Michael Flaxman’s Hardware Wallet Challenge — How Keevo Stacks Up
Thanks @mflaxman for your Tweets, presentations and challenge for a better, more secure and easier to use crypto hardware wallet. We totally agree with you when you said, “storing bitcoin private keys is really hard, and unfortunately every hardware wallet I’ve seen sucks.” In our view and with the offerings on the market today, we think users are forced to make a compromise between security and convenience. That’s Why we Built Keevo.
We believe Keevo is the most secure AND convenient hardware wallet. And, although there’s no such thing as a 100% failure-free and hack-proof system, we truly believe Keevo offers a significant advancement in security and ease-of-use.
We detailed some of the features and benefits we believe back up this claim here. We also went through your 6 requests and tried to score ourselves. And while we’re not yet at 100%, we scored ourselves meeting a bit over two thirds or ~4.25 out of 6 of your requests. We hope to get to 100% soon.
See below for more details on our thoughts and how we scored ourselves. We’d be curious to know how you would score us and how you would compare Keevo to the other leading hardware wallets on the market.
And, you can learn more and pre-order your Keevo HERE.
Request #1
Simple support for m-of-n multi-sig (where m is > 1 and includes competitors’ hardware wallets). If you go from 1-of-1 keys using a “great” hardware wallet and add a lousy hardware wallet but make it 2-of-2, you immediately improve your security (multi-sig security is additive).
Keevo: We totally agree. While users can generate multi-sig wallets using bitcoin core client or some GUI clients like electrum, we agree these are not easy solutions. Both the Keevo One Vault and Keevo desktop app will support BIP174 (bitcoin multi-sig script), so users can utilize Keevo as one of their m-of-n multi-sig wallets. We are also on an easy-to-use desktop GUI for users to do bitcoin transactions easily. At launch and beyond Keevo’s multi-sig solution for beneficiaries (see more below), generating m-of-n wallets will not be offered right away, but we plan to support it in the near future.
Beyond bitcoin multi-sig scrip, Keevo will provide an m-of-n secret sharing solution that leverages our Multi-Factor / Multi-Sig Authentication (“MF/MSA”) system. This isat the heart of the Keevo security and privacy solution.
Keevo’s private master key is never stored in the device or anywhere else. It is only and always backed up and restored through secret sharing. Our MF/MSA system is based on Shamir’s Secret Sharing Algorithm — essentially an application of the Lagrange Polynomial. Keevo’s MF/MSA system then introduces a second tier — actually multiple additional tiers — of factors and signatures as needed.
At launch, MF/MSA enables Keevo to be the world’s first and only four factor hardware wallet and authentication solution (“4FA”) to store, access and transfer cryptocurrencies. It also enables two signatures for each factor — one for the owner and one for a beneficiary named by the owner. But, our MF/MSA system is highly extensible to any k-of-n factors and m-of-n signatures and we plan to introduce additional signature and factors over time. Our white paper details more of the specifics behind our MF/MSA system.
We’d give ourselves half credit or 0.5 “points” on this request.
Request #2
Have a true air-gapped, meaning that it is eternally quarantined (and gapped with air) from an internet connected device. To accomplish this, it must use QR codes. An SD card, audio cable or bluetooth can work, but given how cheap/easy QR codes are there’s no reason.
Keevo: We agree in principal, but have not adopted this protocol for our first Keevo One Vault. Keevo does not connect directly to the internet, but for convenience, we will let users connect their Keevo One Vault hardware wallet to out downloadable desktop app through BLE 5.0 and USB. This communication will use U2F two-way encrypted connections. We will only have a connection when in use and will disconnect when idle, but the device will not be fully air gapped at launch. We will look into adding a camera to leverage QR codes for ease and to completely air gap Keevo for more security in the future.
We wouldn’t give ourselves any credit for this request at this time.
Request #3
Make it easy for users to input their mnemonic and passphrase (a few hard to click buttons are not sufficient). Otherwise, users won’t remember/test long mnemonic/passphrase and will instead rely on less secure PINs.
Keevo: the Keevo One Vault has a 2.8” (71 mm) diagonal LCD, 320 × 240 pixel, capacitive touch screen display. This allows users to easily input long pass phrases easily. Below is a picture of our LCD display and PCB during recent testing.
In addition to this display, we actually think needing to backup, safely store and access/re-enter a long mnemonic seed phrase is both incredibly inconvenient and actually introduces another significant security and privacy gap with every other hardware wallet on the market today. While we will still enable users to create and write down a seed phrase, Keevo’s MF/MSA introduces the first paperless recovery solution by encrypting and storing partial signatures on our Carbon Key. Using this second device and 3 out of 4 factors and signatures instead of a mnemonic, Keevo can restore any private key. After launch, we plan on introducing additional factors and signatures which can introduce further user-created entropy and unique sub-keys to make Keevo even more secure.
Moreover and with today’s solutions, if you want to transfer your cryptocurrency to a beneficiary without sharing your private keys, seed phrases or account information with them — before you die — you can’t. It’s impossible to transfer your crypto with today’s hardware or software wallets without actually transferring the crypto to another public address or giving another person — whether the beneficiary or a custodian or executor of a will etc. — access to your private keys or information to access/restore your keys.
With the Keevo Carbon Key and our Premium Plus Membership Beneficiary service, we solve for this . And, while users do need to rely upon us as a third-party to validate your death and transfer your Carbon Key to a named beneficiary, you can do so without ever having to share your private keys or account information with us, your beneficiary or anyone else. And, given our MF/MSA system, only the beneficiary you named and who encrypted their strong PIN and biometric fingerprint information on your Carbon Key can restore your master private key and access your crypto upon your death when we transfer your Carbon Key to them. You can learn more about our beneficiary solution here.
We’d like to give ourselves more than a point here — or technically we would add two additional requests — one for paperless recovery and one for a private, native beneficiary transfer service — which we think are must haves for any next gen hardware wallet, but we’ll be conservative and only give ourselves one point for this request.
Request #4
Maintain user privacy by not requiring you to query a third party service to fetch balance and UTXO data. The obvious solution here is to by default use Bitcoin Core’s new PBST feature with a watch only wallet.
Keevo: At launch, we will have an in-house bitcoin provider to fetch balance and UTXO. We would never store/track any user requests, so user privacy would be fully respected. In the near future and for users with enough network bandwidth and spare disk space, we plan to support local blockchain data syncing so users can potentially query their local blockchain, as well.
We would give ourselves a full point here.
Request #5
Don’t trust, verify. A wallet shouldn’t sign anything that the end-user hasn’t verified. A blind-signing wallet is security theater.
Keevo: Any transaction will be fully displayed in both the 2.8” LCD display on the Keevo One Vault and on the downloadable desktop app. As such, we will allow users to easily verify the complete details of every transaction. And while this verification step still requires the user to take ownership of their own safety by comparing the information themselves, we make it easy for them to do so and will also remind them to do so before confirming any transaction.
We would give ourselves a full point here.
Request #6
There are lots of extra features that would be nice to have, but aren’t needed to be decent: a secure element, a defense against a chosen-nonce attack, support for coinjoins, a GUI (vs command-line only usage), support for altcoins, etc.
Keevo: The Keevo One Vault has a dual-chip architecture which includes two triple-core secure processors for performance and security. These two separate and embedded high-end security micro control units from leading microprocessor suppliers are the same MCUs used to secure passports and credit cards (CC EAL5+ certified). And, with this dual chip architecture, your private keys and encrypted signature sub-keys are completely segregated and never leave the Keevo device. All private keys are safely divided and isolated inside the Keevo device’s two secure elements.
We are going through all existing know attacks, including a chosen-nonce attack and will have a threat model and defense solutions to maximize our protection. We will be providing more details as we get closer to launch. As we said above, no hardware wallet can be 100% immune to attacks and anyone who claims this wouldn’t be credible. using commitments (https://medium.com/cryptoadvance/hardware-wallets-can-be-hacked-but-this-is-fine-a6156bbd199 Fix 1).
We believe we’ve designed a simple, intuitive and elegant GUI for both our Keevo One Vault 2.8” color LCD and the user interface on our downloadable desktop app.
At launch, we plan on providing support for ~100+ cryptocurrencies including all Bitcoin forks, Ethereum and many altcoins. We solicited feedback from our community of interested customers in the past few months and think we’re capturing the vast majority of the 80/20 volume (by value and transaction size/frequency, …) curve to start. We are finalizing the list now and will publish it soon. And, we will be adding to it over time.
We would give ourselves three quarters of a point here since we won’t yet offer all of these feature requests and all of the altcoins available at launch.
