![Xavier Hendrickx: NGRAVE- The Coldest Wallet. [Full Transcript]](/blog/content/images/size/w2000/2020/12/Ghost-Main-Image-1.png)
Listen to the full podcast here.
Nathan: Today we have with us Xavier Hendrickx. He is the brilliant CTO of the company NGRAVE. Partly university educated in computer science, and mostly self-taught, Xavier has been in the crypto space since early 2013 and experienced several high profile security breaches firsthand, which led him to found NGRAVE.
He was a victim of the Mt. Gox hack back in 2014 and the DAO hack in 2016. So this made him very conscious about the security issues in blockchain's brave new world. Xavier was studying computer science. He also engaged in developing automated trading bots for specific cryptocurrencies, which led him to being scouted by a Belgium American blockchain project called Swarm City.
A project that raised around 62,000 ETH in a 2016 ICO under the name Arcade City. Xavier started off as a blockchain developer in the project, but quickly rose through the ranks, and in 2017 Swarm City was. But one of the projects most impacted by the Parity hack losing close to 44,000 ETH in the act. Xavier stood at the front lines in the mitigation attempts as part of the white hat team that led an effort to protect other people's funds from being lost in the hack as well.
In 2018, Xavier became the CTO of Swarm City. And a few months later, he got in touch with Eduard and Rubin his co-founders and the trio started and grave. Whereas Xavier initially combined both functions. He ultimately went for a full-time position at NGRAVE, and now they're releasing their upcoming hardware wallet.
So Xavier, thanks so much for your time, thanks for joining us today.
Xavier: Thank you.
Nathan: Xavier, can you give me a really quick overview of how your product works?
Xavier: All right, so at NGRAVE, we have basically three products. We call them the Zero, the Graphene, the liquids. The Zero is our flagship products. It's a hardware wallet, and it has a big screen, a four inch color touch screen. So it has a nice experience to use. It's where you will create your seed. And you will sign transactions. It's never connected to the internet, it's fully offline, and the only way it's we'll get data to sign is via QR codes. So the companion products, the one to prepare the transaction is called the Liquids. It's a mobile app that's available on iOS and Android. This mobile app will synchronize, which the Zero. It will show all the balances and it will assist you in creating a transaction. So it gets the amount , you will set the destination, and then it will show a QR code that the Zero can scan and the Zero will show a QR code that the app can scan the signed transaction from. So that's the main two players. And then for the backup, we have the Graphene and the Graphene is two metal plates, that will be able to encode your backup phrase in, two difference, in a split, proper place.
That you can store separately without losing any security. And yeah, that's basically the three products that we're offering and you only have to pay for the Graphene and the Zero. The app is for free.
Nathan: Obviously you've been involved in three major profile attacks. So when did you finally decide to stop getting hacked and start your wallet?
Xavier: All right. So I guess this is a time mostly I'm most impacted by the hack because the hacks previously, especially the Mt. Gox were of trivial amounts, and I considered them to be a rite of passage that most people go through when they enter the crypto space; you lose some money in some stupid ways, and then you just don't do it again. But the hack that happens to the parity multisig was, very revealing for me for several reasons.
First of all, It wasn't really because of our bad practices, we decided to follow what at the time was the standards according to the other Ethereum projects. But basically we locked our money, and when I say me, I say the the core team of a Swarm City, that they raised during the ICO, in a multisig wallet that was offered by the Parity wallet at the time, which was the default wallet people were using when they were using Ethereum. And I'm talking about late 2016, early 2017. And, so we just used the default templates of a multisig wallets offered in the Parity clients, and Parity was one of the most trusted softwares in the game, right there. It was a written under the supervision by Gavin Wood. Gavin Wood is one of the co-founders of the theorem and the creator of the solidity programming language, from which smart contracts are written. So there was no reason for us not to trust this a multisig to store our ICO funds.
And so we were not the only ones everyone was doing it. And it was literally offered by the most trusted party in the space. So in July, 2017, I still remember then Bernd (Lapp) , who was the Advisor, and I would call him the CFO of Swarm City in a way, he was the one that took a look at the smart contract and saw that all the funds were gone.
So that was of course a major and a surprise to us, and, we didn't know what to do because there was also no clear place or clear contact we could go to to get alerts to community of this problem, because we were not the only project using this multi-sig there were a lot of other projects.
I don't know the exact amount. I think it was about 500, at least other wallets I would say, close to $200 million locked into those accounts. This was really like a major bug that was discovered in our multisig that we used that was also impacting all other wallets of so many other ICO projects. So it was just really hitting the core of the Ethereum community. And where did you go if this happens? You cannot just announce it in your chat channels in, in some official communication because the other projects are still at risk and you cannot contact them each on their own because you don't know if you can trust those counterparties. So the only way we knew what we could handle was to contact, the people that, at that time we were lucky to know personally we were quite close to them. We got in touch because we liked each others' projects. These are the people that's did the DAO hack, but that hackked the Dow hackers. So there were officially called the White Hat Group. So during the Dow hack the year before, which is ironically exactly one year before almost, the original DAO got hacked. And another hackers group, the white hat group organized themselves to replicate the same hack and try to steal, especially funds as they could so that they could later on payback the victims of the attack.
So we considered them to be our go-to contacts when we got hacked, because maybe they would know what to do. So one of the most public persons there was Griff Green, who is a very well-known person in the Ethereum space, and they got the original hackers together and they automated the same hack that impacted us. And, they basically hacked all the other projects, with the scripts before they got impacted themselves. So it's important to know that we were the third projects to get hacked in a timeline, in which I think up to 12 hours, I can be wrong, but it was like a large amount of time happens between our hack and the projects before us. So we don't know what the other projects, when they discovered it or what they did. but if there had been faster that could have prevented our hack. So we like to think that because we acted so fast, we did an hour off our hack. We basically were already scripting the rescue effort for other projects. You'd have to think that many other projects were saved because of that.
Nathan: And current are all the funds still locked up or is that address being still tracked?
Xavier: That address is still being tracked. Actually, I get a notification whenever any of that money moves and after some large amounts of Ether were moved out in the beginning in 2017, I haven't seen any movement there so that the money is still sitting there actually. And they still 45. 44,000 Ether from us, but they stole even larger amounts from two other projects, which at that time, I don't know the details that well any more, but I think it's amounts up to, I think, $30 million US dollars at the time of the hack, which was in July, 2017. So it's probably larger by now.
Nathan: Now, have there been any efforts to hypothecated or tokenize that locked fund?
Xavier: I don't know if any attempts to do something with block of funds, by the way, it's, it should be clear that we are not talking about the Parity freeze, which happened a couple of months later, which were impacting an even larger amounts. I think it was up to almost $500 million that was locked in the Parity freeze, which we should talk about too, because that was a logical consequence of the first hack. But of the first hack so there was no money frozen. There is actually somewhere an attacker that has access to the stolen funds.
And the money is flagged on etherscan. but beyond that, I think some projects actually filed complaints at the Interpol at the police. There was some discussion within our team, but we decided against it. So there were some, opponents and some people that were for it in the end, we decided that we made a bad decision basically, so we should learn from it.
And, we didn't file a complaint to the police. It would be against everything, I guess all the values that we were having by building a Swarm City so we decided against that.
Nathan: Can you give me an idea of how the lessons you learned in that in the two attacks of the three attacks that you were a part of, how did you incorporate that into NGRAVE?
Xavier: The way we wanted to build NGRAVE was to go back to the basics. So many people make the mistake, coming from the legacy world that you can trust something because it's vouched for by reputable parties. And that's not necessarily, an indictment against the big players like Parity.
It's just the nature of crypto. That's no one is taking any liability or any responsibility for how you use their products. And that's fine for me, it's fair, but it means that when you want to use or store crypto in a way that you really trust, it needs to be very intuitive for you to understand that it is secure, right?
So you, you should try to remove any, trust on any other party, accepts your own ability to understand the security of your products. So that's why we created NGRAVE because while there are many hardware wallets in the markets, there was none that I could use, and that I would intuitively understand was really secure.
And this does this actually into the field of psychology on top of the actual hardware security. So it's very important for the design of the product to give you this intuitive feeling of security. And to simplify it further, if you use a hardware wallet, you are basically concerned about two things: first is the seed that you will create, and that will be used to derive all private keys and addresses for your crypto. So it's very important that when you're making your seed, you will have full confidence that your seed is unique, hasn't been created before, and cannot be brute forced, right?
You have to intuitively understand that. The second part is the way you will sign transactions. So you need to be able to trust that whatever you sign is what it says it is, and it cannot be manipulated. And also that when you sign something, you are not exposing any more information that can put your other assets at risk.
If you simplify it in those, two basic ways, you need to dissect them as much as you can, and really go into depth, how you can give the users this intuitive feeling of security and understanding why it is secure. And that's what we did with NGrave. that's basically been our philosophy from the beginning and how we have been designing those two steps.
