Gnosis Hardware Wallet - Proposal

Background:

At Ragnar Labs, we have completely reimagined the concept of hardware wallets, incorporating a secure design approach from the ground up. Our focus has been on integrating provable security measures at every level of both the hardware and software components. Security has been the driving force behind the design of storage, access, processing, and communication aspects of our product.

To safeguard wallet private keys, we’ve employed purpose-built key management hardware. In order to mitigate risks such as Spectre and Meltdown, we have gone beyond conventional solutions and chosen not to rely on isolation techniques like TrustZone or employing two microcontrollers (MCUs). Instead, we have implemented a single secure MCU that oversees the screen, application, and secure storage.

Our Secure MCU, the NPX K81 microcontroller, features an ARM Cortex-M4 CPU with hardware implementations of security operations for symmetric cryptography. It supports a range of cryptographic algorithms, including DES, 3DES, AES, MD5, SHA-1, and SHA-256.

A prominent feature of our product is the inclusion of a high-resolution 2.4" touchscreen display on the STASH hardware wallet. This touchscreen serves as the trusted display, providing users with a clear and secure validation experience during transactions. By eliminating display manipulation-based attack vectors, we enhance overall security. All input related to wallet transactions is facilitated through this high-resolution touch display, with a randomized keyboard layout controlled by the secure MCU NPX K81. This ensures protection against insecure USB buses and tampered computers with keyloggers.

Unlike traditional hardware wallets that rely on general-purpose operating systems, we have engineered a purpose-built solution with minimal essential functionalities to significantly reduce the attack surface. In fact, our system operates without a traditional operating system. Our software adheres to the following fundamental principles:

· The system is built and runs as a unikernel application.

· All sensitive data is stored in an encrypted format by default, with controlled and authenticated access.

· All communication channels, whether internal or external to the wallet, are secured through authenticated and encrypted protocols for each message, facilitated via NFC.

State as of January 2024

At this stage, we have a functional pre-production prototype for Bitcoin signing (native C language), and we have developed iOS and Android applications for NFC communication.

We are actively seeking partnerships with blockchain organizations interested in a collaborative white-label licensing option, enabling them to co-brand and market this innovative hardware wallet under their own name and marketing efforts.

@mkoeppelmann @StefanGeorge

Project Manager:

Alex Lebedev, serial entrepreneur Linkedin: www.linkedin.com/in/alexander-lebedev-5ba3051
email: alex@rangnarlabs.com
telegram: lebedek1

2 Likes