Wired: How “bloccante” Exodus from HTC is planning to protect your cryptocurrency
At the end of the year we expect to see at least two blockchain smartphone Finney from Sirin Labs and Exodus from HTC, each with their own and a bit of a vague definition of what exactly is a smartphone on the blockchain. Phil Chen, head of the development of the Exodus, shared with Wired, his vision of the future of the blockchain in the industry of producing smartphones on Android, where HTC is considered to be a pioneer.
Chen says that while the main feature of the Exodus will be the safe storage of crypto-currencies, although the ambition of the project team larger than simple storage of bitcoins:
In a few years we will see a world in which people own their own personal data, where everyone understands the concept and Economics of digital ownership.
However, at the moment the main task of the Exodus is to show himself great hardware cryptocurrency wallet.
On the other hand, the smartphone seems the most appropriate place to store digital currency due to a wide range of malware and other threats. Also, the smartphone is easy to lose, and they often steal, so it is difficult to call such a device a perfect digital storage.
Even a simple Internet connection is too much, especially for investors who prefer to keep assets completely offline cold wallets. In any case, large amounts of cryptocurrency, decided to keep it so. Matthew green, a cryptographer from Johns Hopkins University and one of those behind the development of zcash for that cryptocurrencies with increased anonymity, said:
Phones are very promiscuous in the sense that they transmit a large amount of data, connect to a large number of networks, and we set the external application. They can be relatively safe, but not safe enough to keep using them a lot of money. But if you don’t carry a lot of money, you don’t need a special phone.
And yet, according to Chen, tens of millions of people use software wallets tied to centralized exchanges such as Coinbase. He says that “the old model of the Internet” centralized exchanges are constantly hacked, and the concentration data in closed ecosystems increases the price of the security.
HTC Exodus is aimed at compromise. It’s not really a cold wallet, but it at least allows the owner to use their own keys. Exodus does this by placing them in a so-called trusted execution environment, the part in the architecture of ARM processors, called TrustZone. This protected enclave (the secure enclave) is separate from the operating system and is designed to ensure the security of valuable data even in the event of a serious vulnerability.
The concept of the secure enclave is not new; Intel offers its implementation for the PC, but Apple uses to protect biometric data that is needed to unlock the iPhone. TrustZone has been around for many years and is commonly used for DRM protected content.
However, TrustZone is not a panacea to the issue of security. Simha Sethumadhavan, specialist in computer science from Columbia University, says: if someone claims that something is safe, there will always be people who want to dig a little deeper, so over the years there have been several attacks on TrustZone. One of them in the past year, conducted himself Sethumadhavan with Adriantm by Tung and Salvatore, Stolfo. They were able to describe in detail how to not only compromise the security of TrustZone, but also to change the code that is running in this safe environment.
To be clear: these attacks are hard to implement, and reliability TrustZone corresponds to what promises to advertising. Sethumadhavan says that this environment significantly raises the bar for attackers, and it’s better than storing data in an insecure environment (under it it involves the Android operating system in the broad sense). Chen agrees that it’s a matter of compromise:
100% security does not exist. There is always a balance between security and usability. We are just starting to explain to users that this is not 100% secure solution, but it’s the best available at the moment. This is our attempt to imagine something better on the market.
He adds that as long as the industry does not provide other options HTC is to believe that ARM and Qualcomm will provide the promised level of protection. Chen also acknowledges that Exodus would require the evaluation of the cryptography and cryptocurrency community:
In fact this is a beta version. We continue to orientirueshsya 30-35 million people who have wallets software, and which smartphone will be the best solution.
Chen argues that Exodus is more secure than cold storage, but podcherkivaet that it offers greater ease of use. There is no dust on your hard drive, awkward interface, as it does not require connection to a laptop via USB.
In addition, Exodus will offer a new type of recovery keys, which often consist of a series of words (mnemotechnical phrase) needed in case you lose access to your wallet. If you lose your wallet and your recovery key, you officially lose all your money in this wallet. It is important to note, because many people every two or three years lose or break their smartphones.
The company HTC solution allows you to distribute a key among three to five people you trust (to do this, all you need to download the application). You don’t need their help to make transactions, but they are very useful if you lose your phone. Chen explains:
The solution is built around the fundamental principle of using keys. I want to emphasize that this is a very difficult problem. People are not used to hold keys. People used to call Apple or Google.
Of course, the delegation of this power in the hands of users and their friends to the philosophy of the Exodus, but immediately raises several questions. What if you’re arguing with one of those friends, or some of them will buy a new phone or delete the app, or dies? Do this backup your backup?
Yet. Chen calls this a “version 1.0” and notes that there are other backup options, but they are still under consideration. That sounds about right, but it’s better than nothing.
The smartphone Exodus remains a lot of questions, especially in relation to long-term development of company of this product. HTC is still trying to understand how exactly the smartphone on the blockchain can change the world. But at least the company has the answers to the question of how to do it safely.