Nathan: So I'm a longterm Ledger user. I've never to my knowledge signed, phishing transactions. But I don't know that my seed is cryptographically unique. Will it be easy for Ledger users to migrate?
Xavier: I think, people that have Ledger can easily migrants to our products, but I'm actually very willing to talk about, the difference between our wallet and Ledger.
It's actually a very interesting one because I don't saying Ledger is not safe. I think it is very safe. I've been using them myself for a long time. but there is a psychological barrier or limits to how much you want to trust Ledger. And the psychological limit is very important because if you feel like you're taking a risk with Ledger, you might as well take a risk with another product that's less safe and more centralized, leaving your money on an exchange for example.
And that's also been a major complaint of Ledger; it's not very user-friendly. So if you don't have the higher limit of trust into the products, why use it over something that's more comfortable to use. Now a Ledger, we think it's safe. But you're just never certain of it. So you're referring to the fact that you don't know about the security of the seed you're given that's one aspect and, it's letter's model is pretty simple and the execution is more complex, but in essence, they rely on the security of their secure elements.
So they have a special chip in the Ledger device, it's called the secure element and it's made to withstand brute attempts at extracting secrets and most important for the seed, it's designed to have a function in there that can create real randomness. So it's called a true random number generator because creating real randomness in a computer is very difficult. Like a computer is made to be deterministic. You give it a certain outputs, you want to be able to trust that the outputs from the inputs it's always the same. So how do you create something totally random? So it uses all kinds of like specific techniques to create like scientifically valid, random data, in such a way that you know, that you cannot predict ahead of time, what seeds will be created from the Ledger. That's just one thing, that's the secure elements in the Ledger.
Now we decided to also do this because it is the best practice, but to also address the psychological factor, people get a Ledger, and they get a seed.
But how do they know that this, random number is actually really random, right? You just trust the fact that it's been certified. So we do that, but on top of that, we allow the user, we gather the finger fingerprints data from the user. We gather the data for fingerprints to add to the entropy.
On top of that, I think the most important thing, especially for the psychological aspect is that you are allowed to manipulate your seed. We will show your entropy in a hexadecimal format. It will be 64 hexadecimal characters, and you can manipulate it yourself. The reason for this is to make you understand that, your seed has been chosen by you in a certain way.
Oh, this was not an easy task. And we have been advised by the cryptographic research departments of the KU Leuven here in Belgium which is our main university, because allowing the users to manipulate the attribute directly is basically a very bad practice. Usually people don't recommend that users are very bad creators of entropy; we cannot trust it. We do not allow the users to choose their entropy, but we allow them to pick certain parts of the seed that we are showing in a hexadecimal string and then they can shuffle parts of it. So even though the security is guaranteed by the underlying processes, we also give the user the psychological understanding of what's going on without losing security. That's one aspect.
The second aspect is that, true random number generator in the Ledger chips, are two random number generators that have been designed for a purpose and they've been designed for that purpose, standards as have been defined by major institutions, such as the NISD from the USA, meaning that if those standards are not fully honest, right? If the way that they recommend you implement a true random number generator is actually, backdoored in a certain way by the NSA or the CIA, there is a possibility that they can predict what kind of randomness this number will create. You don't know for sure. And we are emboldened in this opinion by the advice from our main advisor, who is Jean-Jacques Quisquater, is a major research scientist and a lecturer from the university in Belgium is the second reference in the Bitcoin white paper. And he himself has been strongly telling us how deep the control and the influences of big country players, such as the NSA to try to backdoor or not released vulnerabilities known, to them of how to break the actual randomness of secure chips.
You should not really trust secure elements 100%. That's why for us, we trust the secure elements for 50%, at least 128 bits, which is the same as the 12 word seed, which is a strong enough from our recommendations to create the randomness from secure elements. The other 128 bits comes from the environment we gather from the camera, from the fingerprints and from your manual shuffling. And that way, if there is a backdoor, you still have 128 bit entropy that you create yourself such a way that you create an intuitive understanding that the seed is yours?
So we defeats two problems at once that Ledger has, which is you do not know for sure, you don't understand, so your psychological limit is not high enough, that your seed is unique. And second of all, you are more, emboldened in your resilience against possible backdoors from the NSA or another place.
Nathan: Got it. So even in the case of NIST, and what are normally considered as public utilities in the case of a random number generators, do you think that particular random number generator is at risk and in encryption algorithms like AES256? Does that exist there as well?
