S4 E9: Lixin Liu on the Cobo Vault & Cobo Tablet (Rebranded KeyStone, 2021)

Lixin Liu is the creator of the Cobo Vault: a device which benefits from military-grade physical resistance and includes lots of interesting security features.

Currently, the Cobo Vault costs $479 and is designed for the needs of Chinese miners who operate in extreme weather conditions and also need reliability.

However, Liu is looking into expanding the Cobo Vault into foreign markets by targeting mass consumers who hold bitcoins. A second-generation Vault would tone down on the military-grade robustness, while focusing on desirable features. The upcoming Cobo Vault will offer an air-gapped wallet that is exempt from remote attacks and also takes into consideration physical security with a secure element chip.

During the interview, Lixin Liu also mentions the newly-launched Cobo Tablet metal plate for cold storage and explains why the product is designed to be more practical and intuitive than the Crypto Steel or Billfodl. The irony is that the Cobo Tablet is the most affordable steel plate product on the market, while the Cobo Vault is the most expensive hardware wallet available.

Liu also answers all the tough questions about open sourcing the software and the current state of auditability, the privacy provided by the Cobo Vault, and how the hardware wallet devices measures up against the Trezor, Ledger, BitBox02, Coldcard, and KeepKey.

Listen to the episode on iTunes and Spotify!

If you enjoy this interview with Lixin Liu, then feel free to:

• leave a comment; 
• follow @BTCTKVR on Twitter; 
• join the Telegram channel for discussions;
• donate $1 on Patreon;
• tip via Tippin;

Time stamps:

09:23 – Paper Wallets

12:15 – The Cobo Tablet

13:55 – The Cobo Vault

16:09 – Testing according to the American military standards

16:38 – Building a product for the miners

18:36 – The background story of Cobo

21:36 – Driving a car over the Cobo vault

22:07 – Cobo Tablet vs Crypto Steel and Billfodl

26:45 – Disposing unused metal plate letters with responsibility

28:23 – Cosmos Tablet vs Cobo Tablet

28:46 – Possibly releasing a co-branded Cobo Tablet with Coldcard

30:53 – Product positioning for the Cobo Tablet vs Cobo Vault

32:57 – 2nd gen Cobo Vault

34:01 – Cobo Vault vs Cobo Vault Gen 2

36:46 – Secure element of Cobo Vault Gen 2

46:32 – The definition of a secure element

50:43 – Cobo secure element vs Coldcard secure element

52:33 – Is the Cobo Vault source code open source?

56:39 – DIY Cobo Vault?

58:35 – Cobo vs Trezor

1:00:29 – Cobo vs Coldcard

1:02:40 – Cobo vs Ledger

1:03:48 – Cobo vs BitBox02

1:05:12 – Cobo vs KeepKey

1:08:08 – Does Cobo Vault connect to your own full node?

1:10:40 – Cobo Vault privacy

1:18:33 – Closing words on 2nd Generation Cobo Vault

Special thanks to LXMI and Phemex for sponsoring this episode!

LXMI Ad:

“LXMI is a European Cryptocurrency exchange whose name is inspired by Lakshmi, the Hindu Goddess of Wealth, Good Fortune and Prosperity. It’s one of the regulated and legal Cryptocurrency exchange.

On LXMI you can buy bitcoins with most fiat currencies and you can also do the trading for top Altcoins. 

They follow the “Not your keys not your bitcoins” philosophy with their integrated non-custodial wallet which helps you manage your own private keys. So if you’re into trading, then you don’t have to worry about having your Crypto frozen by whatever political decisions, since you’re empowered to hold and move your coins around whenever you wish. 

It’s great to have new players like LXMI that respect your financial sovereignty.

LXMI is launching in 2020 for more information please check out – www.LXMI.IO/

If you’re not trading, it’s recommended to move your coins to a hardware wallet or some other form of cold storage, and in this episode, you’re about to find why.

Please keep in mind that this is just an ad for a sponsor of this show. It’s not meant to serve as financial advice, and you’re responsible to do your own research before buying anything and act according to your own decisions. Embrace your financial sovereignty with agency and precaution.

Phemex Ad:

“Phemex is a Bitcoin exchange with derivative trading options which focuses on speed, robustness, and maximum uptime. Built by former Morgan Stanley executives, it manages o bring simple and accessible Bitcoin trading. In 2020, Phemex will also add S&P 500 stocks, stock indexes, FOREX, commodities, and more. 

