-
@ 1F52B
2023-09-17 10:47:39Originally posted May 2023 at 1f52b.xyz. Read there for sidenotes & references.
Ledger, the leading Bitcoin & Cryptocurrency hardware wallet manufacturer launched their new Recover product last week. It's a subscription backup service that offers users a different way to protect against lost funds in the event that their Ledger hardware signing device is lost, stolen or destroyed. Ledger Recover does this by splitting up their key into three shares which are uploaded to and stored by Ledger and two other custodians. Rather than having a Seed Word as backup in a disaster, with Recover you upload proof of ID to the custodians, to convince them to send your shares back to you.
This announcement... didn't exactly go down well on Twitter. People started freaking out, having previously understood that their private key was permanently locked within their Ledger -- yet here was Ledger themselves proudly announcing a feature that'd extract it and upload it to the internet. Ledger has been forced into damage-control mode, and has paused the roll-out for Recover while the atmosphere is hot.
Let's back up for a second.
Seed Words
The industry has standardised around seed words as the way to back up Bitcoin and crypto wallets. These are usually 12 or 24 words that you write down and hide safely, to be able to load them into a new wallet if you ever lose access to the original. When you set up basically any new wallet, it'll prompt you to write down these words as a backup.
Yet many people have fallen victim to lost or wrong seed phrases: forgetting where they put the backup; realising they wrote it down wrong years ago, or having their mum run it through the wash. New users can struggle to grasp the significance of the seed words, not understanding that the backup is literally the same thing as their wallet's private key, and having the seed is the same as having their coins -- so they set everything up correctly, doing everything right up until the moment they type the seed into a Google Doc; not understanding how that last step has just irreparably compromised the wallet.
Met a new bitcoiner today:
- Proud they bought a whole coin
- Proud they bought a hardware device
- Proud they moved coin to device
- Proud they secured device
- Proud they backed up seed phrase in a Google Doc
Where did they go wrong?
Peter McCormack 🏴☠️ on Twitter
Ledger believes Recover fixes this. Instead of a user taking the responsibility upon themselves to safely and securely store a seed phrase, all they have to do is be able to identify themselves to the Recover custodians, who handle the hard part of storing a seed for them. As Ledger puts it, "you become the key to your wallet".
The seed is split into three pieces, or shares, where each of these on its own not enough to know what the original is. At-least two shares are required to recover it, and Recover splits all the shares up geographically and jurisdictionally between three custodians: themselves in France, CoinCover in the UK and EscrowTech in the USA.
So, none of the custodians on their own are able to access the private key, meaning they are unable to see or steal any of a user's funds without colluding with another.
The tech underpinning this is a 2-of-3 Shamir's Secret Share of the private key, which isn't something Ledger have just invented, and has already been used extensively by cryptographers since its invention in 1979. Each of the shares are also encrypted as a protection against loss or theft, but with encryption keys known to the custodians not the Recover user.
When you initiate a wallet recovery, you first authenticate yourself to the custodians using a Passport or National ID through a 'KYC' process, then each sends the share they have to your new Ledger device where they are recombined, revealing the private key and reconstructing the wallet on the device itself.
Maybe it's just not for you?
Depending on who you are, you might absolutely hate this idea; or you might quite like it and be wondering what all the drama is about.
I'll be honest, I don't like it at all, but here's the thing: there a number of different Hardware Signing Devices (aka Wallets) available, and each is trying to be the best to a different user. This necessitates making different design choices, and making different trade-offs, and these choices aren't for me. But maybe they are for you?
What matters is whether adding this feature inherently makes Ledger's devices less secure for those that don't want to use Recover.
We've seen similar controversy before, four years ago when Ledger launched the Nano X adding Bluetooth connectivity. Many then were worried about this broadcasting that there was a Ledger nearby to any other devices with Bluetooth, or thinking that the private key would leave the device over the connection whilst signing transactions (it doesn't). Today this controversy has largely been forgotten, and the Nano X has gone on to be a popular device.
Sure, there are Signing Device puritans for whom Ledger's design choices are unacceptable, and only the ColdCard and those with similar principles like the Passport and SeedSigner will do. And they're right, Bluetooth is an attack vector, as is ever conncting it to a computer via USB as you do with all Ledger models, as well as the Trezor, BitBox02 and others -- even the ColdCard can be used over USB, though this is discouraged.
Above: The ColdCard Hardware wallet, by Coinkite
The ColdCard is perhaps the high-water mark for key security, though that's not a universally held opinion. It does many things right -- it uses dual multi-vendor Secure Elements (SEs); encourages airgapped-use with disabled USB and NFC, only passing transactions to and from the device by physically moving a SD card around. It comes in a tamper-proof bag; you have to get it direct from Coinkite; focussing on Bitcoin-only keeps it simpler; the firmware is on GitHub for anyone to view and verify; there are half a dozen or so decoy and trap security features you can use. Basically, there's a laundry list of security features that add complexity, but bring with them extra protection.
