We never store the IP addresses. After the db hacks that other wallets faced, we don't store any information ourselves that will reveal personal information about the user. You can find our latest privacy policy here - https://www.cypherock.com/privacy

Sure, will do.

1. The device is the processing house to provide coin-specific functionality. The permanent storage of all the account secret is on the cards. To provide some authenticity check, the device stores private keys of its own in the Secure chip (ATECC). Apart from that, the device also stores some session keys specific to enable a secure execution environment.
2. The device has access to PIN (and its subsequent hash) only for a short duration (one session) of time in its RAM. No information about PIN is stored on the device. Whenever a user enters PIN it is erased right after it's used. The cards store the double hash of the PIN permanently to provide an authentication mechanism whenever someone tries to access the user data on the card. The storage of PIN digest on the card is fully managed by JCOP OS that is EAL 5+ certified which provides in-built safety even from side-channel attacks.
3. If the user has set a PIN, then the shard is first encrypted and then stored in the NVM. If there is no PIN, the shard is stored as it is. The decryption is done using the first hash of the PIN. The handling of PIN is unaffected by this bahaviour since the nonce for encryption is stored on the cards. The nonce for encryption acts as salt for the encryption along with hash of PIN.
4. information about accounts, history, and transactions are never stored on the device or cards. They are only available with the desktop companion (CySync) application.



I agree that these are minor UX issues at this point. This is what we are currently solving at the moment. This will get improved in another month.


I can understand. These are things that are part of the roadmap already.

Not if it is backed by strong tamper-resistant hardware security which has brute force prevention mechanisms. We use smartcards that have been battle-tested in the banking industry for more than 50 years. Regardless, you can still use a passphrase with the product if you value that more for the security of your assets even with Cypherock X1.


Not necessarily. Also, the same could be argued for any other hardware wallet.


This is more relevant in the case if ever Cypherock goes out of business. We will have our own open-source IOS and Android apps as well for this. But the seed phrase can be recovered directly on the smartphone without our assistance directly from the cards when you enter the correct PIN if set. Although it is definitely not recommended for your hardware wallet seed phrases and should be used only if Cypherock ever goes out of business.

PIN in our case is never stored on the device, it stored on the X1 cards that are EAL 5+ certified. The share on the device is encrypted too which is decrypted only when the card is unlocked. Hence, even if someone hacks the device, they cannot brute force the PIN.


But you can bruteforce the passphrase compared to PIN which is dangerous if it is a short pass phrase. Passphrase we don't recommend to basic users. At the same time, if you want, you can setup the passphrase on our wallets as well.


I think it comes down to personal preference. Since there is the geographical distribution of the cards as well in our case, there are users who don't even set a PIN and rely on the geographic distribution as a security mechanism.

The product supports passphrases. So if you find that easier for yourself, you can do that as well. It is just that we do not recommend setting up of passphrases for most users. The areas where they can make a mistake are just too many.


Isn't that a problme? You have to backup the seed phrase and the passphrase both securely now. If you lose one, the other becomes useless.


PIN can be remembered also which makes it exponentially better than seed or passphrase. The idea is it is much easier to hide in plain site it than the 24 words which has higher pattern matching as seen recently. Additionally, with securing the seed phrases, the more obscure the setup is, the harder it is to make it inheritable.



Not required since you can buy another device, and it will function like the old device. Else, you can also recover back your seed phrase from the two cards with the help of an NFC-enabled smartphone.

The underlying security of BIP-39 Seedphrases is exactly the same for all the wallets. PINs are just the top layer security to prevent anyone from getting into the device. What i meant by seedphrase being single point of failure was: Not Seedphrases but Seedphrase backups are a single point of failure. Anyone getting access to your backup can wipe you out completely. Here is a great example that happened recently.

https://twitter.com/lopp/status/1604599964713328640

PIN Backups which are 4-8 character long can be hidden indistinguishably anywhere. As compared to seedphrase backups which are exponentially much more difficult to hide.

An unauthorised entity getting hands on seedphrase backup can drain you out as they are so easy to recognise and the only component needed to wipe you out. PIN backups are almost impossible to find if hidden properly. On top of that, even with access to PIN, attacker needs atleast 2 components of the wallet in order to break into your funds.

User can export seedphrase from X1 and it takes under a minute to do so. X1 being BIP-39 compatible means it works with all the mainstream software and hardware wallets and users can seamlessly shift from X1 to any other wallet, or vice versa.

Here is how you can do so: https://www.youtube.com/watch?v=0W22TcY8MtQ
 
Cypherock currently is 20+ member team. 

Thank you for flagging it. Will do the needful to prevent further confusion.

There are considerable benefits of PIN backup over solutions opted by other wallets:
1. Backuping up PIN is 100x easier than backing up seedphrases. (Like mandatory in all the rest of the wallets)

• Easier to write, no mis-writing mistakes.
  
• Easier to store. Need smaller space.

2. PIN backups are not single point of failure like seedphrases [ IMPORTANT ]

• PIN backup can be taken at 'n' number of places as it is not a single point of failure.
  Same cannot be said with seedphrases. User cannot take 'n' number of backups as losing any one of them is catastrophic.

That being said, we agree with Crypto guide's point of view. Therefore, we are redesigning our onboarding flow so that there is a substantial warning while user sets up the PIN. It will be same as other wallets give a substantial warning to backup your seedphrase.

Once our Inheritance Solution is released. Forgetting PIN won't be a problem as our Inheritance Solution will take care of it. (More on it on it's launch)


I agree, since we are a new player in the market. There is a lot of features that we need to implement and that's why our product roadmap is jampacked(currently not public, will be soon).

This is the exact problem we are trying to solve. Current self custody solutions have tons of limitations. For a start, there is no portfolio management tools in self custody solutions. If a user wants to manage multiple portfolios they need to buy multiple hardware wallets and computer setups, in order to do so. From our interaction with users we found a few interesting customer profiles facing this issue. Let me mention couple of them.

• Bitcoin Maxi but likes testing Smart contracts on other chains: Because of the faith in security of Bitcoin ecosystem, users liked to keep their wallet containing Bitcoin funds separate from other chains. To do so, users had to maintain multiple device setups, one for bitcoin and one for other chains.
• Web3 Startup Founders/ VC Partners: Founders usually are responsible for managing their personal funds along with company funds. This is problematic is current solutions but with X1, they can create multiple wallets with separate seedphrase, each for different portfolios from one setup and use them separately in a sandboxed manner. No need to maintain excel sheets to keep track of your portfolio.
  Additionally, They can create sub portfolios. Like Marketing funds, development funds, Legal funds,s, etc. using multi-account feature.(Scheduled for January Release)
  You can read more one it here: https://www.cypherock.com/features/portfolio

Precisely, seedphrase backup is the sole limiting factor for self custody solutions making bigger leaps in terms of innovation. We believe our solution has solved core problem of self custody. As you mentioned finding 12 secure places to store plain text seedphrase is quite a tedious task for a users. But with Cypherock X1, you have Zero Seedphrases and you can distribute X1 cards to any geo location or trusted person without ever worrying about that entity being able to read your private keys.

We were never using a battery in the hardware wallet. Can you point out the link where you saw this?


Don't recommend opening the hardware since it is ultrasonic welded. Better would be to buy another device or recover the private keys from the cards through an NFC enabled smartphone.


Sure thanks.

World's first hardware-based MPC Wallet, making it the first BIP-39 compatible seedless wallet.

Cypherock X1 uses Shamir Secret Sharing along with distributed tamper-proof hardware storage used in the banking industry to prevent single point of failure with private key security. X1 has five components- 1 X1 Wallet and 4 X1 Cards. Your Crypto private keys are distributed in 5 components, such that you need any 2 out of those 5 to access and/or recover your Crypto assets.

              https://imgur.com/jenzlwc

Product Features:

• Cypherock X1 is the World's first BIP-39 seedless wallet. Unlike other wallets, there is no need for the user to write the 24 recovery words or the seed phrase anywhere.
• Open Source with secure elements both on the X1 Wallet and the X1 cards. Source code - github.com/cypherock
• Cypherock X1 is the World's first sufficiently trustless wallet. As a Crypto investor, you have to trust your wallet provider that they will not push a malicious software update to your wallet that extracts out the private keys. In Cypherock X1, even if a developer pushes a malicious software update to the X1 wallet, they will not be able to compromise your private keys since your private keys are never stored as a whole on X1 wallet. X1 cards are not upgradable once shipped to the users.
• No Single Point of Failures as the private keys are never stored in a single place.
• Cypherock X1 solves for the first time the inheritance problem with Crypto assets without compromising the privacy and control of the assets. (Coming Soon)
• Majority of the hardware wallets today only allow the user to store one seed phrase wallet per hardware. Cypherock X1 allows the user to store upto 4 different wallet seed phrases on a single Cypherock X1. Generate new wallets or use any of these 4 slots to backup your existing hardware and software wallets, thereby making them seedless too.
• Portfolio Aggregation: Backing up existing wallets allows you to manage your multiple wallets from a single interface i.e the Cysync App.