Sign up today at phemex.com/bonus and receive a bonus of up to $72.

Please keep in mind that this is just an ad for a sponsor of this show. It’s not meant to serve as financial advice, and you’re responsible to do your own research before buying anything and act according to your own decisions. Embrace your financial sovereignty with agency and precaution.”

Full Transcript:

Vlad Costea (00:00:11):

Hi there and welcome to the Bitcoin Takeover Podcast. I am Vlad and my guest today is Lixin Liu from Cobo, which is a company that focuses on your private key protection and they have quite some premium services and products which are connected to hardware wallets and cold storage. And I think on their website they even sell the whole package, which allows you to have both the hardware wallet and the steel plate for cold storage. So Hi Lixin.

Lixin Liu (00:04:36):

Hi Vlad. Thank you for having me.

Vlad Costea (00:04:40):

Yeah, it’s good to have you. And it’s good that we get to talk about maybe a company that isn’t brought in the spotlight too often.

Lixin Liu (00:04:49):

Yeah, actually we’re from China and we didn’t get too much exposure before. Yeah, thank you very much for having me again.

Vlad Costea (00:04:57):

Yeah. So we should talk about the products of Cobo and what makes you stand apart from the crowd. But before that, I will ask you the question that all the guests of this season have answered and Why should Bitcoiners use metal plates for cold storage and hardware wallets for their private keys as opposed to other methods like brain wallets, paper wallets and other DIY methods?

Lixin Liu (00:05:28):

Okay. First I can talk about brain wallets. And actually for brain wallets I have kind of a horrible story to share with you guys. The CEO of Cobo, whose name is DiscusFish (@bitfish1), he told me a horrible story happened on him. The story is he once had 12 recovery phrase words memorized just in his head, as others use the brain wallet. He’s a very disciplined guy. The very first thing in the morning he got up was to try to repeat the recovery phrases in his head. The days went by doing this. He was 100% sure he wouldn’t mess up those recovery words, but he was totally wrong. The following story is, he and his wife, they raised two bulldogs and his wife was actually training the bulldogs to play skateboard at home.

New Speaker (00:06:40):

One day she was playing with one of the dog and left a skateboard at the entrance of a room. But after that DiscusFish walked out of the room and he accidentally stepped on the skateboard and he flipped over and hit the back of his head on the ground. After that his first reaction was to check his memory of the recovery phrase, but unfortunately he couldn’t remember it. He went to the hospital and he spent one day there and he was diagnosed of concussion. After those diagnosed and for the next three days, he was trying really, really hard. And finally he came up with the lost recovery phrase. So I think for brain wallets this kind of story is a very vivid reminder that if you have a significant amount of crypto assets, please don’t trust their brain. There are all kinds of different accidents that could mess up your memory and no matter how hard you train your brain or you memorize it every day and repeat it every day, just accidents happens and your memory will be messed up.

Vlad Costea (00:08:09):

Yeah. Most of the times we perceive hardware wallets and steel plates as protections from other people who might be interested in stealing the coins, but they are also protection from ourselves. Because we are only as good as our biological bodies allow us to be.

Lixin Liu (00:08:29):

Definitely. For me, after I know this story I would recommend that no one—if anyone asks me any recommendation on brain wallets I would say no, never trust your brain. It’s not that reliable.

Vlad Costea (00:08:46):

Plus, even if we take care of ourselves and make sure we never get into accidents and stay at home most of the time, there is also degradation over time.

Lixin Liu (00:08:58):

Yeah, that’s true. Definitely.

Vlad Costea (00:09:02):

So let’s talk about the Cobo Tablet, as you have sent me some documentation.

Lixin Liu (00:09:07):

Oh, you also asked me like paper wallets, right. I didn’t talk about paper wallets. For the paper wallets I think it’s obvious that the metal solution is a better choice, because if you put your recovery phrase on a piece on metal, it’s waterproof. It’s also fireproof and corrosion proof. And also there are always a lock hole on the metal plate so that you can lock your recovery phrase with a padlock.

New Speaker (00:09:42):

But I’ve also seen some suggestions on Twitter that some people say that if you put your recovery phrase on two piece of papers and duplicate them, which means duplicate them on two pieces of paper and that is safer. But actually from me, my personal perspective, I don’t recommend these kinds of storage, because even with paper wallet—you duplicate them—that will increase your robustness against natural disasters like flood or something. But that will also increase the chances of theft. So if you don’t worry about safety, you can duplicate it. But if you worry about someone breaking into your home and steal your recovery phrase that way, I think that’s not a good choice for most of us. That was for paper wallet. And you also ask the DIY methods, right?

