The history of crypto security is the history of crypto hacks and thefts. The promises of crypto are grand but the practical implementation leaves a lot to be desired. Those who have been in the crypto space for a while are well aware of the adages “not your keys, not your crypto” and “code is law”. While these theories are great on paper, if the applications we use to interact with our crypto are lacking then the consequences can be disastrous. The amalgamation of these theories creates a powerful but high-stakes situation: lose your keys due to negligence or theft and your crypto is gone, do something wrong wittingly or unwittingly and your crypto is gone. We will look at some of the biggest shortcomings in this article and explain how Ryder addresses these issues.

Seed phrases are a single point of failure, these are often lost or stolen

Seed phrases were a bit of a revolution when they were first introduced. Suddenly, you no longer need to juggle wallet files to create backups of your precious crypto wallet. Instead, you write down 12 to 24 words on a piece of paper and you are good to go. Seed phrases are almost magical: an incantation that unlocks a wallet containing a virtually unlimited number of addresses and accounts. While seed phrases were indeed a vast improvement over what came before, the seed phrase backup essentially represents all of a person’s crypto wealth infused into a single bill. If we have to make a comparison, it is as critical and valuable as taking out a bank draft equal to the entire amount of your bank accounts and hiding that somewhere at home. It is an enormous responsibility to manage safely. Compound that with the most serious weakness of a seed phrase of them being all or nothing and you have a recipe for disaster. If you misplace it and you did not create multiple copies, then your wallet is lost. It makes a lot of people store them on a computer or phone as a text file or picture to prevent them from losing it, opening themselves up to theft. Attackers have found many creative ways to steal seed phrases, hunting for juicy payouts.

Ryder introduces a new backup mechanism called TapSafe. Instead of a providing seed phrase, it splits a wallet into multiple shares using an algorithm called Shamir’s Secret Sharing. These shares cannot individually be used to guess or brute force the original wallet private keys. Since each individual share is not a single point of failure, they can more safely be stored in different locations. What makes TapSafe powerful is that you can collect any combination of shares as long as you reach a predefined minimum number. Shares are stored on recovery tags and mobile phones, transmitted via NFC. It is completely offline and self-custodial. Users can optionally give a share to their friends and family so that they can help them recover access to their wallet. We call this social recovery.

How does TapSafe Recovery work as a replacement for seed phrases?

TapSafe Recovery creates a secure backup with redundancy by splitting your wallet source entropy into multiple secret shares using a Shamir secret sharing algorithm. In order to fully appreciate the ingenuity of TapSafe, let us first look at how a modern wallet is generated and used. When a user creates a new wallet, the wallet software or hardware does the following:

1. The wallet generates 32 bytes of random data. It is important that the quality of this random data is high. (If not, this can lead to loss of funds.) This sequence is called the master entropy.
2. A checksum of the master entropy is calculated and appended to the sequence. It ensures that a mistake in copying the data can be detected.
3. The sequence including the checksum is split into groups of 11 bits, which effectively turns the sequence into a list of numbers between 0 and 2047.
4. The numbers are used as the index to take words from a word list. The word list is normally the BIP39 English word list.
5. After turning all numbers into words, we are left with a phrase commonly referred to as the mnemonic or seed phrase. It is this phrase that wallets ask the user to write down.
6. The seed phrase is used to generate the master seed, which forms the basis of the modern wallet, by passing it through a key stretching function called PBKDF2. This step of the process is slow on purpose to make it much harder to guess wallets.
7. The master seed is then used as the input to derive keys for specific blockchains. The derivation path decides which key to derive. This process is deterministic which means that the same path always produces the same key.
8. The derived keys are used to sign transactions and interact with blockchains.

TapSafe Recovery is compatible with the above process to guarantee maximum ease of use for both new and existing wallets. It means that you can import existing seed phrases to Ryder One and then switch to TapSafe recovery and the seed phrase can also be provided for advanced users. With TapSafe recovery, we backup the master entropy instead of the seed phrase, which is the very first step in the chain and makes the backups a lot smaller and more flexible. Ryder One generates master entropy in the same secure way as other hardware wallets, but then securely splits it using an industry standard and audited Shamir sharing algorithm called SSKR. Ryder chose Shamir secret sharing because it has two important properties: first, the individual shares reveal nothing about the secret that was split; second, it allows for recovery of the secret using any combination of shares as long as the threshold is met. TapSafe recovery splits a secret over multiple shares with a threshold of four. It means that any four shares can be used to recover your wallet. What makes TapSafe unique when compared to other Shamir backup schemes is that we introduced a weighted mechanism and made it possible to create more shares in the future. Shares that are written to the recovery tags and the user’s own paired mobile phones have a weight of two, whereas shares written the mobile phones owned by the user’s social circle have a weight of one. This combined with the ability to create more shares over time means that the user can achieve great backup redundancy to make sure they never lose access to their wallet. Ryder One also reminds the user to keep their backups in order and allows one to easily verify if the backup is still good and proper.

People have been conditioned to sign transactions they cannot see

Blockchain transactions are data inputs that are processed by programs. Most of them, by their very nature, are not human-readable in and of themselves. It means that wallets have to make an effort to decode transactions and display them in a way that the user can understand. Doing this is not a problem for simple transactions. For example, a transaction that expresses sending a number of tokens from the sender to a recipient can be represented graphically quite easily. However, it quickly becomes a problem for more complex transactions. Doing a swap on a DeFi project involves a contract call transaction with a large number of input parameters. Many software wallets already have issues displaying these transactions in a way users understand, but for hardware wallets, the problem is even greater. Most current devices lack any capability to display these transactions and instead, just show a forgettable warning that data is present. To illustrate, this is what a contract call transaction on the most popular wallet, the Ledger Nano X, looks like: