Interview with NGRAVE CEO Ruben Merre by Elev8
The Private Key Paradox, NGRAVE Perfect Key, Ruben Merre’s Background, and how Offline is becoming the new Online.
This week on the ELEV8 Interview Series we sat down with Ruben Merre, CEO and Co-Founder of NGRAVE. NGRAVE creates a suite of products designed to keep users’ cryptocurrency safe and away from online attacks. We spoke to Ruben about a number of topics from the founding of the company, the current state of crypto security, the private key paradox, and why he believes the majority of crypto security companies are approaching security from the wrong angle. Read the full interview below, and you can hear Ruben speak December 8–11 at ELEV8CON!
Thanks for taking the time to sit down with us today, Ruben. For those who aren’t familiar with NGRAVE and it’s suite of security products, can you give us a brief overview of the company?
Hi CJ, Sure! Our own personal experiences but more importantly the numbers show us that holding crypto today is not safe. In 2018, a record $2.5B were stolen from crypto wallets. You would expect that with the technology’s evolution, this number would go down. Yet the opposite is true: in the first half of 2019 alone, a whopping $4.3B were stolen.
Security is a significant adoption hurdle for blockchain. This big problem actually has a clear root cause: each hack revolves in one way or another around stealing the private key, the secret access key to a crypto wallet. To give an interesting example, crypto exchanges typically give you some public addresses (e.g. a Bitcoin address) and a password and two-factor authentication to log on to the platform. However, at all times they are the only ones really owning the private keys. You never really “own” that crypto, you are merely a proxy to the account. This might sound innocent, but with these keys an exchange can do an exit scam, or a hacker can steal the exchange’s private keys and therefore the funds.
At NGRAVE, we want to eradicate this insecurity entirely. Therefore, we have created the first truly end-to-end solution for managing your crypto. This breakthrough in crypto security consists of 1) The NGRAVE ZERO: a 100% offline hardware wallet that generates your private keys offline and never exposes them afterwards; 2) the NGRAVE GRAPHENE: a new generation of key backup to replace the traditional paper wallet; and 3) the NGRAVE LIQUID: our mobile app for the last mile communication with the blockchain.
Crucial here is that the private keys are never exposed and that communication between the ZERO and the LIQUID happens through one-way QR codes, the most secure way of exchanging the relevant information. In extremis, the app might be hacked, but there won’t be any secret information to steal there.
How were you first introduced to blockchain technology and cryptocurrencies?
The first time was in 2015 when I was working as a strategy consultant to define the vision 2020 for a financial institution. I remember seeing the volatility and if I’m not mistaken the price fluctuating between 150–300 dollars at the time.
As I was at that time also very active as a stock market investor, I adhered to the principles of Warren Buffett to “stay away from ‘bubbl-y’ markets”. So I didn’t buy any myself. Up until the day that my friend Edouard Vanham (NGRAVE’s COO today) asked me to “just look under the hood” of blockchain technology. So I did, and I was baffled. The potential I saw was and still is huge, in my opinion. So I did something radical: I decided to completely switch careers and immerse myself with the technology.
That was in January 2018, at the top of the market. I remember doing my first technical analysis on Bitcoin back then, and all these red flags going off in my head. But as I didn’t knew the market well, I dove in with a bit of money. Then crypto crashed. I didn’t mind though. It provided a lot of beautiful entry possibilities. In that same month, I started a crypto community that gained a lot of traction in the following months. I also realized quite quickly that holding crypto wasn’t really safe.
I’ve spoken to many crypto investors by now and many of them acknowledge to have that strange feeling of “will my crypto still be there?” every time they log in to their account. That’s one of those things we want to eradicate in the space, giving back peace of mind to the people. And a a result, a greater willingness to invest in and adopt the technology.
What were you doing before you co-founded NGRAVE?
As I’m the type that can’t sit still, I was doing a couple of things at the same time. I was mostly active as a strategy-,management-, innovation consultant and external entrepreneur. I did projects in different countries in 6 different languages. I also aim to be a lifelong learner, so I studied something new every year in parallel with my job.
As such, I have collected some additional postgraduate degrees, a LEAN Six Sigma Black Belt, the international PMP certification, and in 2018 I also successfully completed the Oxford Blockchain Strategy program. One of my big passions is music, so I also composed, recorded and published some of my music during that time — and no, I’m not giving away my artist name here (chuckles).
But most importantly, I launched one of the first automated investment platforms in my home country, Belgium, and then scaled it to a few other countries. Subsequently, a large international financial institution hired me to lead their entrepreneurial endeavour of setting up a group-wide automated portfolio investment platform. At that point, I was leading around 20 teams over 2 years to design and build this platform. During that time, I also made the shift towards blockchain, learning as much as I could about a.o. Cryptography, and eventually starting NGRAVE around mid-2018.
We heard a story about NGRAVE’s CTO being hacked, which resulted in him becoming a security evangelist for crypto. Can you tell us about this story, and how this experience shaped or even helped start NGRAVE?
