Why has Ledger Recover reached a dead end?

Why has Ledger Recover hit a dead end?

On June 6, Kane Wang, the VP of Safeheron technology, wrote a column in Forkast News exploring the reasons behind the controversy surrounding Ledger Recover.

Hardware wallet provider Ledger quickly canceled a controversial new feature on its Nano X firmware a few days after it was announced. In response to strong protests from the Web3 community, Ledger promised to open source more code libraries, and its core operating system and the Ledger Recover, at the heart of the vortex, will be the first batch of open source sections.

The initial purpose of Ledger’s new feature was to make it easier for users to manage their own assets by splitting the private key mnemonic into three parts and backing it up by three platforms, making it easier for users to recover their private keys. However, the Web3 community, which advocates privacy and autonomy, was surprised by this move, and the market reaction was completely opposite to expectations. At first, Ledger’s CEO insisted that non-Web3 users needed such a feature, but in the end, he could not resist the public opinion.

This new feature by Ledger has generated a lot of public discussion, indicating that at least for the Web3 community, user experience should not be optimized at the expense of security, and user experience and security must be carefully balanced. Especially for blockchain companies, if they position themselves on the wrong side, no matter how simple and easy-to-use their products are, they will gradually move away from Web3 users. For Ledger, this is a public and profound lesson that we should learn from.

• Overview of the LSDfi Protocol Swell: How to Participate and Evaluate?
• What did the US CFTC’s victory in the world’s first DAO case release?
• Hinman Memo Unsealed: SEC Official Expresses Concern Over “Ethereum is Not a Security” Declaration

Why did Ledger Recover backfire?

Why is the encryption community so angry about Ledger Recover? Hardware (cold) wallets are usually considered one of the safest ways to store encrypted assets, but Ledger’s recovery feature violates several basic principles that secure hardware vendors should follow – security.

First of all, the optional recovery service is based on the user’s identity ID, which means that the service requires users to provide KYC information. However, stealing identity ID information is far more common than imagined, and malicious actors may obtain users’ identity information, thereby gaining access to users’ assets, which provides a new attack vector for Ledger hardware wallets.

Secondly, Ledger’s updated recovery firmware divides the user’s mnemonic into three encrypted fragments, each of which will be stored by a platform, however, Ledger did not disclose all participating platforms. This not only exposes users to potential risks from third-party services, but users do not even know which other third-party provider is, because Ledger initially only disclosed two platforms participating in this recovery service, and users cannot choose which protector to trust.

I believe that based on Ledger’s long-established good reputation, it has a high level of trust within the Web3 community. However, the decision not to disclose all third-party platforms during the initial launch of Ledger Recover (although now all have been disclosed), coupled with the fact that the implementation technology of the current recovery function is still in a black box state, has indeed undermined the trust it has long established with users. Now, Ledger has promised to open source this technology, which is undoubtedly a step in the right direction. However, there are still skeptics before it is officially open sourced.

Another crucial point is that although Ledger’s recovery function does provide new options for users who want to back up their mnemonic phrases, the function still does not solve the single point of failure problem of private key usage.

The recovery process of Ledger Recover is as follows:

STEP 1

A single private key will be generated in the user’s Ledger wallet

STEP 2

Ledger will split the mnemonic phrase of the private key into three parts and distribute them to three platforms for safekeeping

STEP 3

If the user wants to restore the original mnemonic phrase / original private key, they only need to use two of the mnemonic phrases to restore the wallet’s single private key

However, when using a hardware wallet, the private key is still a single entity, so splitting the mnemonic phrase cannot solve the single point of failure problem when using a hardware wallet.

Balancing user experience and security

So can Ledger avoid this controversy? Balancing user experience and security is not easy, but not impossible, and a multi-party computation (MPC) wallet may be a better choice.

Usability

As a key consideration, MPC technology can not only effectively improve wallet security, but is also very convenient to use. More and more wallets are adopting MPC technology to provide higher security. The MPC protocol directly generates multiple encrypted private key fragments instead of generating a single private key. Each party keeps a private key fragment, and all signers need to approve and sign when conducting transactions. From the generation of private key fragments to the use process, the private key has never existed as a single complete private key, effectively eliminating single point risk. At the same time, the generation of private key fragments does not require any operation by the user, which means that using an MPC wallet is no different from using a regular wallet, but can enjoy higher security protection.

Compatibility

When balancing user experience and security, compatibility is an unavoidable topic. Most Web3 users have multiple wallets, so compatibility between different wallets is crucial for user experience, and MPC wallets are compatible with other types of wallets. MPC wallet users do not need to obtain additional permissions and can choose their own recovery tools/methods, such as open source offline recovery tools and using private key sharding to recover the original private key. After recovery, the obtained private key can be imported into other non-MPC wallets and normal wallet usage can begin.

It is worth mentioning that software wallets and mobile apps that adopt MPC technology can easily generate private key shards and simplify the transaction signature process. At the same time, for institutional users, Web3 developers are constantly optimizing products and providing more functions that meet the needs of institutional usage scenarios, such as helping institutions easily control internal access and authorization.

Of course, any innovation may face bottlenecks or problems. If wallet service providers have cloud-based MPC nodes, they need to bear higher costs. In addition, compared to the network and device requirements of single private key wallets, MPC wallets have higher network and device performance requirements. If the network or device cannot meet the technical requirements, the efficiency of the entire transaction process will be affected. Therefore, the threshold for adopting MPC technology solutions is higher.

Overall, through the Ledger Recover controversy, we can see that when companies sacrifice security in order to improve user experience, the market’s response and the expected effect of attracting users are counterproductive and increase users’ distrust of the brand. Obviously, security and protecting user assets must always be the primary consideration.

For me, the development of this event has once again deeply impressed upon me the growing power of decentralized narratives. The Web3 community has always firmly conveyed an idea to the market: openness, collaboration, and community are of the utmost importance.

We will continue to update Blocking; if you have any questions or suggestions, please contact us!