Wow, big respect to Ruben Merre for an AMAZING AMA and some truly elaborate questions about a very important topic in crypto: SECURITY! He also provided very important information about NGRAVE wallet, explaining in details how it is has been designed, how it works and why it is considered one of the best products in the market.
HERE AN OUTLOOK OF THE MOS EXCITING CONVERSATIONS FROM THE AMA:
➡️ "What are the most pressing issue with existing hardware wallets that NGRAVE can solve?" (asked by The Wolf Of All Streets)
➖ Ruben Merre's answer's: "In brief: security needs to be better, impeccable, and a hygiene factor. UX needs to be top of mind of hardware wallet developers, ALL the time. Solutions need to be end-to-end, not just focusing on a single aspect of the user journey. Security is A-Z. Customer experience is very important. And constant innovation, moving the needle, breaking barriers, pioneering new boundaries. These are all things that need to go further.
Security -- The many security issues that incumbents have are finally resolved. I'm talking about issues with firmware updates, supply chain attacks, physical attacks in general, and the fact that sooner or later, an online connection is made and the private key security is compromised.
Usability -- The many usability issues. Incumbents take a lot of time to add new coins by asking the user to install apps, they also have quite a limited memory space, versus the ZERO with >1GB and plenty of room for coins. I'd say the word we get back most from users about their existing solutions is "cumbersome".
What if? / End-to-end -- Existing solutions don't really look at security from the right angle. A hardware wallet is not security. An exchange isn't secure. Security needs to be an end-to-end solution. That's what we achieve with ZERO + GRAPHENE + LIQUID and always aiming to find answers for the tiniest what-ifs? What if I lose my ZERO? What if someone finds my GRAPHENE? What if I lose my GRAPHENE? What if I pass away tomorrow? We've actually thought about all these cases and broken our minds on their challenges.
Customer experience -- From all the interviews we did with end users, we found very little proof that they actually have a great customer experience at all. Nothing really stands out. We are fans of brand experience, customer experience, UX, and more. We don't hide that we go for an Apple-ization of hardware wallets.
Innovation -- Continuously questioning everything, even the most common industry standards. A good example is the mnemonic phrase. It's a great tool to better remember or backup your seed phrase. However, there are still many improvements possible, which is why we made the NGRAVE Perfect Key.
More on our journey to this key can be found here: https://medium.com/ngrave/beyond-mnemonic-phrases-the-path-to-the-ngrave-perfect-key-66ccaf540554.
➡️ "What is the best way to secure your coin for a short time of period? Why is cold wallet a good choice to protect my coins from hackers' attack? What makes NGRAVE wallet a better solution to secure my coin if compared to other products?" (asked by Manthan Gaba)
What is the best way to secure your coin for a short time of period?
Define a short period of time ;-) If you have an NGRAVE ZERO, you can basically secure your coins even for a very short time. The only thing you need to do to make transactions is sign them, which is done fast and secure with our QR code based communication. So even if you are a trader who wants to have a good night's sleep, you can send all non-open trades just offline to your ZERO, wake up and put them back online (for a modest transaction fee of course). It depends on how paranoid you are which solution you will use. You could also just leave your coins on an exchange, ideally spread over many exchanges, that have earned at least a minimum level of security. All in all, up to you, your risk aversity, and your level of laziness :D
Why is cold wallet a good choice to protect my coins from hackers' attack?
Cold wallets are crucial to really protect your coins. Any online solution has been proven time and time again to be vulnerable. A few days ago, the 6th most secure exchange in the world, Kucoin, got hacked for 150MUSD. So your only choice is a hardware / cold wallet. The reason why they are so interesting is because they make your private access keys offline and typically never expose them. So nobody can steal them, and therefore, nobody can access your cryptowallet, as it is secured by the private key. The latter is non-bruteforceable, with 2^256 or 10^80 different possible values, similar to the estimated number of atoms in the universe.
