Ginco’s Security

What is the technical feature of Ginco?

・HD wallet using 12-word mnemonic phrase (based on BIP32, BIP39, BIP44)
・Private key only exists inside the user’s device

Ginco’s Design specification

BIP32：Hierarchical Deterministic wallet…https://github.com/bitcoin/bips/blob/master/bip-0032.mediawiki

BIP44：Multi-Account Hierarchy for Deterministic Wallets…https://github.com/bitcoin/bips/blob/master/bip-0044.mediawiki

BIP39：Mnemonic code for generating deterministic keys…https://github.com/bitcoin/bips/blob/master/bip-0039.mediawiki

How is Ginco securing the private key?

First of all, the most important thing you need to know about cryptocurrency is the concept of “private key”. With private key, people could generate transaction and transfer assets to one another.

Ginco is private-type wallet. This means the private key is generated and stored only inside your smartphone. This private key is encrypted with Apple iOS’s encryption technology called keychain. Your private key will not be transmitted outside including our server.

iOS keychain is using a technology called AES (Advanced Encryption Standard), which is being used as a global standard technology. You could not access to data in keychain without correct PIN code or biometric authentication such as Touch ID or Face ID.

iOS Security description

https://www.apple.com/jp/business/docs/iOS_Security_iOS_11_Jan2018_ja.pdf

What if I lost my device, or suddenly the device stopped working?

Ginco is HD wallet (Hierarchical Deterministic Wallet) based on BIP32/BIP44. This technical standard allows to store multiple private keys and public keys in the hierarchical structure.

In case you have destroyed or lost your device, you can recover your asset by recovering private key from combination of 12 words, called backup key.(It is also called “mnemonic”) This backup key (mnemonic) generation is based on BIP39.

read more about backup key (mnemonic) from here.

https://goo.gl/AFfPwQ

What about the transmission? Is it secure?

Yes. Transmissions made between Ginco client side application and our node (ex: Transaction broadcasting) are concealed by SSL (Secure Socket Layer) encrypted communication. Therefore, it is impossible to intercept/tamper the information.

In addition, in order to confirm that the transmission has been sent from Ginco wallet, authentication information from client side is encrypted with AES. Therefore, in case when SSL is broken, this prevents data breach from our clients.

How can you say Ginco is safe?

Ginco’s client side application and our server is tested by third party security tester on a routine basis. Since our first product release, it has been proven that there is no security hole or vulnerability in our system.

What about the internal governance?

Only our board members are authorized to release Ginco application. Our board members are fully responsible for our business, which means there is no incentive for them to commit injustice.

No other member than board member can modify our code and release it through the platform under any kind of circumstances. (ex: Appstore, PlayStore)

Is Ginco compliant with regulations?

Yes. We are working with Japanese FSA and other authorities to develop Ginco in compliance with the law.