Xavier: No, because they don't really rely on the random number generator. It's a, it's only when you create your key or the password for it. It's possible if you rely on your random number generator to create the key, which happens in many cases, yeah, then this says this risk exists. Yes.
Nathan: If that's the case, we have larger problems than hardware wallets. Don't we?
Xavier: It's not just a paranoia from my end, those kind of backdoors have actually been proven to be true a couple of years ago. NIST had to rectify some of their recommendations for random number generator for exactly this reason.
So it was a put to light by the Snowden revelation that the NSA had a way to decrease the entropy of a, of a TRNG (True Random Number Generator) that was accepted by the industry. So this is actually a documented risk.
Nathan: But isn't AES256 some of the hash algorithm and Bitcoin as well?
Xavier: You're probably referring to a SHA256?
Nathan: Excuse me. Sorry. Yes.
Xavier: Yeah, because AES 256 is a symmetric encryption algorithm. And for symmetric encryption, you only run the risk of from this for the randomness of the key but no, the hashing hat I have this problem because, for what I know, it doesn't rely on cryptographically strong random number generators. It's a cryptographic hash. So it's just a one direction way to represent some data . Yeah, I wouldn't worry about that part.
But by the way, there is also a political consideration is that if Ledger does have a chip, which is a claim that has been proven, that has been backdoored by the NSA, but the NSA isn't going to steal your money. So if they do, they reveal it to have access to this kind of backdoor. But it does lower your psychological-barrier stress.
Nathan: Thanks for that. That's a pretty big, deep dive. I appreciate that. What do you see as an easy migration process for a Ledger wallet user?
Xavier: Anything that relies not only on a secure element for the creation of your seed for me is a win. Now I have to be careful with this advice because using a secure element to create your seed is still good advice for the average user. WE have stepped away from brain wallets, which is basically people using a hash that they make from one of their chosen words, right? For example, your first name, you hash it, you get like a long string, people think that secure; it isn't the case. So the industry has made huge progress by having secure, random number generators, other standards in how people create their wallets. We should not move away from that, but we should either have better random number generators that are open source, and there, I think about the efforts of Trezor that is right now investing in trying to create the first open source secure elements. This is one of the things I didn't mention earlier is all the secure elements are closed source. That's only the only reason you know that they are secure is because they have been certified.
But the problem there is that those chips are made to get their certification. And so you don't know for sure how truly safe they are, you just have to trust the certification. Open sourcing those ships would be a major step forward, but we have to wait on developments, right now with the only one I know is Trezor. I'm sure there is others. That's one thing. Second thing is you can decide not to rely fully right, you can leverage it like we do, you can use a secure element and then salt the results with some extra data, basically, which is like our (wallet) okay.
Nathan: Now, ChainLink has recently come out with a provably secure random number generator through one of their new oracle providers. Have you seen that?
Xavier: No, I have to dissapoint you on my being up-to-date on many other projects, there's just too much going on but I am curious.
Nathan: If you're building it for gaming or for, gambling products.
Xavier: Yeah. it's, this sounds very interesting though. I would like to go look at that. I know what that entropy on the blockchain itself is also an inherently difficult problem. So very curious. I can't talk about it because I don't know anything about it.
Nathan: I'll put a link in the podcast notes, but ChainLink offers they could, it can generate random numbers for smart contracts. They're called, ChainLink VRF verifiable random functions, which is a provably fair and verifiable source of randomness designed for smart contracts. They're mostly going to be used for it looks like blockchain games NFTs, choosing a representative sample for consensus mechanisms. So it seems to be just an on-chain verification of randomness.
Xavier: Yeah. that's interesting. And I think, I'm really curious to know how they, create this randomness. Maybe it's coming from their oracles
Nathan: I think it's coming from their Oracle. It has to be. So I'm a Ledger user, I have a seed phrase. How do I migrate to Ngrave?
Xavier: Oh, you can just import your 24 words or your 12 words mnemonic. We have an import wallet feature that's a compatible, it's a BIP-39. BIP-44 compatible. And you can import your accounts.
Nathan: Cool. That's super easy.
Xavier: But I'm not saying it's what I recommend again, because you will just create the user seed that Ledger used.
Nathan: But let's say I have a hundred accounts in Ledger, how do I move them all over to Ngrave then?
