The Blockchain phones are coming soon, that's for sure. The Sirin Labs Finney and the HTC Exodus are both expected by the end of the year, each with its own, sometimes vaguely defined, meaning of exactly what that term means. Phil Chen of HTC, who led the development of Exodus, has at least begun to fill in the blanks of how Exodus will do his trick: keep cryptocurrency safe.
The Exodus has higher ambitions than mere memorization, of course. "A few years down the road, we see a world where people have their identities and data, where everyone understands the concept and the digital property economy," says Chen, HTC's decentralized chief executive. For the time being, however, the main concern for the intended audience of the Expo is how well it functions as a hardware portfolio.
What until now was a bit of a question mark. After all, a smartphone seems like an inappropriate place to store digital currency. Android phones, in particular, present inherent security risks, subject to a broad assortment of malware and other targeted threats. Even smartphones, as one can be personally and painfully aware, tend to get lost or steal, at least more than is ideal for what aspires to be a vault of a digital bank.
"We see a world where people have their identities and data, in which everyone understands the concept and the economy of digital property."
Phil Chen, HTC
In fact, even the simple Internet connection act goes too far for cryptocurrency protective investors, who prefer to keep their resources in the so-called cold storage portfolios, which remain entirely offline. If anything, cryptocurrency storage has been on an extreme trend, with some enthusiasts opting for Faraday cage surrounds.
On the contrary, by inserting the cryptocurrency – in particular, the private keys needed to access it – in an Android the phone may seem to be the equivalent of putting your money aside not under the mattress but above it, and then place the mattress on a fairly busy street corner.
"The phones are very promiscuous in the sense that they transfer a lot of data, they connect to many networks, we install third-party applications on them, they can be made relatively safe, but they are not the safest thing to carry around a lot of money, "says Matthew Green, a cryptographer at Johns Hopkins University who is affiliated with a privacy-focused cryptocurrency called Zcash. "And if you're not carrying a lot of money, you do not need a special phone."
Yet tens of millions of people are already using software portfolios, Chen says, linked to centralized exchanges like Coinbase. "What is obvious in the old model of the Internet is that centralized cloud systems are very hackerable," says Chen. "Centralized honeypots are continually being violated – the concentration of data in enclosed gardens increases the cost of security."
The HTC Exodus is aiming for something compromised. It's not a cold enough warehouse, but at least it allows users to keep their keys. It does this by placing them in a so-called trusted execution environment, a part of an ARM chip called TrustZone. The secure enclave is separated from the operating system, designed to inoculate the valuable load even in the event of a larger breach. Consider it as the panic of a smartphone.
The concept of a secure enclave is not new; Intel has offered one for PC for a while, and Apple uses one to protect the biometric data – the fingerprints and the face – that it uses to unlock the iPhone. TrustZone has also been in use for years, commonly used by recording studios and the like to block DRM-protected content.
It's a good answer like any other hour and preferable to HTC trying to build its own solution from scratch. But TrustZone is not a security panacea. "If someone says that something is safe, a lot of people try to penetrate it," says Simha Sethumadhavan, a Columbia University computer scientist. "Over the years there have been several attacks on TrustZone."
This includes one of Sethumadhavan, who along with co-authors Adrian Tang and Salvatore Stolfo published a research last year describing how not only to interrupt the security of TrustZone but to alter the code running the environment sure.
To be absolutely clear: these attacks are difficult to implement and TrustZone generally works as advertised. "Significantly increases the bar for the attacker," says Sethumadhavan. "It's better than putting it in the insecure world, for sure," he adds, referring to the broader Android operating system.
Chen, too, refreshingly recognizes the compromises involved. "There is no 100% security, it's always a balance between security and usability," he says. "We are still at the beginning of the training of users that this is not a 100% secure solution, but at the moment it is the best so far, it is our attempt to do something that is best off the market."
unless the industry opens everything, Chen says that HTC must take as a trusted article that ARM and chip maker Qualcomm will provide the security they promise. Recognizes that the HTC Exodus hardening will also require input from the cryptographers and the wider cryptocurrency community. "It's really a beta," he says. "We're still targeting 30-35 million people with software portfolios, and this is a much better solution."
And while Chen would not argue that Exodus is safer than the cold, he does underline that it offers a much better usability. You can not remove dust from a hard drive and connect it with USB to the laptop and force yourself through a clumsy interface.
The HTC Exodus will also offer a new way to recover keys, which are often a series of words that need to be entered in case you lose access to your wallet. If you lose both your wallet and your recovery keys, you have officially lost everything.
That dynamic is particularly clear with smartphones, which, when you do not lose them or break them periodically, are actively replacing every two or three years.
The security proposed by HTC: you can divide your key from three to five people you trust, each of which will have to download an app to make it work. You will not need their help to assign the transactions, but you will do it if you lose the phone. "It's about this fundamental principle of users who own their keys, I want to emphasize that this is a very, very difficult problem, people are not used to owning their keys, people usually call Apple or Google," says Chen.
Putting this power into the hands of users and their friends is certainly in line with the HTC Exodus philosophy. But it also raises several immediate flags: what happens if you have a fall with one of those friends, or you take a new phone, or delete the app, or die? Does the backup have a backup?
Not yet. "This is version 1.0," says Chen. "There are other backup plans we thought about, but they are not yet part of the solution."
It sounds terrible, but it's at least something. If you are in a similar situation with a cold storage portfolio or with Sirin Labs' Blockchain Finney phone, you generally have no options.
There remain many questions about the HTC Exodus, particularly regarding the long-term vision of the company to revolutionize the way people relate not only to their cryptocurrencies, but to their data and identity . HTC could still understand how the smartphone blockchain will change the world. But at least he has some answers on how to make it safe.