But then, the ColdCard is also not for everyone. Its no-compromise approach to security does make it less forgiving, and easier to mess-up for yourself. A super-paranoid maximally secure ColdCard setup guide runs to around thirty separate steps.
Maybe it is for you?
Fundamentally, Ledger Recover is an opt-in feature. If you don't want to use it, you're not going to be forced to, and your Ledger will never create these backup seed shares and export them without you initiating it on the device. This is the same level of trust you've already had in your Ledger that it isn't going to approve a transaction and sign it until you've pressed the buttons to do so.
Nevertheless, the security trade-offs are substantially different between a classic Seed Word backup and this.
But, lots of people struggle with storing Seed Words safely and responsibly. According to Ledger's CEO, lots of customers and potential customers they've talked to want this.
People online are saying our customers don't want this.
A lot of our customers actually want it. A lot of future customers want it, and most of the people that saysay "I don’t want to use a ledger" are saying that because "I don’t trust myself with the 24 words."
So actually we're trying to solve one of the biggest pain points to onboard the next generation of users into self-custody. Self-custody is much safer than any other form of custody that you have in the market.
Pascal Gauthier, Ledger Chairman & CEO on the What Bitcoin Did Podcast - Ep.661
If you choose to use Recover, it's important to recognise that you're extending your trust beyond just Ledger and placing it in their two co-custodians too. The issue is not only that Ledger-the-company may turn out to be a malicious actor -- that's highly unlikely -- but more whether a rogue employee, hostile state infiltrator (a spy) or more-generally another adversary (a court) can force Ledger into revealing your private key or circumvent their security, against both your and Ledger's wishes. This too is improbable, but it can and has happened in the past.
Again, the backup is split between three different companies, which can't individually access your private key -- so this isn't just as bad as leaving your coins on an exchange.
But you may lose some privacy. Recover uses KYC to authenticate you when restoring a backup, so your face and ID are going to be stored alongside the Recover backup to make that possible. If you already accept KYC risk by buying coins from KYC exchanges like Kraken, Coinbase or Binance, then maybe this isn't a concern for you. You'll also have to be guarded against phishing and social-engineering attempts looking to get you to give an attacker KYC data so they can pretend to be you and steal your backups, an attack that doesn't really apply to Seed Words.
Are you concerned about legal risk? If one or more of these backup companies is subpoenaed, Ledger acknowledge that they would have to comply and turn-over your backups, giving the authorities access to your funds and on-chain transaction history. Ledger's CEO, Pascal Gauthier, thinks this is highly unlikely to happen, and not a concern for the vast majority of Ledger's customers.
It's true that should be the case, but we only have to look a few years back to the Canadian Trucker protests of 2022 where the government of an ostensibly free country invoked an Emergencies Act and rapidly seized and froze the cryptoassets of protesters, as well as other financial assets. I'm sure most of them never thought that would happen to them.
Long before the crackdown on the Canadian protests, the IRS in the United States has used broad 'John Doe' summonses to force the Coinbase exchange to hand them the identities of "U.S. Taxpayers who have used virtual currency". Your financial data may have already been requested and duly received by your Government. In fairness, Ledger's CEO is correct to point out that they are distinct from Coinbase in that they are not an Exchange, so the IRS does not have the same 'legitimate' interest in whatever data they may have.
The three backup custodians for Recover are based in France (Ledger), the UK (CoinCover) and the USA (EscrowTech). It's fair to say these three have a good relationship, and frequently co-operate on enforcement matters and foreign policy. If you're lucky enough to get put on the OFAC list, is it not likely that the French and British custodians will also comply with that American sanction?
Both Ledger Recover and Trezor's new CoinJoin implementation that also recently attracted anger after announcing that it would be gated by Chain Analysis suggest a trend amongst some hardware manufacturers -- they have a diminishing willingness to build products that could work for criminals. If you're an ordinary Joe, don't worry -- but don't expect your wallet manufacturer to take any heat to protect you.
Again, here's a trade-off that manufactures make: Ledger have their companion software Ledger Live that provides an easy oven-ready setup with everything you need; whereas Coinkite doesn't talk user numbers, deletes sales data as soon as they can, and doesn't have a companion app with hosted Bitcoin Nodes to avoid the liability of knowing who you are or ever seeing your public key. You have to pick a wallet app like Sparrow made by someone else for yourself. Not as easy, but safer.
At the end of the day, the decision is yours, whether you prefer the risks and trade-offs of sticking with seed words as backup, or if you'd prefer to use Ledger Recover.
Should I worry about my Ledger?
Is this new feature a concern even if you don't want to use Recover? Is the security of a Ledger inherently reduced by this feature?
Unfortunately, it seems many people have misunderstood how Signing Devices work. Whether they use Secure Element chips or not, they are basically all capable of extracting your private key from their enclave into the main microprocessor, with varying caveats. Ledger can, even a ColdCard can! And if that's possible, and the main microprocessor is also responsible for the display and interfaces like USB, then it follows that it's possible to write malicious firmware for all of them that would extract the private key or seed, and hand it to an attacker over USB.
Don't believe me? With a ColdCard, you can view the seed words on the device's screen once it's unlocked.
Advanced Menu→Danger Zone→Seed Functions→View Seed Words. If they're on the screen, they're not just in the Secure Element. The difference between writing them to the screen and writing them out over USB is just a difference of software.So, while it seems to come as an unwelcome surprise to many, yes, it has always been possible to write firmware that facilitates key extraction. You've always trusted Ledger not to deploy such firmware whether you knew it or not.
Moving to a different signing device is not going to change that fact -- although, using a device that can be airgapped -- that is, used without ever being directly connected to a computer does immediately allay most of this fear. Even if your device has been poisoned with private key extracting firmware, getting that key off the device over an airgap is really hard to do.
So, ditch Ledger if you want to -- but please understand that the other devices aren't different in this fundamental aspect.
The Recover code in the firmware is not a malicious code nor does it open a way to arbitrary extract the seed.
If you trust the device to sign a transaction only when you press a button, then you can trust the device to compute a SSS (a shard of the seed) only if you press a button.
Éric Larchevêque, Ledger co-founder an CEO of the company from 2014 to 2019 on Reddit
Messaging Matters
The crux of this whole fiasco may then just be a matter of messed-up messaging. Ledger have previously claimed that it was impossible to issue a firmware update that could extract the private key, which as we've seen now is clearly incorrect:
Hi - your private keys never leave the Secure Element chip, which has never been hacked. The Secure Element is 3rd party certified, and is the same technology as used in passports and credit cards. A firmware update cannot extract the private keys from the Secure Element.
Ledger on Twitter
Contrast this with the reality that hit in this tweet that's since been deleted by Ledger Support:
(1/2) technically speaking it is and has always been possible to write firmware that facilitates key extraction. You have always trusted Ledger not to deploy such firmware whether you knew it or not.
Ledger Support on Twitter
This kind of sloppiness with detail has clearly led many people to believe their relationship with Ledger is trustless, as Éric Larchevêque, Ledger co-founder phrased it on Reddit. That trust has been broken as Ledger users realise their relationship to the company isn't as secure as they believed it to be. It doesn't matter that the trust was misguided, it matters that it was broken.
My mistake as a CEO during my tenure was probably not be relentless enough about explaining the security model, but at some point you just give up as people don't care at all. Until they care again, like now.
The hard truth, which has been confirmed by many experts who took the time to actually deep dive on the subject, is that nothing changed. Absolutely nothing happened. The security model is the same than before you knew Ledger Recover existed.
What changed is the perspective some of you had on the trustlessness, which appeared to be much more nuanced than you thought, and as this is a very sensible subject, many became extremely angered because they felt lied to.
Éric Larchevêque on Reddit
This is a sequencing and communication fuckup, not a technical one. Just enough info to freak people out was pushed out on Twitter, but not enough to understand what was actually happening, what the risks and protections were.
Naturally the reaction to this is negative, with confused and angry users posting about their concerns and many others including big names in the space dogpiling on to accelerate the fire. A Twitter search for "bye ledger" yields a stream of images of new wallets from other makers and even some Ledgers being smashed and binned.
Yo @Ledger, does this mean you can access my #BTC?
OR
Does it mean you can access my #BTC only if I subscribe to your Ledger Recover service?> Which one is true? Or are they both? 👀
Duo Nine ⚡ on Twitter
The concern above isn't valid, but how was the poster supposed to know?
You have to wonder how this new feature went down when internally circulated. To their credit, Ledger's DonJon security research program has spent millions supporting Bitcoin and cryptocurrency custody relentlessly, and has made Ledger's own devices and many of their competitors' safer as a result. So, surely that team might've had a similar initial scepticism (or "ick") towards the idea before seeing detail?
As a result of this self-inflicted hailstorm, Ledger have damaged their reputation and handed their competitors free marketing and users.
So, can Ledger recover?
In the end, this is about trust. Treating the manufacturer of your hardware signing device as an adversary in every way is a non-sequitur. You have to have a degree of trust in them to produce and deliver to you a product that does what it says.
Ledger have acknowledged the mess and the miscommunication, and are taking steps to be more transparent in the future -- open-sourcing more of their code, responding to criticism and apologising for the upset.
Despite the controversy, I think Ledger will be fine, and even that Recover will be a successful product. But rebuilding lost trust and reputation is going to take them a while.
If you have been using a Ledger and it's worked well for you, I don't think this is a reason to drop it and switch to a new wallet. It's not for me, but it might be for you -- it's a great piece of hardware, and one I think I'll still recommend to people that might have a hard time with a ColdCard.
We believe wholeheartedly in the need for a service like Ledger Recover—those of us who have been in the space for a long time, over a decade in my case, have a responsibility to ensure everyone can be self-sovereign and can have self-custody over their digital value. This is the ethos of crypto. The main pain point for crypto self-custody adoption is precisely the problem of seed phrase recovery. The majority of users in crypto today either don’t own their private keys and/or are putting their private keys at risk using less secure forms of self-custody, and hard-to-use forms of storing and securing their seed phrase.