While Ledger is facing popular condemnation, this is an opportunity to remember what a seed, private/public keys and cold/hot wallets are.
The Ledger Recover fiasco
The pressure has still not subsided following the fiasco Ledger Recover. This new service would allow Ledger to access the private keys (the seed) of their customers, split them into three encrypted pieces and save them at three different companies.
The goal is to be able to find his seed in case of loss of all his personal backups. This requires when registering for this service to reveal his national identity card and scan his face in facial recognition software.
“Technically speaking, it is and always has been possible to write firmware that makes key mining easier. You always trusted Ledger not to deploy such firmware, whether you knew it or not”Ledger said in a now-deleted tweet.
It was enough to cause an uproar since the basic promise that no one can access his seed is broken.
And even if things are done in the rules of the art, Ledger will still be forced to reveal the seeds to Justice if necessary:
CTO Charles Guillemet has declared this Tuesday suspend the launch of the service Ledger Recoverthe time to create the protocol documentation: “We decided to accelerate on open source in order to bring more verifiability to everything we do”.
And as many bitcoiners migrate to competitor Trezor, let’s take this opportunity to recap the basics.
First of all, it should be noted that the wallets do not contain bitcoins. BTCs actually exist as a large ledger of UTXOs (BTCs attached to public addresses).
The roughly 100 million UTXOs are updated by nodes in the Bitcoin network each time miners propagate a new block of transactions.
BTCs are said to change address during a transaction. In reality, it is more accurate to say that BTCs change their public key.
Public/private key pair
Bitcoin transactions are based on a so-called “public key” cryptography technique. Two keys come into play. A private key and a public key.
The principle of a BTC transaction is close to a chest with two locks. Imagine that UTXOs are chests containing BTC.
During a transaction, the BTCs are assigned to an address (to a public key). The analogy is that the BTCs are in a locked vault using this public key.
The beauty of this system is that only the recipient with the private key corresponding to this public key will be able to open the safe. Only he can unlock these BTCs and assign them to a new public address via a new transaction.
In the jargon, the fact of using one’s private key to carry out a transaction is called “signing” a transaction.
This private key is called the “seed”. The seed is the original key to your wallet. It is from it that all the other private keys of your wallet (and the corresponding public keys) are derived.
In other words, each time you create a new “address” in your wallet, you are actually creating a new private / public key pair.
xPubs & xPrivs
The concept of private/public key pairs is central to how Bitcoin works. Private keys are for signing transactions and public keys, derived from private keys, are used to receive transactions.
Your wallet can generate an infinite number of key pairs. We are talking about xPubs and xPrivs.
-xPub is short for Extended Public Key (private key derived from the seed)
-xPrivs is short for Extended Private Key.
xPubs and xPrivs derive directly from the seed. This “seed” is in the form of a list of 12 English words (that is to say a random value of 128 bits, ie one among 2128 possibilities).
The key derivation process is similar to a family tree. Preciously keeping the original seed allows you to instantly restore all the keys and access to your bitcoins. We speak of a “deterministic hierarchical wallet”.
This standardization of wallets dates from BIP39. So even if you had created your seed from a Ledger, you could restore your keys by entering the seed in a Trezor or in any other wallet.
Conversely, in the event of loss of the seed, all the BTCs linked to public addresses (the UTXOs) which derive from the seed are lost forever.
Hot Wallet and Cold Wallet
There are several ways to store a private key:
A hot wallet is software such as Wasabi, Samourai, Electrum, allowing to generate its seed. This software makes it possible to sign transactions and propagate them to minors who insert them into a “block”.
Such wallets are installed on your PC or smartphone. A hack is then possible because of the constant connection of these devices to the internet.
A cold wallet is a device that does not connect to the internet. This is what distinguishes it from a “hot” wallet. If you use the Wasabi wallet on a PC that never connects to the internet, this wallet is also a cold wallet.
Cold wallets most often look like USB keys. To sign a transaction, you must connect the wallet to a computer and confirm the transfer by entering a PIN code from the cold wallet.
The advantage is to be able to sign transactions without sending the private key to the PC. This way, your seed is never exposed.
The best-selling cold wallet is that of the French Ledger. But the very first was that of Trezor, a Czech firm that continues to innovate under the patronage of SatoshiLabs. Its latest model Trezor model T makes it possible to anonymize its bitcoins thanks to the coinjoin technique.
Receive a digest of news in the world of cryptocurrencies by subscribing to our new service of daily and weekly so you don’t miss any of the essential Tremplin.io!
