Navigating Misconceptions: Ledger in Defense Mode with ‘Ledger Recover’

There are often misconceptions surrounding how wallets function, which can sometimes lead to a belief in a touch of magic. Recently, Ledger made an announcement about their service called “Ledger Recover,” which received a significant amount of negative feedback on social media. This led many individuals to consider abandoning their Ledger hardware wallets. It’s evident that such a reaction wouldn’t occur unless the CTO of the company, Charles Guillemet, felt the need to provide a detailed explanation of how wallets work. In a Twitter thread Guillemet sheds light on the subject.

What is Ledger Recover?

The primary concept behind “Ledger Recover” is the ability to restore your private key without relying on your seed phrase. Instead, you can use your phone to scan your ID and employ face recognition. With this information, the system will retrieve the encrypted split key from the three providers selected by Ledger to offer this service. Your wallet will then generate the private key for you and decrypt the three files, merging them into one. Using this service is optional and not mandatory to all wallets’ holders.

In the thread shared on May 18, 2023, Charles Guillemet provided valuable insights into the workings of wallets, emphasizing the importance of trust in the wallet provider. Let’s delve into the thread, which covers the essential aspects of wallet functionality and cryptography.

How wallet works?

A Wallet’s Role: Protecting Private Keys Charles Guillemet emphasizes that a hardware wallet serves primarily as a signing device. Private keys play a central role in wallet operations, and the collaboration between hardware and firmware ensures their protection.

The Setup Process: Generating the Secret Recovery Phrase When setting up a hardware wallet, a Secure Element chip randomly generates a large number (256 bits). This number can be transformed into a Secret Recovery Phrase consisting of 24 human-readable words, following the BIP-39 standard. The utmost caution should be exercised to ensure the Secret Recovery Phrase remains confidential and is never shared, even with the wallet provider.

Deriving Private Keys and Computing Public Addresses: Private keys for each blockchain account are derived deterministically from the seed using the BIP32 standard. Each blockchain employs a distinct derivation path. From private keys, one can compute the corresponding public keys and addresses.

The Role of Private Keys and Digital Signatures: Public addresses facilitate the receipt of funds, while private keys must remain secret. Private keys are instrumental in computing digital signatures, serving as cryptographic primitives for various operations, including transactions, staking, and smart contract interactions.

Enhanced Security with Hardware Wallets: Hardware wallets offers heightened security by performing critical cryptographic computations internally. This approach mitigates potential risks posed by malware on the user’s computer, ensuring a more secure environment for key management.

Firmware and Hardware: Essential Functions and Security Measures The firmware, such as the Operating System, and the hardware, such as the Secure Element, collaborate to implement necessary functions for blockchain interaction, password security, and secure self-upgrades. These components support a wide array of cryptographic algorithms and operations, guaranteeing a robust and trustworthy system.

Ledger Attestation: Proving Authenticity Hardware wallets embed a Ledger attestation, allowing any device to prove its authenticity. This feature safeguards against counterfeit devices and instills confidence in the wallet’s integrity. Various signatures, encryption/decryption, and hash algorithms are implemented to achieve this level of security.

A call for trust, shall we?

And Guillemet did not miss to say that you need to trust your wallet provider when he said:” Using a wallet requires a minimal amount of trust. If your hypothesis is that your wallet provider is the attacker, you’re doomed.” And added “If the wallet wants to implement a backdoor, there are many ways to do it, in the random number generation, in the cryptographic library, in the hardware itself. It’s even possible to create signatures so that the private key can be retrieved only by monitoring the blockchain”

During a Twitter Space session featuring Ledger executives, Nicolas Bacca, co-founder of Ledger, clarified that the recent update does not introduce a backdoor. He emphasized that user consent is essential, stating that nothing will occur without the user’s explicit authorization on their own Ledger device. Bacca further reassured users that the update does not expand the attack vectors targeting Ledger wallets.

However, there has been a lively debate on Twitter regarding the potential security risks associated with opting into the service. Anatoly Yakovenko, co-founder of Solana, shared his perspective, suggesting that owning a Ledger device does not fundamentally change with the update. Yakovenko implied that users trust Ledger not to access their private keys, stating that if they trusted the company previously to safeguard their keys, they can continue to trust them even when the specific feature is disabled. He added that, in his opinion, the overall attack surface remains relatively unchanged.

In conclusion, despite the recent discussions and debates surrounding Ledger’s new service, it remains the top choice for crypto holders in the market. While other options may offer similar functionalities, Ledger’s longstanding reputation should be a key.

Moreover, it is important to note that if users desire full control over their wallets and they should have capability to build their own wallet on their own node, which is a bit tricky for most of the users.