Xavier: I would recommend to import your seed. There is people that would recommend you to, use a wallet that can sweep, right now our wallet does not sweep. I don't know if you're familiar with the concept of sweeping vis-a-vis it's it's yeah, some wallets offered this feature where, when you import a seed, they will derive all addresses that contain balances and will automatically sign a transaction and sign all the balances to a new address, the address that you sweep towards.
So it's basically a bunch of on chain transactions to move all your assets in an automated way. Now, you have to pay fees for that, and you also run a risk of losing some privacy because all the previous balances on randomly disconnected addresses are now all sent to one address. It might be a solution, but it's not the most privacy-conscious solution. So I would recommend to, import your seed.
Nathan: Got it.
Xavier: But of course it's yeah, it's a soft recommendation because I still stand by my sayings of what we do to create a better seed generation. But in the immediate risk, I feel there's a bigger impact to lose your privacy, than to not trust the seed that Ledger creates. so yeah, that's my short term recommendation.
Nathan: Okay. Who do you see as your target market? Do you see someone like Lloyd's or some other insurance company insuring this product for family offices or for funds?
Xavier: All right. before I answer that, I want to explain the one point that I didn't do yet is how we do transactions, because it's important to understand our products. We do transactions over QR codes, right? So for your listeners, just to know, you create your own custom seed, but the security is also guaranteed by the fact that when you create a transaction, you will prepare it on our mobile app. You will get the destination, the amounts, and any other data. It will show a QR code on your mobile app. Your product will scan it. It will show the contents of the transaction. Then you will be prompted to sign it on your offline device. So your private keys never leave sort of a device and are always offline.
And then it will show a QR code so that the mobile app can scan and send it to the blockchain. While doing this we ensure certain things, we ensure basically your security in a few different ways. First of all, it's one direction communication; you're certain that no data is going in your way. The second thing is, it's a small payload, right? there's not much place for any malware if there is any, and third is it's verifiable, right? That's the major thing that you can scan the contents of the QR code with any other device you have and verify that what's in there is trusted by you. So I just wanted to launch this your first because otherwise people will get confused about how our product works. It's important to understand that.
But our target audience is, right now we are not aiming for the institutional players what you call the B2B markets. So we are actually looking at the retail customers, like probably you Nathan, people that are already interested in crypto, so they know how it works.
And they, first of all, they, once, innovation in the wallet space, we all know about Ledger Trezor. but. I think everyone is excited for innovation to happen in custody, in the custodial space, especially, the amateurs or the crypto users , like you and me. I think we were all excited for that.
That's basically our main target audience. And once we have established a certain layer of trusts, we feel can have to come from a community of users that use our products that are excited about it, we can think about expanding our offerings to get into more like skeptical people or the people that need to have more liability coverage that want to be insured, that's maybe a second step, but that can come later for us.
Nathan: Have you ever looked into that type of insurance, have you ever talked to an insurer like that?
Xavier: We did. We have ongoing talks and we keep each other up to date for the future with what's possible, but it's a very difficult problem. And it requires lots of industry specific knowledge that we had to put that on hold for now. It's definitely something that I have been looking at it.
Nathan: What are the initial currencies you're offering? And are you going to be supporting ERC-20s and, other chains like FA on Tezos?
Xavier: All right. the currency support, that's a question that's easy to answer. We have basically 20 different blockchains and all ERC-20. So the coins, I can go over them quickly: it's Bitcoin Ethereum, LiteCoin, Ripple, Bitcoin Cash, Polkadot, Neo, Stellar Lumen, Tron, Binance coin. Tezos, DigiByte, Dash, Ethereum Classic, Bitcoin Gold, Aeternity. Doge Coin, Z-cash, Bitcoin Diamond,Crystal Coin and Elrond. Yeah, not everyone will know all the coins that I just listed, but they're the ones that we have, right now, the support for. For all the coins you have to have the most fundamental functionality, because we want to expand on more features once the product is out.
And to talk more specifically about Tezos staking, which is a pretty custom solution that we have to get familiar with beyond your transaction, and that's something that we will definitely explore once we release, but we will not offer that by shipping yet.
Nathan: Got it. And, we've designed at BlockWatch we've designed and worked with, various wallet providers, and also as a user in the DeFi space, you're constantly logging into different websites and authenticating on the website using your Trezor or your Ledger. How do you guys plan to integrate with those types of Chrome extensions?
