A Deep-Dive Into Some of the ZERO Wallet's Advanced Security Features

Published at: July 24, 2020

From its initial announcement back in April to the $430,000 raised in the recently completed crowd-sale, the NGRAVE ZERO has created huge buzz in the crypto community. Billed as the most secure hardware wallet available, the permanently air-gapped ZERO is the first to gain a top security rating of EAL7.

But the devil is in the details so they say, so while waiting for the first units of the device to ship, Cointelegraph asked NGRAVE CEO Ruben Merre to explain just how one goes about making the “most secure hardware wallet in the world.”

Necessity is the mother of invention

The ZERO came about following the NGRAVE founders’ poor experiences with crypto security. Not finding any existing solutions that they would completely trust with their cryptocurrency, they set about building their own.

In April 2018 the team began to develop a working prototype using a Raspberry Pi. It was the start of a journey which would see them collaborate with many world class teams and individuals, including the recent acquisition of Jean-Jacques Quisquater as an advisor.

Quisquater is considered the father of zero knowledge proof cryptography, and is famously cited in the Bitcoin whitepaper. So what does he bring to the development of a secure hardware wallet?

“Jean-Jacques is closely involved in revealing and resolving potential security threats, even those that are on practically no one else's radar. Because he was involved in the development of the many security projects including those by secret government instances, he knows backdoors as no other. He's also one of the minds in our team that helps us think future-proof.”

No man is an island… but the NGRAVE ZERO is

Much has been made of the fact that the ZERO remains fully air-gapped, eschewing USB and Bluetooth connectivity to communicate solely via QR codes which contain no data about the users private keys.

Also, private keys generated by the wallet’s Perfect Key system are not derived purely from a “master-seed” shipped with the device. For extra security they incorporate elements of biometric data such as fingerprints and the introduction of environmental randomness from factors such as light levels.

This might leave you wondering how you will import your existing cryptocurrency private keys onto the device, and whether they will be as secure as freshly generated ones.

“We support all the available ‘status quo’ ways of generating seeds, so you can both import a mnemonic phrase made with another hardware wallet, regardless of the length, or you can also simply create a new one on ZERO. While we recommend using the NGRAVE Perfect Key because of its advanced security features, the user can basically choose what he or she feels most comfortable with.”

Can’t touch this

Finally, in case anybody gets their grubby little mitts on your physical device, the ZERO has four different cumulative levels of tamper-proofing.

The first is tamper resistance, including shielding of radio frequencies, and the physical difficulty of gaining access to the device's innards.

Then comes tamper evidence, which means that if anyone does manage to break open the device, the screen will break and it will be apparent to the user. It also incorporates cryptographic attestation, whereby NGRAVE will verify a device on first use.

“The third level is called "tamper responsiveness". This means there are mechanisms in place inside the device that will notice that it is under attack. And ZERO will then automatically wipe the keys. This goes as deep as on the level of individual components that have their own anti-tamper mechanisms.”

Finally, there is tamper resolution, which takes place when the user is manipulating the private key in the aforementioned generation process. This results in the resolution of any potential tampering or pre-defined keys in the device.

Cointelegraph will get hands on with the device as soon as it starts shipping to bring you a full review.

Tags
Related Posts
Organizations look toward multiparty computation to advance Web3
Protecting user data and private keys is crucial as Web3 advances. Yet, the number of hacks that have occurred within the Web3 space in 2022 alone has been monumental, proving that additional security measures, along with greater forms of decentralization, are still required. As this becomes obvious, a number of organizations have started leveraging multiparty computation, or MPC, to ensure privacy and confidentiality for Web3 platforms. MPC is a cryptographic protocol that utilizes an algorithm across multiple parties. Andrew Masanto, co-founder of Nillion – a Web3 startup specializing in decentralized computation – told Cointelegraph that MPC is unique because no …
Decentralization / Aug. 16, 2022
The remaining steps to mainstream institutional investment
It has been said that you only get one chance to make a first impression. Perhaps the best example of this old adage is the cryptocurrency space. From exit scams and money laundering, to unaudited code and high carbon footprints, the crypto landscape has spent the better part of the past decade scrubbing itself of its infamous past. For many, the sanitizing of the decentralized ecosystem was inevitable — simply a matter of when, not if. This mindset hindered the sense of urgency that should have been on display and may have ultimately contributed to the skepticism exhibited by mainstream …
Adoption / May 29, 2021
Oracle wants to bring blockchain to the masses through a crypto-secure data offering
While blockchain is known for bringing trust and transparency to multi-party workflows, it can also ensure the immutability of business-critical data. Realizing this potential, technology giant Oracle has announced a crypto-secure data management offering that will be provided as a free feature for Oracle converged database users. Juan Loaiza, executive vice president, Mission-Critical Database Technologies at Oracle, told Cointelegraph that it’s become apparent that customers deploying blockchain solutions often do not require the full capabilities of these implementations. Loaiza also pointed out that the complexity of introducing a completely new technology stack into an IT environment can be burdensome. Blockchain …
Technology / March 3, 2021
Fujitsu launches Web3 acceleration platform for startups and partner companies
The Japanese-based multinational tech company Fujitsu announced the launch of a new platform on Feb 8, designed to support Web3 developers worldwide. According to a report by the Fintech Times, Fujitsu’s Web3 Acceleration Platform seeks to provide a development environment, blockchain-based service APIs, high-computing technologies, simulations, AI, combinatorial optimization, for start-ups, partner companies, and universities building Web3 applications and services. The company said its platform aims to support the creation of a diverse ecosystem of Web3 applications across a range of use cases, such as digital content rights management, business transactions, contracts, and processes. It will also offer free access …
Technology / Feb. 8, 2023
DeFi platforms can comply with regulations without compromising privacy — Web3 exec
Decentralized finance (DeFi) has been a rapidly growing sector of the cryptocurrency industry, but it has also faced significant regulatory challenges. With regulators struggling to keep up with the pace of innovation, the lack of clarity around regulations tends to create uncertainty for DeFi projects. Cointelegraph spoke to Alastair Johnson about regulatory challenges facing the DeFi industry. Johnson is the CEO of an identity “super-wallet” called Nuggets that seeks to deliver verified self-sovereign decentralized identities to users. He said that one of the main regulatory challenges is DeFi platform anonymity, which makes it difficult to comply with Anti-Money Laundering (AML) …
Decentralization / Feb. 16, 2023