Website: https://www.cypherock.com
Security Audit Completed by Keylabs.io without any major vulnerabilities found. Read more - https://keylabs.io/cypherock

This thread is in continuation to https://bitcointalk.org/index.php?topic=5422455.0
A huge shout out to @Dkbit for asking genuine questions and recommending to start a dedicated thread.

Yes, we did raise $1M with investors like Consensys mesh, Orange DAO, Infinite Capital and more. Although, this is an old raise, we just decided to make it public now.
Reasons for the raise are listed below:

• Development of Cypherock X1
• reserach and development of Crypto Inheritance solutions
• Marketing the product

Thank you, we plan to be more active on Bitcoin talk and are planning on creating a Bitcoin Talk Thread, as suggested by you!

We are also in constant touch with Crypto Wallet reviewers. There have been a few reviews out and few in development as we speak. If you know someone or you would like to review our product we would be happy to discuss it further.

[/quote]

Noted. Will update this on website.


Sure, will do.


That makes sense.

Sure, will take a look.


Agreed. Never optimizing for vendor lock-ins. You can always export out your seed phrase into another wallet.

Thank you! Will do.


You can do it externally if you want and import your own seed phrase in Cypherock X1, so you don't rely on the wallet's entropy for the private key generation.


The cards are currently not compatible with any known wallets. However, you can communicate with the Javacards with your own Android, IOS or any other NFC enabled device. We plan to launch an open-source Android/IOS app as well that communicates with the cards. Here are the files - https://github.com/Cypherock/x1_wallet_firmware/blob/main/common/interfaces/card_interface/nfc.c, https://github.com/Cypherock/x1_wallet_firmware/blob/main/common/interfaces/card_interface/apdu.c


Not at the moment. We are building out our open-source SDK which should be out in January 2023 through which we will integrate with Electrum and other wallets.

Hello,
Can you add Cypherock wallet (https://cypherock.com) also in the list? Cypherock is building the World's 1st MPC based hardware wallet without a seed phrase.

Thanks!

Yes, we are shipping from India. Our complete assembly line is based here in India with parts sourced from different component manufacturers to avoid a single point of failure. We do not have free international shipping at this point. Correcting the same on the website as I write this. Thanks for pointing it out.


Thanks for this! We are using the ATECC608A right now because of the unavailability of the ATECC608B due to a global supply chain shortage. But our hardware is compatible with both of them.

We are inclined towards open sourcing that too. We just don't have a timeline for that at this point.


Well, you don't need all of the 5 shards together to spend your Bitcoins. You just need the X1 wallet and any 1 of the 4 X1 cards. If you are optimising for convenience, you can store an X1 wallet and X1 card together. If you want to optimize for security, just keep the X1 cards as geographically distributed as possible. Completely depends on the user. The UX difference with other hardware wallets is just that you additionally need to tap an X1 card to authorize a transaction.


Onramp is optional for the users to use. We will definitely keep this in mind before we decide to go ahead with the integration.


The Javacard is audited by SERMA SAFETY AND SECURITY ITSEF which are one of the World's best in Javacard security. Currently, it has been battle-tested over a period of 1 year of internal beta testing as well. Yes, if it ever comes to that, the cards will need to be replaced. But the same thing could be argued for a bug in the bootloader and secure element of some of the most popular hardware wallets since even they are not upgradeable. With Cypherock, at least your funds are not at risk since the private keys as a whole are never stored completely in the Javacards.


We know it is hard to quantify the security. The fact that your seed/private keys do not have a single point of failure at rest where most of the attack vectors exist for current hardware wallets. Given decent geographical distribution of the cards, we may even argue that the security delta might be even higher. We considered an average here. I would say the security delta is even greater for Bitcoin multisig.