compatibility when sold anywhere in the world.

Our vision extends beyond just selling our wallets through our website, with ambitions to reach consumers through prominent third-party marketplaces like Amazon and various distributors worldwide. By incorporating globally recognized UPC barcodes, we are solidifying our commitment to providing a seamless purchasing experience for our customers, no matter where they choose to buy. We believe that even seemingly small details, such as barcodes, play a crucial role in our product’s overall success and market adaptability.

Citadel Wallet UPC Barcode Serial Numbers Assigned Officially by GS1 Standards Organization

Software:

In the intricate world of hardware wallet development, the software component stands paramount. No matter how fortified the electronic hardware, vulnerabilities in the software or firmware can jeopardize the entire system. Recognizing this criticality, our trusted partner, Buidler Labs, has directed unwavering attention to develop an extremely robust and secure software infrastructure. The goal is to maximize the innate security features embedded within the secure element and secure microprocessor.

In the past four months, the software team has achieved several important milestones. One standout achievement involves the EAL 6+ secure element software development. The team has not only comprehended its intricate mechanisms but has also coded libraries for its optimal configuration and safe communication. Here are some highlights:

• Established a robust, AES encrypted channel between the Secure Element and the Microprocessor, leveraging the SCP03 protocol.
• Implemented PIN protection, ensuring communication with the secure element is solely contingent on user-inputted PIN — a feature designed such that the PIN isn’t stored in the microprocessor. So, every time the device powers down, re-entry is required for access.
• Further, the team enabled the generation and secure storage of Hedera account keys within the secure element — a vault from which these keys can never be extracted.
• And, most notably, the device can now seamlessly sign any Hedera transactions via the secure element.

We’ve achieved significant progress in our microprocessor firmware development. The microprocessor’s primary function is to ensure secure communication with external entities via USB or Bluetooth. It decodes incoming wallet messages, presents relevant data to the user via an LCD, gathers user input through touch screens or buttons, and communicates with the secure element. Here are the key developments regarding the microprocessor:

• Communication Protocols: We’ve enabled communications with external devices using both USB and Bluetooth. While we’ve built a robust foundation for these communication channels, there’s ongoing work to enhance their security.
• Hedera Protobuf Encoding/Decoding: We’ve established a firmware infrastructure to encode and decode messages based on Hedera’s protobuf. This allows us to interpret Hedera transaction messages and present transaction-specific details to users before they validate them.
• Font Optimization: A new font has been introduced to maximize screen real estate while ensuring the text is legible and significant data is easily discernible.
• UI Layout and Design: We’ve crafted a new UI layout and design for the display, aiming for clarity and user-friendliness. This interface guides users on interacting with the wallet application and is continually being refined.
• Security Assessment: We are delving into various security facets of the microprocessor. We’re also exploring open-source libraries to meet our security requirements. This work is ongoing.
• Custom SDK Development: We’ve branched off from Ledger SDKs to develop our proprietary SDKs, adding more Hedera transaction types absent in Ledger’s libraries. Leveraging Ledger SDKs as our foundation streamlines the integration for software wallets already compatible with Ledger. This is an active area of development.
• Secure Firmware Update: We’re currently working on implementing a secure mechanism for firmware updates as well.

This amazing advancement in software, accomplished within mere months, propels us closer to our mission. While there’s still more work to be done, more testing and fine-tuning ahead, we’re excited about our current trajectory and the minimized risks on our roadmap.

We wanted to give a huge shout out to Hashpack team for providing invaluable support along the way and working with us closely. We’ve consistently used the development version of the Hashpack wallet to pair with the Citadel Wallet for testing, which has significantly accelerated our development. We are looking forward to collaborating with other software wallets in Hedera ecosystem as well when our product is ready for integration.

Wallet Programming:

One of the recurrent questions we’ve encountered from our community is: ‘Where and how will the Citadel hardware wallets be assembled and programmed?’ It’s a valid concern, and one that we’ve taken seriously from the outset. While the initial production of our electronic boards is carried out in China, we’ve always been resolute in our commitment to ensure that the final programming and assembly is rooted in the US.

To this end, we’re proud to announce our collaboration with EPS Global, a recognized industry leader in mass programming electronic chips in highly secure environments. They’ll be mass programming our microprocessors, which will be conducted within an ISO27001 certified secure environment right here in the United States. Post this crucial programming step, these chips will make their way to the PCB manufacturing unit for assembly.

The Citadel Wallet team will then personalize each wallet in US. We’ll load Certificates of Authenticity into every device associated with the root of trust keys generated in wallet’s secure element and grant each a unique serial number and model number to verify wallet’s genuineness. And for clarity, root of trust keys and Certificates of Authenticity are distinct from the Hedera account keys. Hedera keys are generated at the time user is setting up the wallet.