Yes indeed. There is no better illustration of our own experiences with insecurity than the background story of NGRAVE’s CTO Xavier Hendrickx. Xavier has been in the crypto space since early 2013. His conviction of blockchain technology’s long term potential made him an early crypto investor. This resulted in him personally becoming a victim in several high-profile hacks, including the Mt. Gox hack in 2014.
Even though these events meant considerable blows to his personal crypto portfolio, he kept an unwavering belief in blockchain technology’s long- term potential. In parallel with his studies in Computer Science, Xavier also passionately engaged in developing his own blockchain applications, including a set of automated cryptocurrency trading bots. The latter led to him being “talent-scouted” by a Belgo-American blockchain endeavor named Arkade City, where he became involved as a blockchain developer. In 2016, the project raised 76,000ETH in an ICO.
The project rebranded to Swarm City and in 2017, it became one of the most impacted projects by what is today referred to in the industry as the “(Multi-sig) Parity hack”. Swarm City lost 44,000ETH in the incident. Xavier was one of the first to quickly realize a security breach had occurred. He became involved with a white hat hack group formed to preventively hack other projects in order to protect them (all funds were returned). In just a few hours after the first Parity multi-sig related hacks, around $208M was rendered to safety by this white hat hack group.
This awakened Xavier’s passion for radically improving crypto security, and when the three co-founders met for the first time all together, we realized we had a shared mission to eradicate crypto insecurity and fostering blockchain adoption.
Let’s talk crypto security at a high level. Where did we start, what’s the current state of crypto security, and where are we going next?
I believe we are still very early in both blockchain as well as the security of it. For example, the more we talk with the B2B segment, the more we realize how improvised many of their solutions are. They don’t have a lot of alternatives, so there is a huge gap between what’s being offered and what they actually need to secure their crypto positions.
Similarly, if we look at the B2C segment and we just think about the concept of a “paper wallet”, it is pretty absurd that that piece of paper is your ultimate backup. Even the Winklevoss brothers talk about shredding their paper wallet in two or more pieces and keeping these separate. That just sounds like a recipe for disaster. Which is why we invented a dedicated solution just for backing up your key: the NGRAVE GRAPHENE.
So, I think we still have some way to go, to learn, to have different security players challenge each other to keep innovating, and to eventually have secure solutions for every type of customer, be it someone who wants to be completely decentralized with no third parties involved, to someone who just wants to outsource the management of his keys in a way that only he can get full access to his keys, and so on.
There will be decentralized solutions. But there will also be centralized solutions. And solutions in between. Most importantly, I believe we are in this together. Us, the customer, even our competition, to make security radically better. The way we talk about that is: it’s us versus them. It’s us versus malicous hackers. It’s us versus getting hacked. It’s us versus losing your keys. #JoinTheWalletRevolution.
Similarly, what is the ‘private key paradox’?
The private key paradox revolves around the fact that the private key is not only the core strength of the security of your crypto wallet, but also the core weakness. If one can keep the private key invisible and out of reach of potential attackers, the private key cannot be stolen, as it is computationally infeasible to brute force it with today’s available computing power.
However, existing solutions either generate the private key directly online or expose it to an online connection at some point in time. If a hacker can simply “look over your shoulder” and find your key somewhere, it is game over. So the private key is also the Achilles Heel of the system. This contradiction is what we at NGRAVE call the “Private Key Paradox”.
How did you create a 100% offline hardware wallet, and how is offline becoming the new online?
Next to the Private Key Paradox, there is another metaphor we like to use: establishing an online connection at any point is the crypto-equivalent of opening the “Box of Pandora”. As soon as you have one, hackers can try to attack you. Which is why we decided to pull up a true 100% offline wall between the online realm, and your private keys. You can compare it to the Great Wall in Game of Thrones, only this one can’t fall.
We designed and developed a 100% offline hardware wallet with no network capabilities whatsoever. Not even USB. We call it the NGRAVE ZERO, as it has ZERO online attack vectors. We generate your private keys offline on the device, and we never expose them afterwards. We can export the associated public accounts to your LIQUID app via one way QR codes. These QR codes never contain any secret information. For example, when you initiate a transaction request on your mobile app, you then generate a QR code from it which you show to the camera of the NGRAVE ZERO. The latter then signs the transaction cryptographically, and a transaction validation is provided back, again in QR code form.
This QR code does not contain any data that can be traced back to the private keys. As such, our solution is not only ultra secure, but also super intuitive and very fast. It just takes a few QR codes and your ultra cold Bitcoin can be back online or vice versa. This is also why we call our solution “The Coldest Wallet”, and hence the “NGRAVE ZERO”, as this is as cold as it gets. Suddenly offline is a better, new online.
How did you and your team build an impenetrable device together with some of the individuals who hacked the Tesla cars a few years ago?
We have indeed several world class partnerships, amongst which one with imec and one with COSIC. Imec is known as the world-leading R&D and innovation hub for chip manufacturing and nano-electronics and has a stellar international reputation for everything that has to do with building high tech devices like our ZERO. Some of their bright minds are working on our solution. COSIC is world renowned applied industrial cryptography research group.
They have invented a.o. the security encryption protocols for the US Government and NSA’s top level secrets (e.g. AES256), and have contributed enormously to many of the cryptographic protocols that blockchain is based on today (e.g. SHA2, SHA3, keccak, and others). Last year in September, they indeed hacked the Tesla cars. And as a matter of fact, they hacked them again last week (August 2019)!
Together, we have looked at the device from all angles, documented all existing hacks on other wallets, conducted our own tear-down research on all wallets and some bank security tokens, thought about any other vulnerabilities, and eventually defined a multi-layered anti-tampering framework to make the device physically impenetrable for non-remote hackers as well.
We’ve heard of public keys and private keys, but what is the NGRAVE Perfect Key?
The NGRAVE Perfect Key is another form of the so-called Master Seed people use to back-up their wallet. The Master Seed originally was in the 256-bit form expressed in zeroes and ones. However, as people don’t really think in bits, at some point the 24 word mnemonic phrase was invented: a list of 24 words that together make up your unique key to back-up your wallet in case you would lose it.
The cool thing about this Master Seed is that you only need this one key, and it actually can generate a quasi infinite amount of private keys that have their root in the Master Seed. As such, you can have for example 50 bitcoin accounts, 5 Ethereum accounts, some other crypto accounts, with each their own private and public key, yet you only have to remember this one single Master Seed. The NGRAVE Perfect Key is the 64 character hexadecimal version of the Master Seed. The reason is that, if you want to make a secure backup of the Master Seed, words aren’t a good option. You can either write them all on the same thing, causing them to be a “single point of failure”, for example if I find your backup, I know your key. You could also split your backup in two pieces, but if I find one of those pieces, I already have some words and so the number of keys I have to brute force has therefore diminished, making breaking your Master Seed a little more feasible.
The NGRAVE Perfect Key however allows for truly splitting your key in two agnostic parts. This means that if someone finds one part, they still have zero information and still have to brute force the full key. So you reduce the single point of failure of previous methods. Moreover, due to this unique nature, NGRAVE can actually recover one of both parts, without you ever having the risk that someone other than yourself can reconstruct the key, as you still have the other crucial physical part.
You can learn more about how this works in a more visual and simplified way on our website in the NGRAVE GRAPHENE section. Also note that our hardware wallet still supports all older methods, but also the Perfect Key.
You’ve mentioned that you and your team believe other security solutions are looking at security from the wrong angle. What do you mean by this, and how is NGRAVE different?
We believe indeed that existing security solutions are looking at security from the wrong angle. A secure crypto exchange is not security. A secure hardware wallet is not security. Security is a fully integrated end-to-end solution that takes into account all the “what-if’”s. NGRAVE offers the first end-to-end solution.
We think of all the what-ifs. For example, to answer the question “what if I lose my NGRAVE ZERO”, our answer is the NGRAVE GRAPHENE backup solution. The next what-if is “what if I lose my backup solution”? To answer that question, we made the GRAPHENE a two-part solution of which we can actually recover a part for you without you having any third party risk. And as such we have answers for many more “what-if”s.
What other projects are you working on, and what’s next for NGRAVE?
For the first time in my life I am working on one project only: NGRAVE! Some other things will come live as well soon, but these are intended to help people in more securely managing their crypto and are indirectly related to fulfilling the same mission.
Ideally they will also drive traffic to the NGRAVE website. One of these is the podcast “Don’t Touch. My Crypto!” and another one is a website dedicated to visualizing all crypto hacks till this date: www.thehistoryofcryptohacks.com. I recently became the chapter lead for BitAngels in Belgium, which is somewhat a side track for me but I see it also as part of building a good name for the NGRAVE brand.
Thanks for your time today, Ruben! How can people get in touch with you and NGRAVE to learn more?
You can easily find us on our website www.ngrave.io where I recommend subscribing as you will be one of the early adopters and therefore receive the most interesting perks and biggest discounts going forward.
Follow our social media:
The latest Tweets from NGRAVE (@ngrave_official). | https://t.co/mIg17c5YOi | Protect your private keys from A to Z…
Ngrave.io. 289 likes · 12 talking about this. The Next Generation Cryptocurrency Hardware Wallet. #TheColdestWallet
NGRAVE | LinkedIn
Blockchain technology company developing an ultra secure blockchain wallet solution in collaboration with tech giant…
The latest Tweets from Ruben Merre (@RubenMerre). CEO NGRAVE | https://t.co/mIg17c5YOi | Next Gen Hardware Wallet …
Ruben Merre, MBE, PMP®, LSS Black Belt - Co-founder & CEO - NGRAVE | LinkedIn
Warning. Some inspirational stuff ahead*--> Open the pdf - LinkedIn has a keep-the-bio-short policy. The moment I fully…
You can find the original interview here: https://www.elev8con.com/ruben-merre-ngrave-elev8-interview-series/
Previous NGRAVE Blog articles
New iPhone Hack Impacts 1 BILLION Apple Users, And What It Means For Your Crypto.
How A Huge iPhone Vulnerability Holds A Crucial Morale For Cryptocurrency Investors.