Ledger Doubles Down—Read Their Newest White Paper Here
•
June 21, 2023 11:37 am
•
Comments
In May, Ledger, one of the world’s premier hardware wallet companies, announced plans to introduce a recovery feature for its devices.
Due to the obvious security concerns, an intense backlash ensued from the crypto community. …
While there were previous reports that Ledger was backtracking on its original plans to launch the recovery service, the company now appears to have recommitted to the idea.
On Wednesday, the company released a white paper detailing its plans for a recovery service on its devices.
According to Charles Guillemet, the Chief Technical Officer at Ledger, the recovery phrases are fragmented and sent to various security providers using high-security encryption techniques.
Guillemet explains:
“The Secret Recovery Phrase is encrypted using a Ledger fixed key, before being split. Then the fragments are provided to the backup providers using a secure channel (based on an ECDH), which means that no intermediary can ever decrypt the Secret Recovery Phrase fragment.
The algorithm used to compute the fragments uses a variant of a privacy algorithm called Shamir Secret Sharing, preventing any intermediate system (i.e., Ledger Live, third parties, attackers) from intercepting the information.
To sum things up, our upcoming Ledger Recover, provided by Coincover, service contains critical security features, including end-to-end encryption, non-repudiation characteristics, privacy-preserving tools, and minimalistic design, making this service fully adapted.”
Ledger’s CTO went on to tout the features of the new service in this thread, as well as the new white paper in the tweet below:
The main takeaway from the White Paper? Our upcoming service to be launched in Q4 2023, Ledger Recover, provided by Coincover, is 100% secure, and you can learn precisely how it works technically and examine the service yourself. https://t.co/esXUSmZNVu
— Charles Guillemet (@P3b7_) June 21, 2023
Your feedback is not just welcomed— it's encouraged. Should you come across any areas for improvement on security topics, please feel free to contact us via the Donjon Bounty: https://t.co/B16h6RYmv9
— Charles Guillemet (@P3b7_) June 21, 2023
Coin Telegraph reports:
Ledger Recover’s repository enables three primary operational flows, including backing up the seed, restoring it on a new device and securely deleting the backups. The white paper also includes data on Ledger Recover’s system design and cryptographic protocol.
…and details on the following operational flows:
– Backing up your Secret Recovery Phrase
– Restoring it on a new Ledger device
– Securely deleting your backups— Charles Guillemet (@P3b7_) June 21, 2023
The Secret Recovery Phrase is encrypted using a Ledger fixed key, before being split. Then the fragments are provided to the backup providers using a secure channel (based on an ECDH), which means that no intermediary can ever decrypt the Secret Recovery Phrase fragment.
— Charles Guillemet (@P3b7_) June 21, 2023
To sum things up, our upcoming Ledger Recover, provided by Coincover, service contains critical security features, including end-to-end encryption, non-repudiation characteristics, privacy-preserving tools, and minimalistic design, making this service fully adapted…
— Charles Guillemet (@P3b7_) June 21, 2023
Decrypt highlighted the intense backlash from the crypto community regarding the announced recovery program:
Ledger suffered a data leak back in 2020 which exposed the phone numbers and physical addresses of nearly 300,000 customers as well as over 1 million email addresses.
“This is a disaster waiting to happen,” said one Reddit user.
“I can’t actually believe what I’m reading, this seems absolutely crazy for a hardware wallet provider to encourage you to back up your seed phrase online AND give them your Passport/ID—especially one that has previously suffered a data breach!”
Join the conversation!
We have no tolerance for comments containing violence, racism, profanity, vulgarity, doxing, or discourteous behavior. If a comment is spam, instead of replying to it please click the icon below and to the right of that comment. Thank you for partnering with us to maintain fruitful conversation.