Information about EPS Global, Secure Mass Programming Service Provider

Secure Audits:

While we’ve been laser-focused on refining the wallet software, there’s another pivotal aspect we’ve been navigating: security audits. Our aim is to partner with top-tier firms skilled in IoT device security certification and experienced at advanced penetration testing. These procedures ensure our device can withstand real-world security threats.

After a thorough review, we’ve shortlisted firms renowned for auditing and penetration testing secure wireless IoT devices. Penetration (or ‘pentest’) testing essentially simulates a cyber attack in a controlled setting to uncover any vulnerabilities in the firmware. The objective is clear: find and fix vulnerabilities before they can be exploited by potential attackers.

Once this rigorous testing phase concludes, we’ll receive detailed reports from these independent audit firms. These documents will lay out any vulnerabilities found, categorize them by their severity and fix complexity, and provide the steps taken to resolve them. Rest assured, we’ll be transparent about our findings; we plan to share both the reports and the names of the partnering firms with our community once all tests and audits are finalized.

Secure audits will begin soon after the software development is complete which we plan to do in the next 2–3 months.

Certifications and Licenses:

FCC and CE Certifications: Commercial electronic devices with wireless communication capabilities aiming for major markets such as the US, Canada, Europe, Asia, the Middle East, South America, Australia, and Africa need FCC and CE licenses. We have already conducted preliminary internal assessments on our latest electronic boards, ensuring they align with standards for transmission power, bandwidth frequency, and other crucial metrics. Once we finalize and confirm no further modifications are needed for our wallet boards, we’ll proceed with third-party testing by certified companies. This certification process is anticipated to last approximately 10 weeks.

USB-IF License: Before going to market with Citadel Wallet with USB interface, we must first obtain a unique Vendor ID from the USB standards organization — a step we’re currently working on. Additionally, to be able to showcase the USB logo on our website, signifying our device’s compatibility, we’re pursuing the USB-IF Trademark License Agreement.

Bluetooth SIG License: In a manner similar to USB, a license for the Bluetooth interface is mandatory. We’ve already enrolled as members of the Bluetooth organization and are in the process of securing the trademark license. This will grant us the privilege of featuring the Bluetooth standard logo on our website. Moreover, to ensure our device is identifiable during wireless connections, we’re in the process of acquiring a unique identifier from IEEE.

While the USB and Bluetooth Licenses do not demand specific device testing — thus allowing us to actively work on them — the FCC and CE Licenses do require rigorous evaluation and validation by a specialized third-party. We will initiate this only when we’re certain of the finality of our design. Currently, our electronic design is robust and fully tested, which will allow us to advance to the subsequent phase very soon.

Manufacturing:

We’ve successfully established partnerships with manufacturers for the electronic boards, mechanical components, and packaging. All manufacturers are based in China and are ISO9001 Quality Assurance certified and have proven to manufacture very high quality parts in very short times and we feel comfortable moving forward with them.

For the mechanical components, as previously noted, we’ve finalized the molds and are prepared for large-scale production.

Our PCB Assembly partner has been instrumental in fabricating and assembling all prototypes up to this stage, including the latest batch of 20 units undergoing final testing and verification. They possess the capacity to produce electronic boards in any quantity to meet our demands. Important to note again that manufacturing house won’t be programming the boards in China but we will be programming all the microprocessors in United States (See Programming Section for more details).

Lastly, our collaboration with the device packaging manufacturer has recently concluded. As detailed in the Packaging section, the design phase has wrapped up and prototype verifications have affirmed boxes’ high quality. Consequently, we stand poised to commence large-scale production for the wallet packaging at our discretion.

New Products:

We’ve been discreetly developing additional product lines and services that we’re eager to unveil soon. Stay tuned for upcoming announcements, as our vision includes broadening our product range and elevating our offerings in the near future.

What’s Next:

As we advance into the upcoming four months, our objectives are clear:

• Conclude the remaining software development.
• Initiate security audits in collaboration with external firms.
• Pursue FCC/CE certifications alongside acquiring USB and Bluetooth licenses.
• Gear up the hardware for large-scale production.

While we’ve made considerable progress, a few refinements remain.

Achievements Over the Last Four Months:

1. Introduced and distributed the new Ocean Knight.
2. Finalized the mechanical enclosure developments.
3. Completed the design of the electronic board.
4. Developed device packaging.
5. Procured essential electronic components with extended lead times.
6. Purchased barcodes specific to our wallet products.
7. Partnered with EPS Global for secure, mass programming of wallets.
8. Finalized manufacturing partners for electronic, mechanical and packaging parts.
9. Reached significant software development milestones.

Tasks Ahead:

1. Finalize wallet software in the next 2–3 months.
2. Conduct comprehensive security audits.
3. Obtain FCC and CE certifications.
4. Secure USB and Bluetooth licenses, along with unique identifiers.

Our focused approach over the past months sets a strong foundation for tasks ahead, ensuring we deliver on our commitments.