Xavier: All right. So yeah, that's something we are really excited about, because we use QR codes. You can imagine that integration can become pretty straightforward. And it will really depends on the community and the other apps to implement a certain standardized way of sending some application requests over QR codes. So I know there is a pull request down at Metamask for bidirectional accounts over QR codes, that's something we look at. Those things again, will not be out at the time we launch, but they are very strong, our preference to push for standardization and interoperability between different products by having a QR code standard that is standardized between them. I think about Metamask. I think most people know Metamask so if you want to log in somewhere right now, you can log in by signing a certain message, well you can do the same thing by showing the QR codes signing it's on the hardware wallets and showing the same result back. So you can do the same thing for signing a transaction as well. A Metamask mask is just one provider. There is for Bitcoin, I think about the Electrum wallet, it already works over QR codes, that's also a possibility. For every coin we will need to look into what players are there, reach out, and find some synergies, and work together. I don't know if there is a similar product yet in the Tezos space, I assume there is. So yeah, this is very much, this is very interesting. And I think it also, it's a testament to the power and the usability of QR codes that this is possible.
Nathan: In some way actually, the QR code is much more, understandable to the average user then than currently with the crypto ecosystem.
Xavier: Yeah, that's also the reason why you went with QR codes, because they're, again, intuitively easy to understand.
Nathan: Can you go over the business model behind NGrave, obviously hardware sales, but are you looking to do service offerings, like trading, lending, or swapping?
Xavier: Yeah, so when we launch, we will have a mobile app, that's for iOS and Android, at first it will offer the basic features required to interact with your hardware wallets. So signing transactions, and consulting your balance, synchronizing with your wallets to see what addresses have balances. So that's the basic functionality.
We have an extensive roadmap after that. And we will invest a lot in offering more features to our app from the onboarding process. So getting the fiat on ramps, we already have talks with some, providers there. Coin swaps also, is very interesting for us.
We have some talks with DeFi wallets, but that's something we need to explore. At first we might just have a bridge between DeFi specialized apps and then our app to format the transactions in a QR code format. And then we can just sign the DeFi transactions on our cold wallets. We will need to gauge the interest of our users for that as well, because DeFi and custody seems to be sometimes a different worlds; people either store for the longterm or like to play with their money, so we need to see how big the demand is for QR codes signing of a DeFi transactions. But yeah we have, a lot of features that we're thinking about to add to our app. As of now, there is no business model attached to that yet beyond the ways that the different providers already have a business model to promote their integration. Right now our focus really is on finishing the product, making our pre-sales customers happy. And, yeah, that's the way we are making our revenue right now.
Nathan: Can you go into the view of your view of the NFT marketplace? Where are you guys on this?
Xavier: All right. So the NFT basically is a custom smart contract on the Ethereum blockchain usually, that we will not support at lunch because we will have one smart contract, which is the ERC-20 that we can, send transactions for. The NFT is something that might be very interesting for us because the device, the cold wallet, has a nice screen. Unlike many other hardware wallets, we have chosen to go with a four inch color touchscreen and we have had some ideas about showing NFTs in a very visually pleasing way on the device. So I think, yeah, we got some very excited people on our team about this. again, I have to repeat that we are still in the presales, the device hasn't shipped. So all our attention is really focused on getting the device out with the quality that you want it to be. So we have a long list of features that we are excited about and it's one of them, but I have to promote them at some other time in the future once I know when it will happen, but, NFT visualizations on our screen is really exciting for us and, we can, really take it far. I don't think, many other wallets can offer the same features because they usually don't have the same screen space we do.
Nathan: Speaking of screen space in general and electronic principals, what happens if I drop this thing in like a cup of coffee?
Xavier: All right. So our device has been IP-55 rated, which is it has some dust and water ingress resistance, but it's not meant to be, it might be more than I think it is, we've done some, basic testing to certainly reach the IP 55 ingress protection standards, 55. But it might be more than that, we haven't taken the test so far, but there is an important distinction to be made. We have designed the Zero, our hardware wallet, for security right? Security is not durability. Our device when it is tampered with when it detects attempts to open itself, it will wipe itself. And it is a way for you to protect your assets. If it has unusual behavior, it will wipe itself. So that's very important to keep in mind. And you should not expect your hardware wallets to resist in the fire, that's not what its purpose is. Neither the Zero or the Ledger should be able to resist that. That's why maybe I can talk about our other product, which is called the NGRAVE graphene. it's something we haven't talked about. That might be very interesting. It's actually a product I'm very excited about.
Nathan: Yeah please, explain.
