Apple's CryptoKit is related to cryptography, but not to password currency

Apple released a new " CryptoKit " framework at the recent Global Developers Conference (WWDC 2019). Through this framework, software developers can safely and efficiently execute specific encryption algorithms in Apple's upcoming new systems, iOS 13, macOS 10.15 and tvOS 13.

This news excited the friends of the currency circle.

As we all know, the encryption algorithm is an important foundation for the realization of the blockchain technology, so this incident has also caused a lot of repercussions in the cryptocurrency community, and even exaggerated remarks that Apple may develop a cryptocurrency wallet. But in fact, CryptoKit is related to cryptography, which means that more and more algorithms and more hardware encryption schemes may be supported in the future, but this has little to do with cryptocurrency.

Viktor Radchenko, founder of Trust Wallet, which was acquired by the currency, commented after Apple released CryptoKit:

It’s just a few steps away to turn your phone into a hardware wallet.

But another blockchain developer, Ronald Mannak , poured a cold water:

  • CryptoKit is a "cryptography" framework, but not a framework for "cryptocurrency." The release of CryptoKit does not imply that Apple is changing its attitude towards cryptocurrencies.
  • Apple already had a cryptography framework "CommonCrypto", but CryptoKit is more powerful. CryptoKit is a more friendly framework for the Swift programming language and includes more hashing algorithms, such as the SHA256 that is expected.
  • The functionality of CryptoKit does not necessarily require the "Secure Enclave" coprocessor (currently available on iOS devices and some Macs).
  • Similar to the CommonCrypto framework, if the device does not integrate Secure Enclave, CryptoKit will roll back and use the keychain | Keychain feature built into Apple's device to handle the encryption algorithm instead.
  • As you can see from the current development documentation, Secure Enclave only supports the elliptic curve of secp256r1 (also known as prime256), not the secp256k1 commonly used by Bitcoin, Ethereum and other blockchains. Unless you upgrade your hardware in the future, it is impossible for your iPhone to become a hardware wallet.

  • Furthermore, even if CryptoKit supports secp256k1, which is commonly used in blockchains, the private key generated by CryptoKit cannot be read by the outside of Secure Enclave. You can use this private key (via CryptoKit) to generate a public key or perform a message signature, but you can never get the private key itself. So there is no way to back up this private key, this limitation may be very inconvenient for the use of the wallet.
  • CryptoKit is a great new feature for Swift developers, but it's not the kind of change that the cryptocurrency community wants.

In CryptoKit, Apple has added some common encryption algorithms. In the development documentation, Apple introduced it like this:

Use CryptoKit to perform common encryption algorithms:

  • Calculate and compare security summaries
  • Create and compare digital signatures with an "asymmetric" encryption algorithm, or perform an operation to exchange public keys
  • In addition to storing keys in memory, you can also store and manage private keys in "Secure Enclave"
  • Create a "symmetric" key and perform functions such as verification or encryption of messages
  • The CryptoKit framework is more recommended than the underlying interface. CryptoKit manages pointers for developers and automatically handles tasks that make the app more secure, such as overwriting sensitive data during memory release.

Look closely at the encryption algorithms supported in the documentation, mostly common and standard encryption algorithms published by the National Institute of Standards and Technology (NIST).


  • AES-GCM symmetric encryption algorithm
  • ChaCha20-Poly1305 symmetric encryption algorithm
  • HMAC message authentication algorithm
  • The second generation of secure hash algorithm SHA-2 series, including SHA-512, SHA-384, SHA-256
  • Asymmetric encryption algorithm (also known as public key encryption algorithm), including Curve25519, P-521, P-384, P-256 four elliptic curves

And developers can call the Secure Enclave's own P-256 algorithm for hardware encryption and decryption.

Secure Enclave (Security Zone) is the Apple A7 (first integrated in the iPhone 5S to ensure the security of the "Touch ID") or a coprocessor integrated in the later A-series processors, which is a data protection key Management provides all cryptographic operations to maintain the integrity of data protection even when the kernel is compromised. And the keys generated inside Secure Enclave use real hardware random number generators.

Although Bitcoin uses many cryptographically related algorithms, the most important ones are at least two: SHA-256, secp256k1.

  • SHA-256 is the second generation of secure hashing algorithms. Bitcoin is also used in more than one place, such as when calculating workload proofs (PoW).
  • Secp256k1 is an elliptic curve in the asymmetric encryption algorithm. The private key of Bitcoin can generate the corresponding public key through the algorithm.

It is a pity that the elliptic curve of the P-256 supported by Secure Enclave is secp256r1, not the secp256k1 used by Bitcoin. This means that it is impossible to turn an existing Apple device into a hardware wallet. Even if you can develop a software wallet on an Apple device, you can't use the CryptoKit framework. You need to implement or use a third-party code base yourself.

CryptoKit is still in the Beta phase, and this is the first release from Apple, so this is just the beginning.

Apple's independent framework for handling cryptographically relevant algorithms is a definite and far-reaching decision that may support more and more algorithms and provide more hardware encryption in the future. However, at the current stage, the popularity of blockchain technology is still relatively limited.

Interestingly, CryptoKit and CryptoKitties (a fascinating cat, one of the most popular collection games based on Ethereum ) have only four letters of the last ties, which is why this is why CryptoKit has a relationship with the currency.

Refer to the documentation for Secure Enclave :

Written by: Pan Zhixiong

Source: Chain smell