Ledger is well-known in the Bitcoin space for their hardware wallets, such as the Ledger Wallet Nano, but the company is also working on a new solution for Bitcoin security that does not require the use of an external device. The Ledger Trustlet operates in a trusted execution environment (TEE) in smartphones, which is a secure operating area that resides in the application processor of an electronic device. The key point of the TEE is it protects cryptographic keys from the rest of the phone’s operating system.
Combining security and convenience into a single Bitcoin wallet solution has been a serious issue up to this point, but the simplicity of the Ledger Trustlet’s security proposal could put these mass adoption issues in the past.
As Secure as an External Hardware Wallet?
Although the idea of hardware-wallet-level security in a smartphone is obviously appealing, users will want to know how the system actually works before trusting the Ledger Trustlet with their Bitcoin private keys. Ledger CEO Eric Larchevêque recently provided Mining Pool with more insight into the security features of the Trustlet, and he noted that the Bitcoin security solution can provide full hardware isolation from malware:
“You can see the Ledger Trustlet as a fully virtualized hardware wallet. The code running inside the TEE is exactly the same than the [Ledger Wallet] Nano’s firmware, modulo of course the OS layers (for example we’re using Gregory Maxwell and Peter Wuille’s secp256k1 library for elliptic curve cryptography). Regarding software attacks, if implemented right, the TEE provides a full hardware isolation from malware — the application running inside cannot be observed, and peripherals, such as the screen, cannot be observed either when locked by the TEE.”
When it comes to a physical attack on the hardware, Larchevêque noted that a smart card would provide a greater level of protection:
“Regarding hardware attacks, the TEE provides less protection than a smart card, but more than a typical microcontroller. Therefore, by using the Trustlet, you get a level of security certification close [to] a smart card: the secrets are hard to access from the outside world, extremely hard for a malware at the Android OS level, and reasonably hard for a physical attack.”
Larchevêque also added that these security solutions are extremely new compared to more traditional options, so the Ledger team is hoping security researchers will be interested in playing around with this technology in the early days.
The Future of Secure Bitcoin Wallets?
Due to the seemingly perfect combination of security and convenience in the Ledger Trustlet, it would appear that this sort of security setup could be the future of bitcoin wallets. Larchevêque provided some examples of why he believes this platform will be important for bitcoin wallets going forward:
“It is certainly a big part of the future. Hardware wallets are, in a way, personal signing devices, and you may not want to have something else than your phone with you [to complete the signing process]. Moreover, TEE can leverage cameras and/or biometrics if necessary. For enterprise multi-signature or crypto assets transaction validation, the Ledger Trustlet is an ideal candidate.”
The Ledger CEO also added that the increasing amount of malware found on Android devices is making it riskier to hold an important amount of bitcoins on one’s phone. As of now, the Ledger Trustlet can work on two phones: the Samsung Galaxy S6 and the Samsung Galaxy Note 4. However, Larchevêque added, “More models from Samsung and other models from different manufacturers will be announced this year.”
The End of Traditional, External Hardware Wallets?
Although some will see this innovation as the end of the traditional hardware wallets, the reality is that there will always be a market for storing bitcoins in a device other than one’s often-used smartphone or computer. As Larchevêque explained:
“There will always be a strong market for hardware wallets. The ubiquity of use as well as the possibility to physically separate your assets from your phone or laptop is something users value.”
The Ledger Trustlet should offer an exciting new option for software wallet developers who wish to bring enhanced security to user funds, but some users will always prefer the peace of mind involved with a separate hardware solution. In reality, a combination of both could be the best solution for proper bitcoin storage practices.