Xavier: Usually wallets like Ledger when they give you the seed, the 24 words, they give you a paper, that you can write the seed on. Now this paper has been a major source of anxiety for me, and I think for everyone. If you have a Ledger, where is your seed right now? Is it safe? Does no one have access to it? And is it also safe from environmental damage? If your house burns down, will your backup be there? Not many people will answer yes. So what we did was we developed the NGRAVE Graphene. The NGRAVE Graphene, now it's made out of steel. It is not made out of graphene, we looked into the option of graphene, it was just way too expensive. So we had to go with a stainless steel. It's two steel plates. The bottom plate, it's just a plain steel plate, right? Or it's just like you can imagine an A5 piece of paper. I think what you call legal and A5 is a half of it, right? So it's this small, it's just a plain sheets of metal. And the top plates is it the same size, it fits over the bottom plates perfectly, but it's filled with holes, why? Because it has, it's really just perforated for holes and it has 64 columns.
Every column has all the hexadecimal characters from 0 to 9, A to F in random positions. Every user, every Graphene has a different top plate random configuration. There's no Graphene the same as random. So when you have a Graphene, we use a random number generator to create it, but it doesn't necessarily matter. Although you asked me a hard question, because the thing is you cannot proof randomness. So again, you referred to a ChainLink, they have a provable randomness, right? I don't know of any randomness tests that can, give a hard proof that the data is actually random, right?
You have some kind of the diehard, our tests, we'll try to see if it’s random and there is some algorithms to do that. Anyway, the random that doesn't matter, that the random number generator we use, you have to create the Graphene configuration is also coming from a trusted platform module, so it's also secure elements. So in any way, this is the same conversation we had before. The configuration is random, right? And for every column, will be correlated to one character of your backup seed, be sure on your Zero in your hardware wallet. And so you punch a hole in that hole and at the bottom plates will appear, an engraving, like a little hole at the bottom plate.
So if you remove the top plate from the bottom plate and you just look at the bottom plate or you see it, steel plates with random holes all over it. It doesn't tell you anything about your seed, and the same goes for the top plate. If you have only the top plates you have, or you have steel plates, perforated with all kinds of holes, you don't know anything about the secret. This is a way to split your seed in two ways, in two parts. And again, notice that it fits the core principle of our solution, which is to be intuitively easy to understand. We are not the first one to offer a backup solution that splits into two parts, all ther competition products that I know that use what's called Shamir secret sharing. Shamir secret sharing, I don't know if you heard about it is a, basically a way to split the seed into different parts. And you can reconstitute the main seed by having two out of the three recombined, right? This works well. But first of all, it's a difficult mathematical and pretty ingenious mathematical solution. so it's very nifty to work with, but people will need to trust something that they don't understand.
The mathematics behind the Shamir secret is it's not trivial. While the Graphene, our solution, if I showed it to my grandma she would understand, it's and it's the same, it's the same results. You've got a top plate. And you've got a different location and you can also, have different bottom plates, right? So you can have the same, key engraved in many different bottom plates and spread them all over the place and have your top plate stored somewhere else.
Some other detail that I didn't mention yet is that the top plates has a recovery key. It's a eight character hexadecimal at the bottom right. This recovery key is a unique secret that you have to write somewhere else, and if you ever lose your top plates, why? Because the top plate is unique, right? You don't have copies of it. You can make copies of the bullet plates. If you lose your top plate, which is by the way, the bottom plate thicker, right? Bottom plate is a better resistance to fire. I've put it to a test by putting it into a 1,600 degrees Celsius fire at a Smith, but that bottom plate has stood the test like perfectly, right? The engraving is perfectly visible. The top plate stands as well, but sometimes you might, you have a risk that because it's thinner, it will be less resilient than the bottom plate. So if you feel like that's a risk, you can, store the recovery key, which is the eight character hexadecimal key somewhere else, and if you ever want to get a copy of your top plates, you can send this recovery key to us. Now, this does not mean that we have a backup of all top plates. We have a system that we need your key to fit into our algorithm to recreate your configuration. So without your key, it's impossible for us to recreate your top plates, right? It's required inputs into our function to recreate the same top plate configuration. And, if we won't just give the template configuration to someone else that send us the recovery key, we will do, a customer check beforehand. I know it's an option you will get when you ordered the Graphene, whether or not you want to have, an identity check before we send you, a new Graphene top plate. So that's basically to answer your question, "what happens if the Zero or cold wallet gets destroyed during a fire?" You shouldn't have to worry about the Zero. The Zero can get destroyed, it shouldn't matter. You have your Graphene to recover all your assets.
