Open in app

Sign in

Write

Sign in

How we Created an Insanely Secure Crypto Wallet

Ronald Mannak
Coinmonks
Published in
5 min readSep 22, 2020

--

When designing software, it is often surprisingly difficult to make a product both secure and easy to use. Yet, that is exactly what we had in mind when we created VivoPay, a new crypto wallet for the Harmony One blockchain. Our seemingly contradicting goals were:

  1. Make it the most secure software wallet
  2. Make it as easy to use as Square Cash or Venmo, even for first-time crypto users
  3. Add support for cross-chain DeFi (in a later phase)
  4. Bring privacy and scalability to blockchain with a new type of smart contracts that can be run within the wallet (in a later phase)

In this blog post we’ll discuss how we made Vivo insanely secure.

Hardware vs Software Wallets

There are two kinds of crypto wallets: hardware wallets and software wallets. The main difference is where the private key is generated and stored.

Hardware wallets like Ledger and Trezor connect to a PC or mobile device via USB. Both create and store the private key on the hardware wallet, and the private key is never transmitted over USB and never leaves the hardware wallet. Instead, transactions are signed by the hardware wallet. The PC or mobile device sends (a hash of) the transaction to the hardware wallet over USB, which then signs the hash using the private key and sends the result back to the PC or mobile device. This is the safest wallet option for individuals.

Software wallets are, like VivoPay, apps that run on your PC or mobile device, or in a browser. The private key is generated on the PC or mobile device and the stored in a file on disk. The file is encrypted with a password or pincode a user has to memorize. That works, but it’s not an optimal solution to safely store larger amounts of coins. For instance, anyone who gets their hands on the wallet file, could try to brute force the password or pincode. For example, an eight character password can be broken in five days using a GPU, or a few minutes using a bot net.

We set out to design a software wallet that is as close as possible to hardware wallet when it comes to security. Here’s what we improved:

  1. Instead of having humans create vulnerable passwords, we’re using the more secure elliptic curve cryptography (see our key primer on how elliptic curve is more secure than passwords). By removing the user we not only made wallet more secure, we also improved the user experience.
  2. Only the device that created the wallet should be able to decrypt the wallet file. Copying a wallet file to a different machine should not work.
  3. The private key should only be in memory when needed (when signing a transaction) and be removed from memory after use. In all cases (e.g. viewing balances), the private key should not be loaded in memory.

The third goal is simply a question of app architecture and splitting the data on disk into a non-encrypted public key list and a separate encrypted wallet file.

To achieve the first two goals, we used an underutilized feature of mobile devices (available on both Android and Apple) and Mac computers: the Secure Enclave.

Secure Enclave

The Secure Enclave is a chip in Android, iPhone, iPad and Macs to secure your biometrical data like FaceID and TouchID. Software developers can also use Secure Enclave to sign and encrypt data securely. The key feature of the Secure Enclave: A private key generated on the Secure Enclave cannot leave the Secure Enclave. If this concept sounds similar to hardware wallets, that’s because it is.

The Apple T2 Secure Enclave chip in Intel Macs.

So can we use the Secure Enclave to create a Harmony One private key? Not quite. The secure enclave cannot generate a private key for blockchains (it uses a different curve). Besides since it is not possible to expert the private key in the Secure Enclave, you can’t back up the key. If the device gets lost or damaged, the private key is lost forever.

(We have heard rumors that Apple is talking to multiple Bay Area crypto companies. Who knows, perhaps we will see a blockchain-friendly Secure Enclave somewhere in the future.)

This is how VivoPay uses the Secure Enclave. When a user launches VivoPay for the first time, the following things happen in this order:

  1. VivoPay will create a wallet with a Harmony One private key in memory (this is done without use of the Secure Enclave).
  2. The Secure Enclave then creates a unique private key to encrypt the wallet.
  3. The encrypted wallet is saved on disk.
  4. The wallet is deleted from memory.

When a user creates a new transaction that needs to be signed, the following things happen in this order:

  1. The encrypted wallet is loaded from disk and decrypted by the Secure Enclave.
  2. The transaction is signed by the wallet.
  3. The wallet is deleted from memory.

If the encrypted wallet file is copied to a different device, it cannot be encrypted nor used. The wallet needs to be recovered using a recovery phrase.

Other wallets using the Secure Enclave

As far as we’re aware, there are two other crypto wallets that use the Secure Enclave: MEW Wallet and BRD. (If you know other wallets that use the Secure Enclave, please leave a comment below)

MEW Wallet on Samsung devices can also the Samsung Blockchain Keystore, a special Secure Enclave that is capable of generating blockchain-friendly keypairs. On iOS MEW uses the Secure Enclave in a two-step encryption: FaceID unlocks a key in the Secure Enclave that unlocks a second key that unlocks the wallet.

Where to go next?

Thanks for proofreading and feedback:

  • Alex Komarov

Also, Read

Harmony One
Ethereum
Wallet
Wallet App
Wallet Development

--

--

Ronald Mannak
Coinmonks

Written by Ronald Mannak

789 Followers

AI developer

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams