What is a software cold wallet? A brief analysis of the principle and security differences of hardware and software cold wallets

0

 121 total views

Hardware cold wallets are the mainstream in the current market, but software cold wallets are more economical and flexible, and have a higher degree of trustlessness.

Original title: “Hardware cold wallet to the left, software cold wallet to the right”
Written by: Tan Guopeng, founder of Ownbit

In the past two days, the user data leakage of hardware cold wallet manufacturer Ledger has been raging. I took a look at the leaked data, and my name and information are also listed! Obviously, data leakage has caused a violation of the interests of users, but I think it is more worthwhile to discuss the direction of hardware wallets.

Before, I also used Ledger. Later, because of the shortcomings of hardware cold wallets and the rise of software cold wallets, I decided to become Ownbit software cold wallets.

Software cold wallet

Unlike hardware cold wallets, software cold wallets use pure software to implement the cold wallet function. Users need to use two mobile phones , one of which is permanently offline, as a cold wallet to store private keys (mnemonics). The other is connected to the Internet and used as an observation wallet.

Software cold wallets and hardware cold wallets implement the same functions and have similar security levels. But they have some notable differences:

  1. Software cold wallet can use idle mobile phones without additional hardware;
  2. The hardware cold wallet transmits data via a data cable or Bluetooth, while the software cold wallet scans the QR code;

Trusted mnemonic

Software cold wallets can achieve more complete trust-free (that is, no need to trust software developers), and users can prove the absolute security of their wallets by themselves.

In asset security, the first thing to bear is the security of mnemonics. In the security of mnemonics, the first confirmation is the randomness of mnemonic generation. If you use a hardware wallet from a malicious hardware manufacturer (or has a bug), you may have fallen in the first step. Because the mnemonic words you get may not be random, pre-generated, or pseudo-random .

Hardware cold wallets cannot prove to users that they are safe at this point. We continue to use hardware wallets based on trust in the hardware manufacturers, which is fragile in the world of digital currencies. The software cold wallet can give proof.

When using a software cold wallet, you can choose to trust the software and let it help you generate mnemonics. You can also choose not to trust the software and generate mnemonic words elsewhere. Then generate a cold wallet by offline import. Because the cold wallet device is permanently offline, there is no possibility of data transmission to the Internet (the only interaction is through the QR code scanning and the clear text transmission between the observation wallet, which can be reviewed), so the security of the mnemonic phrase has been absolutely Protection.

Therefore, the security of the mnemonic phrase of the software cold wallet is higher than that of the hardware cold wallet .

Bluetooth vs QR code transmission

The data transmission method of hardware cold wallet and software cold wallet is also very different. Generally speaking, the hardware wallet is connected to the mobile phone software via Bluetooth. The software cold wallet uses QR code scanning for data transmission.

The advantage of the Bluetooth transmission scheme is that the amount of data is unlimited . This is the shortcoming of QR code transmission. Because the information that a QR code can contain is limited, this shortcoming is particularly prominent for scenarios with large data transmission. For example: large bitcoin transactions (large number of UTXOs).

The disadvantage of the Bluetooth transmission scheme is that the security is lower than the two-dimensional code transmission . Its weak security mainly comes from two aspects. On the one hand, different Bluetooth protocol versions may have known or unknown bugs, and in certain scenarios, there may be security risks. Another point is that the Bluetooth transmission scheme leaves the possibility of interference and attacks by other devices. Within a short distance (within 10 meters), conduct targeted interference or attack through other Bluetooth devices. This is completely absent in the QR code transmission scheme.

Another weakness of Bluetooth transmission: poor auditability. And this is also a huge advantage of QR code transmission. Users can view all the content transmitted through the QR code in plain text to confirm that any transmitted information is safe. This can allow software cold wallet solution providers to achieve trustlessness, that is, users can ensure that their private keys (mnemonics) are not leaked at the data transmission level, without having to trust the provider or developer of the solution, or even worry Possible bugs in the software itself.

Economy and flexibility

Software cold wallets can use idle mobile phones as cold wallet storage without purchasing additional hardware. Therefore it is more economical.

More importantly, software cold wallets are more flexible than hardware cold wallets. Usually software cold wallets can implement more complex functions than hardware cold wallets, such as multi-sign cold wallets.

The flexibility of the software cold wallet also makes it more advantageous in terms of asset recovery. If your hardware wallet is damaged, you need to purchase hardware from the same manufacturer for hardware recovery. With software cold wallets, there is no such concern.

Closed and open

Software cold wallets are more open than hardware cold wallets. The way of transmitting data through two-dimensional code can define standards in a wider range and realize the interconnection between different software cold wallet manufacturers. However, this cannot be achieved through data cable or Bluetooth transmission.

Two schemes of wallet ecology

At present, although the main cold wallet products are still based on hardware cold wallets, they are being impacted by software cold wallets.

Hardware cold wallet:

  • Ledger is the most well-known hardware cold wallet solution provider;
  • Trezor is another well-known hardware cold wallet provider;

Software cold wallet:

  • Ownbit is the earliest wallet to implement the software cold wallet solution and one of the wallets that supports the most cold wallet currencies;
  • Parity Signer is an Ethereum software cold wallet produced by Parity;

future

The direction of the development of things is always to simplify things. More and more cold wallets are being implemented in software.

Just like most people do not need additional hardware to read (e-books), because the mobile phone itself can also read. It is an inevitable trend to replace professional hardware with more common devices (mobile phones)! Because they are similar in function, or even better!