Pages:
Author

Topic: Shamir's Secret Sharing based Wallet - Cypherock X1 - page 2. (Read 467 times)

jr. member
Activity: 59
Merit: 30
Quote
Their website mentions two different pieces of information. You can read "Five shards protect your Crypto, but you only need two to spend it" on https://www.cypherock.com/how-it-works. But their main page says "To make a Crypto transaction, just fetch and tap any 1 out of the 4 cards on the X1 wallet." (https://www.cypherock.com/)

@rohanagarwal7 How many are needed? One or two cards for spending and/or recovery? 

It is actually the same. There are still only 4 cards. The thing you are getting confused is that one of the shards is also stored on the device. Hence you need 1 device + 1 card or 2 cards (along with PIN if set) to view the seed phrase or make a transaction.

Quote
Again, which one is it?

Apologies on this. The older set of cards were EAL 5+. We have shifted to EAL 6+ certified Javacards for the current batch. We will update the website soon to reflect the same.
jr. member
Activity: 59
Merit: 30
Quote
Hmmm I have read this article and it seems to have more details https://cypherock.gitbook.io/cypherock/design-decisions/cypherock-is-bip39-compliant

ENT> Mnemonics> BIP39 Seed> Master Node> Purpose Node> Coin Node> Account Nodeء> Change Node> Address Index Node.
all you will get is data stored inside each X1 Card and it is impossible to extract the private key from those cards right? That is, if a problem occurred and I was unable to obtain the X1 Card, are there no other solutions to access the private key?

I have read that I only need 2 cards out of 5 X1 Card. Is this option static or dynamic so that I can change the number to 3 or add more than 5 X1 Card.


On a high level, the card stores one of the Shamir shares of the ENT. The card have 4-8 alphanumeric PIN based brute force protection to protect the share. As long as you have device + 1 card or 2 cards working, your assets are fine. If you think, you still require to backup the seed phrase separately, you can always do that as well.

There are 4 X1 cards having the 4 Shamir shares. The 5th share is in the device. So you need the device + any 1 card to operate. It is currently static to make it easy for most users. We will offer customizations in the future.
legendary
Activity: 2730
Merit: 7065
I have read that I only need 2 cards out of 5 X1 Card. Is this option static or dynamic so that I can change the number to 3 or add more than 5 X1 Card.
Their website mentions two different pieces of information. You can read "Five shards protect your Crypto, but you only need two to spend it" on https://www.cypherock.com/how-it-works. But their main page says "To make a Crypto transaction, just fetch and tap any 1 out of the 4 cards on the X1 wallet." (https://www.cypherock.com/)

@rohanagarwal7 How many are needed? One or two cards for spending and/or recovery? 

It does actually. The cards are EAL 6+ certified secure elements.
That's another point I noticed that doesn't match with what your website mentions.

I quote:
Quote
X1 Cards are NFC-based smartcards with EAL 5+ secure elements.
https://www.cypherock.com/

Again, which one is it?
hero member
Activity: 630
Merit: 510

Not really. There is no emergency wallet transactions service. The same seed phrase backup product also doubles up as a hardware wallet. So, you can use the cySync desktop app along with X1 Vault + 1 X1 card to make transactions incase your Coldcard/Trezor/Ledger or any other BIP39 wallet is not available. You can read more here - https://www.cypherock.com/how-it-works
Hmmm I have read this article and it seems to have more details https://cypherock.gitbook.io/cypherock/design-decisions/cypherock-is-bip39-compliant

ENT> Mnemonics> BIP39 Seed> Master Node> Purpose Node> Coin Node> Account Nodeء> Change Node> Address Index Node.
all you will get is data stored inside each X1 Card and it is impossible to extract the private key from those cards right? That is, if a problem occurred and I was unable to obtain the X1 Card, are there no other solutions to access the private key?

I have read that I only need 2 cards out of 5 X1 Card. Is this option static or dynamic so that I can change the number to 3 or add more than 5 X1 Card.

jr. member
Activity: 59
Merit: 30
I thought they would use SSS alongside multisig the user could distribute his wallet seed, for example, to 5 places, and the possibility of recovery from 3 places, with multisig in the background, where it could be 3-of-5, and thus a good distribution of seeds to ensure that there are no single points of failure. the current idea is currently promoting Many risks, such as knowing your seed after the first signature, because seed will be exposed, or the existence of better alternatives such as multisig, or your need to trust the third party.


You can use SSS alongside multisig if you want. It is on the roadmap to support Multisig scripts soon. I am not sure how does the user know the seed after first signature. The seed is not even exposed during the wallet creation nor during transaction signing. Although there is an option on the device to generate the seed phrase back from X1 Vault and the X1 card + PIN again if you want to view it and still back it up somewhere.

Quote
I don't trust that an NFC-enabled card will enhance the security of my coins.

It does actually. The cards are EAL 6+ certified secure elements. Hence, they have brute force protection through a time exponential function enforced through a 4-8 character alphanumeric PIN. Hence, even if a hacker gets hold of 2 of the 4 cards, they still have to find a way to hack the card individually and bypass the PIN protection to be able to compromise your assets which is extremely improbable.

Quote
I searched and did not find information about this emergency wallet transactions service, is it similar to Ledger Recovery?

Not really. There is no emergency wallet transactions service. The same seed phrase backup product also doubles up as a hardware wallet. So, you can use the cySync desktop app along with X1 Vault + 1 X1 card to make transactions incase your Coldcard/Trezor/Ledger or any other BIP39 wallet is not available. You can read more here - https://www.cypherock.com/how-it-works
jr. member
Activity: 59
Merit: 30
Shamir's Secret Sharing scheme is more secure than an ordinary seed backup that could be exposed if discovered, but it's not better than multisig. SSS introduces a single point of failure because the seed and its shards are constructed on the same device. Therefore, you rely only on the security of that one device. With a multisig, you can have multiple participants on different devices holding their own keys that are required to sign transactions. You don't have one point of failure as with SSS.

I agree. Multisig transactions are generally expensive and the user experience is still a big stretch for most users. I just feel multisig is more suited for an enterprise rather than for most individuals. We wrote a blog comparing SSS to Multisig - https://www.cypherock.com/blogs/post-multi-sig-shamir

Moreover, you will still be able to create a multisig setup using Cypherock X1 also. That multisig setup will be more secure than any other wallet combination out there. Our aim with the Cypherock X1 is to create the best possible infra for securing a single seed.
hero member
Activity: 630
Merit: 510
Shamir's Secret Sharing scheme is more secure than an ordinary seed backup that could be exposed if discovered, but it's not better than multisig. 
I thought they would use SSS alongside multisig the user could distribute his wallet seed, for example, to 5 places, and the possibility of recovery from 3 places, with multisig in the background, where it could be 3-of-5, and thus a good distribution of seeds to ensure that there are no single points of failure. the current idea is currently promoting Many risks, such as knowing your seed after the first signature, because seed will be exposed, or the existence of better alternatives such as multisig, or your need to trust the third party.

  • Use the same Cypherock X1 also to make emergency wallet transactions if needed. Read more - https://cypherock.com
I don't trust that an NFC-enabled card will enhance the security of my coins.
I searched and did not find information about this emergency wallet transactions service, is it similar to Ledger Recovery?
legendary
Activity: 2730
Merit: 7065
Shamir's Secret Sharing scheme is more secure than an ordinary seed backup that could be exposed if discovered, but it's not better than multisig. SSS introduces a single point of failure because the seed and its shards are constructed on the same device. Therefore, you rely only on the security of that one device. With a multisig, you can have multiple participants on different devices holding their own keys that are required to sign transactions. You don't have one point of failure as with SSS.
jr. member
Activity: 59
Merit: 30
Cypherock X1 uses Shamir Secret Sharing along with distributed tamper-proof hardware storage used in the banking industry to prevent single point of failure with private key security. X1 has five components- 1 X1 Vault and 4 X1 Cards. Your Crypto seed phrases are distributed in these 5 components, such that you need any 2 out of those 5 to recover or even transact your Crypto assets. You can read more about using Cypherock X1 as seed phrase backup here - https://cypherock.com/wallet-backup

This is the product's 2nd use-case for people who already have a wallet setup for themselves and need a better way to manage their seed phrases, inheritance of their assets (soon) and aggregate their portfolio across the different wallets in one single place. You can learn how it works more here - https://www.cypherock.com/wallet-backup/how-it-works

The 1st use case of the product is a hardware wallet without seed phrase vulnerability. You can read about it more here - https://bitcointalksearch.org/topic/cypherock-x1-shamirs-secret-sharing-based-hardware-wallet-5459720

Product Features:

  • Allows you to secure 4 seed phrases with different PIN for each in a single product. Hence 1 Cypherock X1 is enough instead of buying 4 metal backups.
  • Open Source with secure elements both on the X1 Vault and the X1 cards. Source code - https://github.com/cypherock
  • Security Audit Completed by Keylabs.io without any major vulnerabilities found. Keylabs have found vulnerabilities in Ledger and Trezor before. Read more - https://cypherock.com/keylabs
  • Extra security over your seed phrases with a PIN protection on top of shamir shares stored on the hardware to protect against collusion
  • Use the same Cypherock X1 also to make emergency wallet transactions if needed. Read more - https://cypherock.com
  • It is BIP39 compliant. Hence compatible with the seed phrases of your favorite wallets like Ledger, Trezor, Coldcard, Foundation wallet etc.

I would love to get the community's feedback on the same. Here is a coupon code for 10% off if someone wants to try it out - bitcointalk10
Pages:
Jump to: