Original source:Safeheron
Original source:
On June 6, Forkast News published a column article by Safeheron Technology VP Kane Wang, discussing the reasons behind Ledger Recover's controversial dilemma.
Just days after announcing a controversial new feature in its Nano X firmware, hardware wallet provider Ledger has been quick to remove the feature. In response to the outcry from the Web3 community, Ledger has promised to open source more of its codebase, with its core operating system and Ledger Recover at the center of the deep vortex being among the first to be open sourced.
Ledger originally introduced this new feature to make it easier for users to manage their own assets by themselves, by splitting the private key mnemonic phrase into three and backing it up by three platforms, making it easier for users to recover their private keys. However, the Web3 community, which advocates for privacy and autonomy, was surprised by the move, and the market reaction was exactly the opposite of what was expected. At first, the Ledger CEO insisted that non-Web3 users need such a feature, but ultimately could not resist the condemnation of public opinion.This time, the new function of Ledger can attract public discussion, which shows that,Especially for blockchain companies, if they position themselves on the wrong side, no matter how easy to use the product is, they will drift away from Web3 users. For Ledger, this is a public and profound lesson, and we should also learn from it.
first level title
Why Ledger Recovery BackfiredThe recovery feature proposed by Ledger violates a fundamental principle that secure hardware vendors should be guided by — security — at several key points.
first,first,Optional recovery services are based on user ID,
That is, the service requires users to provide KYC information. However, stealing ID information is far more common than imagined, and malicious parties may obtain user identity information, thereby gaining access to user assets, which instead provides a new attack method for Ledger hardware wallets.Second, Ledger's updated recovery firmware divides the user's mnemonic into three encrypted fragments, each of which will be stored by a platform,However, Ledger did not disclose all participating platforms.
This makes users not only need to face the potential risk of relying on third-party services, but users do not even know which institution the other third-party provider is, because Ledger initially only disclosed the two platforms participating in this recovery service, and users cannot choose to go Which protector to trust.
I believe Ledger enjoys a high level of trust in the Web3 community based on the solid reputation it has built over time. However, choosing not to disclose all third-party platforms when Ledger Recover was originally launched (although they are now fully informed), combined with the fact that the current implementation technology of the recovery function is still a black box state, has indeed undermined its long-established trust with users . Now, Ledger has committed to open sourcing the technology, which is certainly a step in the right direction. But before the official open source, some people will still be skeptical.This feature still does not solve the single point of failure problem of private key usage.
secondary title
STEP 1
The recovery process of Ledger Recover is as follows:
STEP 2
A single private key is generated in the user's Ledger wallet
STEP 3
Ledger splits the mnemonic for that private key into three and distributes them to three platforms for safekeeping
However, when using a hardware wallet, the private key still exists as a single entity, so sharding the mnemonic does not solve the single point of failure problem when using a hardware wallet.
first level title
Balancing User Experience and SecurityBalancing user experience and security is no easy task, but it is not impossible, and a secure multi-party computation (MPC) wallet may be a better choice.
secondary title
secondary title
compatibility
compatibility
Compatibility is an unavoidable topic when weighing user experience and security. Ordinary Web3 users mostly have multiple wallets, so compatibility between different wallets is crucial to user experience, and MPC wallets are already compatible with other types of wallets. MPC wallet users do not need to obtain additional permissions, and can choose recovery tools/methods by themselves, such as open source offline recovery tools, which use private key sharding to recover the original private key. The private key obtained after recovery can be imported into other non-MPC wallets, and the wallet can be used normally.It is worth mentioning that software wallets and mobile apps using MPC technology can easily generate private key fragments and simplify the transaction signing process.
At the same time, for institutional users, Web3 developers are constantly optimizing products and providing more functions that meet the needs of institutional usage scenarios, such as helping institutions easily control internal access and authorization.
Of course, any innovation may face bottlenecks or problems. If wallet service providers have cloud MPC nodes, they need to bear higher costs. In addition, compared to the network and device requirements required by single private key wallets, MPC wallets have higher requirements for network and device performance. If the network or equipment cannot meet the technical requirements, the efficiency of the entire transaction process will be affected. Therefore, the threshold for adopting the MPC technical solution is higher.
All in all, through the Ledger Recover controversy, we have seen that when companies sacrifice security in order to improve user experience, the market's response runs counter to the expected effect of attracting users, and instead increases users' distrust of the brand. Clearly, security and protecting user assets must always be a top priority.
