How Cypherock provides stress free wallet updates

November 07, 2022 7 min read
How Cypherock provides stress free wallet updates

Software updates are a crucial element in improving overall product quality and capabilities, as well as offering security updates and bug fixes. Within the world of crypto, there is a natural sense of skepticism that comes with anything related to wallets. Scammers have found novel ways to phish cryptocurrencies from individuals from verified Twitter accounts posting fake mint websites to sending emails that report a crucial security update on platforms like OpenSea and Metamask. Cypherock’s architecture is designed in such a manner that any updates pushed by the development team cannot impact the funds of users that use Cypherock X1.

Software wallet updates for example, pose a vulnerability where if a malicious update has been pushed, it is possible that funds are compromised due to the private key being stored locally on the device the software wallet is associated with. In the case of a hardware wallet, the private keys tend to be stored in one single location. Although extracting the private keys directly is harder, it is possible that an update may make a user sign a malicious transaction due to not verifying the correct update. Regardless of the type of wallet, the vulnerability lies within the single point of failure of having the private key stored within a single place.

Cypherock ensures the safety of funds at an architectural level that cannot be compromised by any form of a software update. Cypherock uses a decentralized architecture to manage private keys. This means that the private key of the wallet is not stored in any one place - eliminating any single point of failure. Cypherock uses Shamir Secret Sharing to split the private key into 5 shards which are independently stored on 5 hardware components - 1 X1 wallet and 4 X1 cards. To recreate the private key, any 2 out of the 5 shards are required - any 1 X1 wallet and 1 X1 card or 2 X1 cards.

When Cypherock publishes any new updates to the X1 Vault, the update will only affect the X1 Vault and not the X1 Cards. The X1 cards are never upgradeable and will always remain cold. This feature is implemented to improve the capabilities of the X1 Vault without ever having to worry about a user’s private key being compromised since the private keys are shared and the complete private keys are never permanently stored on upgradable hardware. So, if an attacker were to somehow push a malicious update on the Cypherock X1 wallet, they would need to physically compromise one of the X1 Cards to be able to gain access to the private keys of the wallet and authorize any transactions. Additionally, Cypherock is open-source and has had its firmware builds verified by Wallet Scrutiny which checks that the same open-source code is the one running on the hardware.