Nathan: Got it, or if you dunk it in a coffee.
Xavier: That was your question, exactly, yeah. It might just survive the coffee. I think it would. I know because we've designed it with such tamper responsiveness that it's really glued on tight, that there is actually no way that water can enter maybe except through the USB plug, but we have sealed it as well, so it should be fully water proof
Nathan: Now all almost all popular crypto hardware wallets have come out of Europe. Trezor's from Prague, Czech Republic, Ledger's from Paris and now NGRAVE from Antwerp in Belgium. What do you think the reason is or this? Why is Europe so well-equipped to be ahead of the innovation in this space?
Xavier: That's an interesting question, I don't know. I think, I can be wrong, but I seem to notice there is a lot of experience in manufacturing here, especially in hardware and cryptography. It's no surprise that France has a very strong cryptographic, industry and skillsets, for example. France is one of those countries that's, big enough to have a chip manufacturing industry, but it's not too big that people don't trust it because of possible backdoors. You will trust a French chip more than if it was Chinese or maybe even American for the risk of government bank doors.
So in Belgium, there is a strong cryptographic skillset, for example, the AES 256 that you recently in this podcast talked about, it's the most trusted symmetric encryption algorithm that the American defense system, for example, uses to encrypt, confidential documents. It's developed by, cryptographers here at the KU Leuven, by Vincent Rijmen, and Joan Daemen. So it's called Rijndael, right? Reverse it, her names. So maybe there is strong experience in cryptography here. I dunno why it's a good question. Yeah.
Nathan: And then lastly, what type of advice would you give to other entrepreneurs in the blockchain space?
Xavier: Oh, first of all, I don't only consider myself an entrepreneur in the blockchain space, because a lot of the challenges we have are typical to any hardware startup. So we have, we are really like a hardware startup, it's something quite different as well. I think the most important thing is to, there to dream big, right? The decision to create a secure hardware wallet is not an easy one because people will be very skeptical. They will be scrutinizing your products. So you really have to dare to try that. But then, how we decided to solve that was to always go to the best people that we would find to advise us.
If you look at the list of our partners, we really have, you will see the results of that. It's really trying to only work with the best people to gain a reputation, and it has helped us a lot. So I would say as advice, really dream big, but work with the best you can find to get your goals. It's kind of cliche, I dunno if that's a good answer, but, that's been my experience here.
Nathan: But you guys have also had not only just a general desire to dream big, but also a rather unconventional choice to be in the hardware space while software is exploding.
Xavier: Yeah. that's true. I think it really comes from just our desire of what we wanted to create. You need to be motivated by what you want to make. And I felt at the time that we started NGRAVE, the blockchain space was exploding in a thousand different ways that we were finding features for the blockchain space. I had become a bit skeptical after what I had seen, so I talked about Swarm City. First of all, there was a hack. So I certainly became very skeptical of the security of the space, how well secured it was, I think it was, just way less secure than people thought. And then after working in the Ethereum space, I realized that people had amazing ideas. I still am very fond ofSwarm City and what they tried to accomplish there, but the infrastructure was nowhere near ready yet to support the kind of ambitious goals we had.
For me, you have to look at what you consider to be, challenges that haven't been solved basically where you consider the community to be maybe in delusion. This is a strong word, but I felt that people are forgetting the most fundamental parts of the picture, right? We were all excited to make YouTube while the internet, had a very low bandwidth still right? So fix the bandwidth first. So we are all excited to get all kinds of complicated products out, but the security is nowhere near ready yet. And I had a very strong feeling of that awareness when I started NGRAVE. So that's why I wanted to go in that field. And creating a our product just was the only way I could really solve the security problem. So maybe my advice here is to listen to your gut feeling about what you consider to be the space to be in denial of it. What does a space really needs as a fundamental improvement before all the other promises can be accomplished?
Nathan: Well, I appreciate your continued work in this space. And clearly everyone who was affected by the attacks, in Parity, obviously appreciated your help. I want to thank you for your time and thanks for your dedication for building a secure hardware wallet.
Xavier: Oh, thank you for having me. It's been very interesting.
Nathan: I look forward to having you guys out in the near term as well, when you add more functionality and, since we're actually working together, I look forward to a couple of good months ahead.
Xavier: Yeah, and, I've always been really grateful to the Tezos community and how they've been really helping us to get their support for our products. it's really very impressive. So I'm very happy.
Nathan: Thanks for coming by.
Xavier: Thanks Nathan.