Christopher Allen Profile picture
May 18 13 tweets 5 min read Twitter logo Read on Twitter
Perhaps my biggest problems with the @Ledger Recover program as it’s currently conceived are that it’s not open and it’s not independent. Users will be locked into decisions that Ledger made, for its own business reasons. [1/12]
The Gordian Principles from @BlockchainComns suggest that digital assets should be held in a way that’s independent, private, resilient, and open. Ledger Recover increases resilience, but that’s it. [2/12] github.com/BlockchainComm…
From what we’re heard, the Recover share holders will actually be requiring KYC checks. That doesn’t just go across our Principles, but also the general ethos of Bitcoin! [3/12]
But the core issue here isn’t necessarily those decisions, but the fact that Ledger is locking *you* into them. And maybe encourage other wallet developers like @spiralbtc to lock you into their own different choices. [4/12]
The @BlockchainComns Collaborative Seed Recovery (CSR) system has some similar ideas to Ledger Recover, but it’s founded on the principle that the asset holder gets to decide exactly how their key is protected. [5/12] github.com/BlockchainComm…
You want to back up some of your shares on a metal plate, such as the innovative QR plates using SSKR shards from @SeedHammer? That’s OK! Your assets, your choice. [6/112] Image
There are even some wallet companies talking about backing up shards from other wallet companies! Our open source Collaborative Seed Recovery architecture offers many ways for us to cooperate to benefit us all. [7/12]
You decide your personal privacy needs. You can shard and store all the shares yourself. Based on your personal risk profile, you decide if you want help from with third-parties or to get help from family or close friends. Or pay a high-end service you trust. *You* decide. [8/11]
We’ve worked with @Ledger before. They were one of our original sponsors for @Blockchaincomn’s #SmartCustody program. We’d love to work with them again, so that the community can work through some of the problems with Ledger Recover. [9/12]
For instance, a community member took our open source SSKR code to create a Ledger app that can shard your seed *without* needing a firmware upgrade that risks adding new attack surface: [10/12] https://t.co/WdQYC2ub8d
Are you a wallet developer? We have a Gordian Developers meeting the first Wednesday of every month as the center of our collaboration. Feel free to join us! [11/12] blockchaincommons.com/subscribe.html…
Support our community efforts to give you a choice. Become a patron of Blockchain Commons! [12/12] github.com/sponsors/Block…
A thread on Shamir vs multisig, and why the open source work toward Collaborative Seed Recovery (aka CSR) by the wallet devs that are part of the Gordian Wallet Community is important:

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Christopher Allen

Christopher Allen Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @ChristopherA

May 18
At @BlockchainComns we believe that multisig offers superior #SmartCustody over using Shamir's Secret Sharing (which was recently implemented as part of @Ledger Recover). Unfortunately, there are few practical alternatives to sharding a seed, and multisig is complex. 🧵… [1/13]
The first obstacle to multisig is that our experience is that they are too complex for normal usage. We know that even professionals using one of our well-tested secure scenarios find the hour it takes is too long. [2/13] github.com/BlockchainComm…
The second obstacle is that true multisig really is available only for Bitcoin. There are multi-account smart contracts that resemble cryptographic multisig, but they don't offer the same level of hardware security, and each transaction costs gas. [3/13] shivanisb10.medium.com/multisig-contr…
Read 13 tweets
May 18
One of my concerns with the new @Ledger Recover service is that they appears to be sharding via Shamir’s Secret Sharing, but doing so in a proprietary way and possibly in a naive fashion. We don’t know, as it is not open source. [1/11]
Obviously, Shamir’s Secret Sharing has a long history and is widely used, but it also has real drawbacks. As we’ve written at @BlockchainComns, one of the biggest dangers comes in reconstruction. [2/11] github.com/BlockchainComm…
Eavesdropping, trojan-horsing, or just faking authentication for the seed holder can all lead to a stolen seed! The process of restoring the shares, reconstruction device is a serious single point of compromise. And then there are concerns with how you distribute shares! [3/11]
Read 12 tweets
May 18
There's been a lot of controversy over @Ledger's new recovery service, which will shard your seed out to third-parties for storage. Why? In large part because we didn't expect seeds to ever leave the Ledger device. [1/11]
As it turns out (as all hardware wallet designers already know), all it requires is a signed firmware update, and seeds can go wherever they want. Why?… [2/11]
Ledger's hardware *is* based on a Secure Enclave (aka "SE"). That's is what generates and stores your private keys. [3/11] ledger.com/academy/securi…
Read 14 tweets
Aug 12, 2022
Today my article on the need to protect private keys from courts was published by @BitcoinMagazine. This may be the most important legal advocacy work @BlockchainComns has ever done! [1/10] bitcoinmagazine.com/legal/saving-b…
The problem is that prosecutors & lawyers are asking courts to demand private keys as part of pre-trial discovery. This is wrong on so many levels! [2/10]
The most frustrating thing is that a private key is that they are the wrong tool for discovery. If there was a legitimate need for discovery, a public key could do the job. Private keys are about the authority to control, not information. [3/10]
Read 10 tweets
Sep 8, 2021
SSKR stands for Sharded Secret Key Reconstruction. It's a way for users to easily shard a cryptographic secret, giving you some options for seed reconstructions & and improved resilience against theft or loss. [1/15] Image
Why? Because loss of a seed or private key is the easiest way to lose your Bitcoin or other cryptocurrency. SSKR safely backs up your seed by breaking it into shares which are only useful if combined back together. For details see our overview doc: [2/15] github.com/BlockchainComm…
Our Gordian Seed Tool app for iOS and macOS offers a reference demonstration of this sharding functionality, but we expect wallet manufacturers to soon be incorporating SSKRs as well. [3/15] apps.apple.com/us/app/gordian…
Read 15 tweets
Aug 24, 2021
Puzzling through if NFTs can be used to help fund trustless self-sovereign identity efforts, and open infrastructure tools & services. First experiment: opensea.io/assets/0x495f9…
I'll try an auction tonight when the gas fees are lower, with the auction scheduled to end next week.
If you are an artist that wants to support my efforts toward trustless forms of Self-Sovereign Identity (aka #SSI), we welcome a donation of original artwork to try out this experimental funding method for open development.
Read 4 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

:(