Vlad Costea (00:10:43):

Yeah. Stuff you do yourself.

Lixin Liu (00:10:46):

For DIY methods, I have some friends, they do the metal thing by themselves. If you are a DIY person, you can buy something like a engraving pen. You can easily buy these with around $30-40 on Amazon, find a piece of metal and create your own metal storage for the recovery phrase. For people who don’t want to play around with the hassle of the DIY stuff, you can buy some metal storage like a couple tablets or other products. I think that’s the main difference between these different kinds of methods.

Vlad Costea (00:11:29):

Yeah, that’s right. But at the same time, do you think that hardware wallets and metal plates are adversarial in their purpose or are they complementary? Is it either or, or is it better to have just one or have both at the same time?

Lixin Liu (00:11:48):

Actually I don’t see these products as they are like competing each other. No matter if you use a hardware wallet or a software HD wallet, you still need to deal with your recovery phrase. So the metal plate thing like Cobo Tablet, they supports all the recovery phrase for any BIP39 hardware or software wallets, and you also can see that Trezor’s official store, you can buy Trezor bundled with CryptoSteel, so you can definitely use them together or you can use the metal plate or metal storage with your software wallet. They’re both okay. Or even if you use any desktop or mobile wallets, you can use that. So I think it’s complementary.

Vlad Costea (00:12:43):

And that’s reasonable, if you want to get the best security possible. You don’t want to just rely on that piece of paper, which comes with your hardware wallet or some kind of notebook that you buy yourself and take notes in it.

Lixin Liu (00:13:00):

Yes. And also one reminder: never take a picture and put it in the cloud service or something. That’s really a bad choice for you.

Vlad Costea (00:13:14):

Yeah. And sometimes the cloud service automatically gets your pictures if you have the wrong settings in your phone—you take a picture and you’re not even aware that it goes into the cloud, and that’s how you essentially get hacked.

Lixin Liu (00:13:29):

Yeah. And that’s obvious, something happens. All the time.

Vlad Costea (00:13:36):

So let’s talk about the Cobo Vault, which is your solution for everything, basically. It has a hardware wallet, it has a steel plate, and it costs almost $500, which I think is the most expensive product on the market.

Lixin Liu (00:13:54):

So for the Cobo vaults, you are asking how we’re pricing it?

Vlad Costea (00:14:07):

Not really. It wasn’t that question. Just, what makes it so premium, you know?

Lixin Liu (00:14:14):

Okay. So for the Cobo Vault, hardware wallets is a very niche market if you compare that to laptops and the mobile phones. But even in a niche market—all the hardware wallets—they should have their distinct positioning. When we designed the Cobo Vault, we were targeting the miners in China actually. For those who are not familiar with the mining industry in China, all the mining farms here in China are always built in very isolated places because in those places, the miners can get the best price for the wind or the water electricity. So as the miners would take the Cobo Vault into these isolated regions and rather than just put them at home or put them in a safe or in a deposit box—when we designed the product, we want to maximize the security and also the durability of the device.

New Speaker (00:15:30):

And that comes with a lot of costs. For example the main body of the device is made by aerospace aluminum and it has a four inch big screen and it also comes with a metal case so that you can put your device into that. And also the product passed a lot of durability tests. Like it’s IP68 waterproof and also it’s IK9 drop resistant. And also we even did an American military-standard durability test on it, MIL-STD-810G. So all this form factor stuff took a big portion of the pricing of the product. And also user experience wise, because we are creating a product for the miners, they’re very extreme on the security side. So we create a totally air-gapped experience for those miners, which means we have a camera on the device.

New Speaker (00:16:49):

So you can do QR code scanning to get the un-signed information into the Cobo Vault, and then the Cobo Vault can do the signing, do the cryptographic calculation and the algorithms and do the signing work and it generates QR code again. So then you can use your—we call it hot device—which is connected to the blockchain. You use your hot device to scan the QR code to get to the signed message, or the signed information, and then you can broadcast it to the Internet. So that’s the main attraction of the Cobo Vault. And because we use the QR code, because we have the camera, if you wanted to support the camera, you need to have a much more premium chip. And all of this comes with a cost and all these costs results in maximized security and durability, and that’s the design thinking behind the Cobo Vault.