What makes NGRAVE wallet a better solution to secure my coin if compared to other products?
If we talk offline, then we talk NGRAVE. Existing top incumbents still rely on USB or Bluetooth, so they still make a connection. NGRAVE is also the only solution with the highest security certification, EAL7. Everything is built from scratch to make it the best security solution for your coins.
➡️ "Multi-part Q: How do you deal with the pressure that your product will be safeguarding millions and potentially billions of $ your clients’ funds? How often do you think about that? Any tips/tricks on staying cool, calm, and collected?" (asked by Semyon Williams)
➖ Ruben Merre's answer: " I first thought your question was about multi-party computation cryptography (MPC) ;-) We deal with your question by reviewing the security of our solution on a continuous basis, with the most experienced security professionals. A perfect example is how we leverage the huge network of Jean-Jacques Quisquater, famous cryptographer, 2nd reference of the Bitcoin paper, and an integral part of our team. He was part of building the first smart cards 50 years ago, and he has been one of the most famous security specialists of the last 5 decades, up until today, where he has put his shoulders under our project as just like us, he believes we are bringing the next leap in security. He has guided us to the most advanced hardware hackers he knows, who came up security issues that aren't even published yet. We are also working with COSIC of the KULeuven, the very team behind AES256 (worldwide encryption standard) and finalist in NISTs post-quantum cryptography standard competition, (and repeated hackers of the Tesla cars), etc. So you see, security is something we're always striving to find the extremes off. Just look at our EAL7 security certification, custom firmware, and a device built from scratch with one sole purpose: to be impenetrable".
➡️ "What is the difference and main advantages of NGRAVE before other hardware wallets like Ledger or Trezor? Can we connect NGRAVE to Uniswap or any other DEX apps?" (asked by Freddie Matias)
➖ Ruben Merre's answer: "Well, there are plenty.
We do not compromise on security, ever:
- Our solution ZERO is fully offline and the only one with an EAL7 certification, the highest security certification in the world and in the digital asset space. Competitors come in at a maximum level of 5 on one component level. We have it for our whole secure OS. Also important is that even our OS was built custom, so we are not relying on Android like some of these existing wallets, that are more like similar to stripped phones than hardware wallets.
- ZERO is built from scratch with the world tier in nanotechnology, hardware security, firmware security, and applied industrial cryptography. Every part of its design is geared towards security and features many layers of anti-tampering. Even if some layers might be broken through, there will always be another one making it uneconomical for an attacker to try to breach it. We have also introduced novel techniques of anti-tampering that basically resolve any kind of physical attack's impact. You could say ZERO is smart and notices when it is under attack, wiping all the keys.
- Assembly is done local in Belgium, very close to us, so we can have an advanced level of control on security and quality of shipping, for example.
Quality and user experiences are extremely important:
- We do not compromise on the quality of components we use
- ZERO is so much more easy to use, with its 4inch high quality edge-to-edge touch screen. Versus eg incumbents with a very small non-touch screens that make everything all the more cumbersome.
- ZERO is so intuitive and easy that you always have your coins one tap away. No more installing different apps for your coins like with some incumbents, you just go to your dashboard and add whichever coin you want in a matter of seconds. The device communicates over super intuitive QR codes, which also make doing transactions quick and seamless.
The NGRAVE solution is the only end-to-end solution in the market:
- We do not just providing a paper backup, but an actual quasi-indestructible, encrypted, and recoverable back-up. We make sure that every what if in your user journey is covered.
- Innovation, all the time: We left no stone unturned in upgrading the security, we have upgraded for example the private key generation process, so that it removes any 3rd party risk (eg backdoors), we have a dedicated NGRAVE innovation labs that goes into the craziest details to make your journey more secure and seamless, eyeing ultimate peace of mind. And so on and so on...
Regarding Uniswap and other DEX apps, we will indeed integrate with the interfaces that allow you to connect with these platforms, road-map 2021.
