The Cold Wallet controversy

As Ledger faces public backlash, let’s take this opportunity to remind ourselves what a seed is, the concept of cold/hot wallets, and how BTC transactions work.

The Ledger Recover fiasco

The storm surrounding Ledger Recover hasn’t subsided yet. This new service would allow Ledger to access their customers’ seeds, split them into three encrypted pieces, and store them with three different companies.

The goal is to enable users to recover their seed in case they lose all their personal backups. However, to do so, they would have to reveal their national identity card and scan their face using facial recognition software.

“Technically speaking, it is and always has been possible to write firmware that facilitates key extraction. You have always trusted Ledger not to deploy such firmware, whether you knew it or not,” Ledger said in a now-deleted tweet.

This sparked outrage as it breaks the fundamental promise that the seed would never be accessible. Even if everything is done by the book, Ledger would still be compelled to reveal the seeds to the authorities, if necessary.

CTO Charles Guillemet announced on Tuesday that they are suspending everything temporarily to create protocol documentation: “Open-sourcing has always been at the core of our roadmap, and recent events emphasize the importance of accelerating our initiative to bring greater verifiability to everything we do at Ledger.”

While many bitcoiners are migrating to the competitor Trezor, let’s go back to the basics. First and foremost, let’s clarify that wallets don’t actually contain bitcoins. BTC exists as a large ledger of UTXOs (BTC attached to public addresses).

The approximately 100 million UTXOs are updated by Bitcoin network nodes whenever miners propagate a new block of transactions.

It’s often said that BTC changes addresses, but it’s more accurate to say that BTC changes public keys during a transaction. Addresses are hashed versions of public keys.

Public/Private key pair

Bitcoin transactions rely on a cryptographic technique known as “public key cryptography.” Two keys come into play: a private key and a public key.

The concept of a BTC transaction is similar to a safe with two locks. Imagine that UTXOs are safes containing BTC (which is essentially just a number…).

During a transaction, BTC is assigned to a public key (an address). The analogy is that the BTC is in a safe locked with that public key. The beauty of the system is that only the recipient who possesses the private key corresponding to that public key can open the safe. Only they can unlock the BTC and assign it to a new public address through a new transaction.

In jargon, using the private key to execute a transaction is called “signing” a transaction. This private key is known as the “seed.” It’s the original key to your wallet. All other private keys in your wallet (and their corresponding public keys) are derived from it.

In other words, every time you create a new “address” in your wallet, you’re actually creating a new pair of private/public keys.

xPubs & xPrivs

The concept of private/public key pairs lies at the heart of Bitcoin’s operation. Private keys are used to sign transactions, while public keys are used to receive transactions.

Your wallet can generate an infinite number of key pairs. These are referred to as xPubs and xPrivs.

• xPrivs stands for Extended Private Key (derived private key from the seed)
• xPub stands for Extended Public Key (corresponding public key derived from the private key)

The “seed” is a list of 12 English words (or more precisely, a random value of 128 bits, which means one among 2^128 possibilities).

The key derivation process is similar to a family tree. Safeguarding the original seed allows you to instantly restore all keys and access to your bitcoins. This is referred to as a “deterministic hierarchical wallet.”

This wallet standardization dates back to BIP39 (Bitcoin Improvement Proposal 39). Consequently, even if you created your seed using a Ledger, you could restore your keys by entering the seed into a Trezor or any other wallet.

On the contrary, if you lose the seed, all BTC linked to the public addresses (UTXOs) derived from the seed will be lost forever.

Hot Wallet and Cold Wallet

There are several ways to store a private key:

A hot wallet is software such as Wasabi, Samourai, or Electrum, which allows you to generate a seed. These software wallets enable you to sign transactions and propagate them to miners who include them in a “block.”

Such wallets can be installed on your PC or smartphone. Hacks are possible with these devices since they are constantly connected to the internet.

A cold wallet is a device that remains offline. This distinguishes it from a “hot” wallet. If you use a standard wallet on a PC that never connects to the internet, it effectively becomes a cold wallet.

Cold wallets often resemble USB drives. To sign a transaction, you usually have to connect the wallet to a computer and confirm the transfer by entering a PIN code on the cold wallet.

The best-selling cold wallet is the one from the French company Ledger. The first one was from Trezor, a Czech firm that continues to innovate under the auspices of SatoshiLabs. Their latest model, Trezor T, allows for bitcoin anonymization, for example.