Replying to Wonteet Zebugs

My problem with the NDA being necessary to view the technical documentation is that they'll be even less eyes on the design. How many can double-check that there are no bugs.

It's true that for an off-the-shelf MCU, we're trusting the vendor. One of the things that I like about Jade is that since they're using off the shelf MCUs with open source software, we can DIY build one. Granted, probably not too many people do that.

Passports, credit cards, etc, and secure elements : there's no do-over in btc whereas it's not too hard to do a do-over in the fiat and KYC world.

Jade Plus also offer a stateless signer option (if you can trust that the hardware really doesn't keep anything when it shouldn't).

So overall, can I assume that you prefer the odds of a secure element being hacked compared to the odds of both a Jade being stolen and the oracle server being compromised?
Avatar
semisol 7mo ago

> There’ll be less eyes on the design

Same issue with MCUs, really. Anyway, large SE companies conduct their own testing *and* rigorous independent certifications. (semi-formal validation)

Not sure you can reach that level even if you open source, because the majority of the security is in the physical design, and so physical attack tests. And not the logic.

I have also significantly reviewed the design of the SE I am using.

> There’s no do over in BTC but there is in the fiat world

In the end, there is still damage. Fake digital signatures can be as damaging as blindly signing contracts. Credit card fraud can lead to millions lost for banks.

In the end, *someone* is losing something from it being insecure, and so they have a strong incentive to ensure they buy secure products.

> we can DIY build one

But does anyone? Or do we rely on the manufacturer and Espressif to solely deliver a correct product?

What if the boot ROM on the MCU logs your seed to a hidden area on the chip?

Reply to this note

Please Login to reply.

Discussion

e2
Wonteet Zebugs 7mo ago

Those are all good points.

But that just leads me back to the basics : do we have better odds with a Jade without secure element but where both the Jade and the oracle server have to be compromised, or do we have better odds relying only on a secure element?

But, I must admit that hardware wallets are probably not the best choice for really huge amounts. I remember reading Greg Maxwell saying he preferred an offline computer (probably with a live-dvd, I assume).

Avatar
semisol 7mo ago

For large amount it’s always multisig

Also, I think quality SEs are better. But low quality ones are significantly worse

e2
Wonteet Zebugs 7mo ago

Multisig : that's debatable. I remember Francis Pouliot writing this a couple years ago, on twitter :

"Having a strong BIP39 passphrase and redundant backups is superior to a multisig for security, accesability and loss prevention. I can't imagine the stress of multisig as a personal solution. No wonder people pay 3rd parties to hold their multisig keys!"

Francis has been in bitcoin for a long while and has been involved in customer-facing businesses (btc businesses) for about as long (the Bitcoin Embassy in MTL and then bullbitcoin.com).

I remember even electrum (older version) messing up the multisig setup so badly that such that electrum couldn't access the funds put in that multisig. And electrum is a very OG project.