➡️ "Where do you see NGRAVE in 2 years? What are the biggest challenges for cryptocurrency security right now? What's your biggest personal hobby/interest outside of crypto?" (asked byKoroush AK)
➖ Ruben Merre's answer: "Besides crypto and tokens, blockchain offers a real disruption in how people will hold, access and use their digital assets. Think about stocks, gold, personal data, royalties, diamonds, etc. We want people to really own what is theirs, and support every project that is working towards that very mission. In two years from now, we should be a universal wallet at the cutting edge of security, UX, and support of many kinds of digital assets, integrated with the most relevant online platforms such as exchanges, hot wallets, and well beyond. After those 2 years, we aim to scale beyond industries, customer segments, and more. We're also fans of the Tesla model, e.g. where you start with the Roadster, and make a Model 3 later on, you could think of that in the road to mass adoption, we might be doing the same ;-) The biggest challenge in crypto security is securing the private key. A private key is unbreakable, but it's not that difficult to find. And that's where the problem lies. Private keys are to this day completely mismanaged. Sooner or later they have an online touch-point and then it is game over. Even the most secure crypto exchanges are not immune, just think of KuCoin's hack a few days ago: 150MUSD stolen from the 6th most secure exchange in the world. Hardware wallets are a possible answer, but still need a lot of improvements. That's why we decided to build NGRAVE. We also have specific branches of cryptography such as MPC, but these are still mostly experimental, in a lot of cases their coding is a bit obscure making it difficult to find bugs, etc. Eventually, a combination of these two technologies might provide an answer that lies even closer to seamlessness in use. Today, we believe that with ZERO and its intuitive use of QR codes - which everyone knows in this era - are a more than valid option for ultra secure AND fast transactions.
My biggest personal hobby is composing music and playing piano / guitar (and yes, that also involves singing like a wannabe rockstar ;-) )"
➡️ "Can all the altcoins be stored on the Zero? Can you stake on it? Is there more news on the referral side how it will be?" (asked by Kenth VDH)
➖ Ruben Merre's answer: "We will support a wide range of altcoins, including all Ethereum based ERC-20 tokens. If there are no relevant insurmountable technical obstacles, expect to see any of your favourite coins supported some time soon after launch. ZERO has the cryptography and computer power in it from the start, it is up to us and our integration team(s) to make sure you can take true ownership of all your altcoins ;-) On our website you can find the latest list of all coins we support. https://www.ngrave.io/products/zero
(or check out our YouTube video on it: https://youtu.be/OJ3DttreUPA). Our team is also a big fan of staking. We will first aim to integrate our use of QR codes in wallets that offer staking support. Mid-long term we're going for staking support in our mobile app too. Regarding referrals, keep an eye on our announcements, we will launch the program this week!
➡️ "Is there any crypto-asset that the ZERO will not support and, if yes, which one are they? Would we be able to connect the ZERO to a open protocol for connecting wallets to Dapps (like WalletConnect)?" (asked by David C. de Ker Martin)
➖ Ruben Merre's answer: "We want to maximise the user’s freedom to store any cryptocurrency they like. That said, every coin comes with its own unique challenges. As our slogan goes "Start Truly Owning What Is Yours'", it is not our intention to block the support of any coin. So it is up to our audience to tell us which coins they want to see next. Overall, our target is to include all coins that have meaningful traction. Some coins have technical obstacles due to our use of QR codes that are hard to overcome (eg. Monero (XMR), but we are continually on the lookout for innovations that make it possible to support these as well. And know that we will. WalletConnect is a good example of an integration that we are looking into for after the initial launch. Our 2021 road-map is full of integration steps towards exchanges, hot wallets, DeFi wallets, fiat-crypto on/off-ramps, and token swaps. It is one of the better growth strategies for a hardware wallet to integrate with online solutions, as those are the ones that cannot offer what we do: true offline security".