Vlad Costea (00:17:58):

That’s kind of fascinating. I never really thought about products designed specifically for miners. And I suppose that when you run a mining operation, maybe next to a windmill or a water wheel or something, then you’re going to require some sort of resistance to natural disasters.

Lixin Liu (00:18:22):

Yes, definitely. Maybe I can introduce some more about the background story of Cobo: so for our CEO, his name is DiscusFish. He was one of the earliest Bitcoin evangelists in China and he was like the community leader among the miners and he’s also the CEO of F2Pool, which is one of the biggest mining pools currently in the world. So the team I’m leading that’s working on the hardware wallet, we were designing the whole product for people like him. And in order to get more user insights and in order to know more about the miners, he introduced me to pay a visit to one of his mining farms in Xinjiang in China. Oh, that journey was really interesting.

New Speaker (00:19:27):

Like I flew for five hours, and then I took a train, and then I took a car, and then I walked for a long time and got to the mining farm. At that place in winter there is a lot of snow, you cannot walk there. And also he has another mining farm, which is in Sichuan province in China. And that province is really rainy. So you get wet all the time, not only your clothes but also your home. So you have to use some hardware wallet that is waterproof to get into those kinds of scenarios.

Vlad Costea (00:20:16):

I never really thought about this because basically I come from a country where you don’t have to worry about this kind of situation, but it makes sense. I don’t think a Trezor is resistant to water and natural hazards. I haven’t tried that actually. They’ve tried to smash them and stuff like that, but I’m not sure if they’re tested against humidity and weather conditions.

Lixin Liu (00:20:46):

Yeah. Actually different hardware should be built for different places, different people and different scenarios. One thing I can also share is that when we launched the Cobo Vault we sent it to one of the KOL. And he drove his car over a Cobo Vault, and come and back for several times and the Cobo Vault survived those kinds of extreme test. And that is how we design the product and where we put our thoughts into the scenarios of this products.

Vlad Costea (00:21:31):

That seems reasonable. I feel like we should get back a little bit to the Cobo Tablet as it’s the latest product that you’re launching. And it’s also the product for which you sent me some documentation to explain how it works and basically help me ask you questions about it. So what is special about it as compared to CryptoSteel and Billfodl and other similar metal plates for cold storage?

Lixin Liu (00:22:02):

For Cobo Tablet, as I just mentioned, the metal storage can work with hardware wallet and software wallet. So the metal storage should be more widely used because we think it is compatible with every decentralized wallet. So when we were trying to develop the Cobo Tablet, we took the price as the first priority to benefit a wider community. So it’s totally different from Cobo Vault. Cobo Vault we were designing for the miners and they need to maximize the security and durability, but for the Cobo Tablet we want to benefit—the more people the better, so the price is the most important. And thanks to the strong manufacturing capabilities here in China actually in Xinjiang, you can see that the price for Cobo Tablet is approximately half of CryptoSteel’s and the Billfodl’s price.

New Speaker (00:23:14):

The price is the first biggest difference between Cobo Tablet and other competitors, and the other big difference is ease of use, if you get a closer look at the product. During our development we asked several random HODLers to come to our office to do a blind test on how much time they need to set up a Cobo Tablets or a Billfodl, and all of them has no prior experience with these kinds of products before. So they’re like very fresh people. And the result was really astonishing. The average time for setting up the Cobo Tablet was around 7 minutes, and setting up Billfodl took on average 12-13 minutes.

New Speaker (00:24:14):

And the biggest difference for user experience between Cobo Tablet and CryptoSteel or Billfodl is that for CryptoSteel and Billfodl you need to slide in the tiles from the right side. So it’s very hard for you to put a tile into the perfect position, as the slot for the tile is very narrow and tight. And if you find one tile was wrong, you need to take out all the tiles that you have put in and redo the whole process again. So that’s why using CryptoSteel or using Billfodl is not that very user-friendly, but with Cobo Tablet you just open it and you just put the tiles in. So that’s much easier. And maybe I cannot explain the experience very well with words. I think if the audience is interested you can check out a YouTube video which is detailed, describing this difference between the products. The YouTuber’s name is Crypto Guide and you can find the video there. It clearly shows the difference.

Vlad Costea (00:25:36):

Okay. This also makes me curious. Maybe someday I’ll do some A/B testing to see what the difference actually is.

Lixin Liu (00:25:47):

And here I want to share: if you are using these kinds of products like Cobo Tablet or Cryptosteel, I want to share another note for every one of you. You need to pay attention to the tiles left after you set up this stuff, because no matter Cobo Tablet or Cryptosteel, they all have a fixed amount of the tiles for each letter. So if you don’t dispose of them properly, someone could figure out what letters you have used for your recovery phrase. So it’d be much easier for them to brute force your 24 recovery words then. So for people who use these kinds of products, you need to really pay attention to how you deal with the left over tiles.

Vlad Costea (00:26:59):

I never thought about this, but it makes sense if somebody wants to hack you, they just look at the letters that you used. And after that they just input the letters into random word generators. And I guess the harder part is to figure out the order, but it’s still not impossible.

Lixin Liu (00:27:18):

Yeah. The order, if they have figured out the 24 words, the order is not that hard because the 24th word is the checksum of the other words. So they just do 2 hash and then they can do the checksum, they even don’t need to check the private key and public key to see whether there are some cryptos on that. They just do the checksum. It’s very easy.

Vlad Costea (00:27:41):

Right. So on the Cobo website I can see that you have two different types of—you call them tablets—but that’s a bit misleading in my mind because when I think of tablets, I think of stuff that has a touchscreen and works like an iPad, but it’s actually like an enclosure which has all the letters to create your cold storage backup on a metal plate. And you have the Cobo tablet and you also have the Cosmos tablet. What’s the difference?

Lixin Liu (00:28:16):

The Cosmo tablet is a co-branded version of the Cobo tablet. So we just built that version together as a swag for Cosmos community and functionality-wise, they are 100% the same. One thing I can share is currently we’re also talking with Coldcard. We may have a co-branded version for Coldcard and maybe people later can buy a co-branded version of the Cobo tablet on Coldcard’s official website. I’m just talking about that with NVK now.

Vlad Costea (00:29:01):

I’m also talking with NVK to possibly do an interview after this.

Lixin Liu (00:29:07):

Yeah. You may ask his opinion on the metal storage or something. He told me that he was not a big fan of this tile version, but he really liked the punch version. Mainly there are two kinds of metal storage today. One is the tile version like Cobo tablet, the other is punch version. So you have a hammer and a metal plate and you also have a punch stick. So you use your hammer to punch the letter onto the metal. For that kind of interaction, it’s not that elegant or it’s not that easy with things like Cobo tablet, but they are cheaper. So according to our original principle of developing Cobo tablet, which is bring the best product, with the best price for as many people as possible in the community. So we’re also developing a punch version. It would be much cheaper. For Cobo tablet it’s around $39 now, and for the punch version, we will control that under $25.

Vlad Costea (00:30:29):

Yeah. It’s interesting to me that you have the least expensive steel plate storage device on the market, but at the same time you also have the most expensive hardware wallet.

Lixin Liu (00:30:44):

Yeah. Again, the reasoning behind this is product positioning because we’ve tried to position to different people. Another story I can share here is that, last year I went to Bitcoin 2019, and I talked to a lot of normal HODLers there. I found that 95% of them don’t care about the product. That is very interesting I found, because I only interviewed the miners before. I never interviewed normal HODLers in the United States. So I asked them whether they were afraid that their home could be flooded if a water pipe explodes or that any natural disasters would damage their hardware wallet, as there’s a lot of forest fires in California which threatens people’s homes.

New Speaker (00:31:52):

But the answer from them was very interesting. They said, yes, they are afraid of those things, but they see them as very low possibilities. Even if something were to happen, they said they would just buy another hardware wallet, because it’s only $100. From those conversations, I think you can tell that positioning a hardware wallet for miners and for HODLers is totally different. After coming back from the conference, our team began to design a product for the normal HODLers. We spent almost one year on that and I think we’re going to launch that product around late April or early May, and we call it the second generation for Cobo Vault. For this new generation, the Cobo Vault will compromise on the durability side, but it doesn’t compromise on the security.

New Speaker (00:32:53):

Just like the current version—which is the first generation—the second generation will still be totally air-gapped and comes with a camera. It can do QR code transmissions. We will also support PSBT, and an open sourced secure element, which is the first one in the industry. For the pricing, we are trying really hard to control our second generation in the $100-$200 range so that it’s affordable for most of the normal HODLers.

Vlad Costea (00:33:36):

I guess you’re going to need some kind of rebranding there because if it’s Cobo Vault, gen two or V2, some people will assume that it’s better than V1 when it just has some extra features, but at the same time it’s not as resistant and tested as the first generation.

Lixin Liu (00:33:55):

Yeah. After we launch the second generation, the first generation will still go on because there’s still a lot of miners and also some institutional users—they want the first generation. But we won’t call it like first generation or second generation. We may have other naming or branding for this product. Yeah, what you said is very right.

Vlad Costea (00:34:22):

So let’s say that somebody discovers Bitcoin today and possibly buys a few hundred bucks worth of Bitcoin on an exchange. And at some point, maybe in a few months, they figure out it’s a bad idea to keep their Bitcoins on the exchange because of Mt. Gox and other events that happened before. So first of all, what is the thought process in regards to choosing a hardware wallet in your opinion? And why should they go for the Cobo Vault?

Lixin Liu (00:34:57):

I think maybe it’s better if we take this Cobo Vault as the second generation because I think the first generation is too pricey for a normal HODLer. If we talk about the second generation of the Cobo Vault, if you asked me to give advice to some people how to choose their hardware wallet I think (1) the first thing people may ignore is that you really need something with a bigger screen. So I think a lot of people have suffered from the little tiny buttons of Ledger or Trezor or other products. I think it’s really hard to use those products because some people’s hands, they’re really clumsy. With these kinds of tiny buttons, it’s really not easy to use them. Another benefit for the bigger screen—if you want to type in your passphrase or your recovery phrase, it’s easier.

New Speaker (00:36:04):

Another benefit which is brought by the biggest screen is that you can clearly see your address and the amount of money—amount of crypto—you are going to send. So it’s quite clear for you to check the information, which also increases the security of your crypto. I think that’s one thing most of the suppliers or vendors of hardware wallets didn’t recognize. The big screen is very important. (2) The second thing I want to emphasize is the secure, element. For the secure element I have some contrary opinion to the market, which is: actually a secure element can be open source. A secure element is a must. And if the hardware comes with an open source secure element, then it’s much better.

New Speaker (00:37:11):

Also with our second generation, we’ve open sourced the firmware of the secure element. Those of the most important two things. (3) The third things I think is really important is how air-gapped is your product. Currently most of the products, they are connected through a USB cable to your laptop or it’s connected to your phone through Bluetooth. But we all know that for Bluetooth, if you search for keywords like “Bluetooth vulnerability” on hackernews.com, this kind of website, you will find there a lot of accidents or vulnerabilities for Bluetooth, like man-in-the-middle attack, this kind of stuff. So for Bluetooth it’s not a very good choice. But also for USB cable because your laptop can have some malware. I know that in early days a hacker can perform a side-channel attack on the USB cable on a Trezor. But it’s an early thing—Trezor has fixed that. I just want to say that the USB cable is an attack vector for the hardware wallet. So three things. The first is bigger screen for ease of use and better security. And the second thing is the air gap. The third thing is the secure element and if the secure element is open source, then it’s much better.

Vlad Costea (00:38:51):

Right. I have had this discussion with Slush in the previous episode and his opinion on secure elements is that they’re a waste of time because they’re bound to get hacked. And if you focus too much on hardware and physically securing hardware wallets, you’ll just end up in a situation where you have to release a product each year or something just to keep up with what’s going on. And he thinks it’s a better approach to just focus on the software and make it proofed to attacks through stuff like Shamir backup and passphrase and whatever Trezor is innovating right now. So first of all, what is your stance in regards to this? And secondly, how is this secure element really open source? Because usually the criticism about them is that you cannot see all of the code that goes into them.

Lixin Liu (00:39:50):

Here I want to emphasize again that I think Trezor is a very great product and they really have contributed a lot to the community. But I think Slush is a little bit biased about the secure element. Just as you said, the main conflict in the community is that a secure element is like a black box with better defense of physical attacks, and the general-purpose MCU is more like a white box, but with see zero defense from the physical attacks. First, one saying on Twitter I can share is that, if you are paranoid, then you can be 1,000 times wrong and you still got your crypto. But if you are not paranoid, you can get one time wrong and your crypto would be gone.

New Speaker (00:40:52):

I don’t remember the exact word, but it’s just the meaning I think you’ve got it. For the secure element, it’s definitely a plus to help you to better protect your crypto. Even with some software tactics as Shamir secret sharing or the passphrase, you can still use a secure element, and you can add those kinds of tactics to your hardware. It’s not about using the software tactics so that you can forget about the physical attack. Personally, I really don’t agree with that. And also mentioning the open source for the secure element, I think most people would be interested in that, because currently all the people in the industry will say that you will sign an NDA with the secure element vendor and you cannot share anything of the secure element.

New Speaker (00:41:53):

Actually, this is not the truth because it’s like a negotiation between the hardware vendor and the secure element vendor. If you are strong enough, or if you pay enough money you can still open source the secure element. So our situation is that we cannot open source the whole design of the secure element. But here one noted that if you use a general-purpose MCU, you still cannot open source the whole design of the MCU. You still open source the firmware on the general-purpose MCU, which is just as Trezor did. For us, we choose a secure element and we negotiate with the vendors of a secure element and we open source the firmware of the secure element. So with the firmware people can see that (1) first the entropy comes from a true random number generator, TRNG, from the secure element.

New Speaker (00:43:04):

(2) The second, how your mass private key is generated. (3) The third how your child private keys are derived from your mass private key, and (4) the fourth, every cryptographic calculation or cryptographic algorithm happens within the secure element. And (5) the last is that your private keys never leak out of the secure element. So from the firmware you can see everything, you can see how it works in the secure element, and also you can verify the code. So I think by doing this we are adding a much stronger, or an extra layer of transparency, to the secure element and also later we will allow people to modify the firmware of the secure element and you can upload your customized secure element firmware onto the secure element, which means you can just build your own hardware wallet on a secure element.

New Speaker (00:44:08):

I also talked to Slush. Slush also criticizes this like, Oh, you cannot share the datasheet of the secure element. But actually if you have strong enough negotiation power, you can share the datasheet. Later, if someone wanted the datasheet of the secure element, they just need to do very simple online paperwork. If a cypherpunk or a geek wants to get the datasheet of the secure element, they just need to sign an online NDA with us and we can share that with him. And also he or she can purchase a development board of the secure element from us so that he can almost play anything on the secure element. So that’s how we do the secure element open source. We cannot open source the whole thing. Even the general purpose MCU cannot open source the whole thing and the secure element doesn’t. But what we can do is open source the firmware and you can see how it is working and how everything is going on within the secure element. That’s our strategy of open source.

Vlad Costea (00:45:31):

So Ledger published an article 2 weeks ago and it’s called “Not All Chips are Born Equal,” and I think it got quite popular on social media around the time. And in their classification they say that the stuff that Coldcard and BitBox use are not really secure elements, but they’re actually safe memory chips, which are not as secure as their design for the secure element. And their argument basically is that you cannot quite have the security of a secure element with full transparency. So how do you make that work?

Lixin Liu (00:46:13):

Actually, for the first part you ask whether ColdCard or BitBox are using a secure element. I think the main conflict is your definition of the secure element. From our perspective, Coldcard and BitBox are definitely using a secure element, but they’re not using a very premium secure element, which means their secure element is more leaning towards better storage of some sensitive information rather than some cryptographic algorithms on that. I think that’s the main difference. So the Ledger secure element can do the cryptographic calculation, but the Coldcard and BitBox, their secure element is not that premium so it only does the storage work. But you cannot say that they are not using a secure element. They are using a secure element. We cannot mess up the truth here.

New Speaker (00:47:19):

So that’s the first thing. The second thing is, for the transparency for the secure element, just like I said, if we open source the firmware, it’s just like Trezor open sourced the firmware of a general-purpose MCU, because for the design of the normal MCU and the design of this secure element, they both cannot be open source. But it’s easy to verify the secure element with the open source firmware. Here, the logic may be not that easy to understand, but for the secure element, if we open source the firmware, then there are two important things. One is the true random number generation. So this is not in the firmware. This is like the implemented library—implemented function—in the secure element, but actually you can bypass that true random number generation just like what Coldcard did—they allow people to generate their own entropy with a dice.

New Speaker (00:48:37):

So you don’t need to trust the true random number generation of the secure element, you can generate your own entropy with the dice and from the entropy you type into the device, the device will do the cryptographic calculations and algorithms to generate your private keys based on your entropy rather than the true random number generator on the secure element. So that part is black box. But this black box, you can bypass that. You can do that by yourself. And for the second part, people may think the black box on the secure element is⁠—again, if you open source the firmware of the secure element, the second part of the black box is the cryptographic algorithm. So for that part, it’s very easy to verify that because all the cryptographic algorithms are universal.

New Speaker (00:49:40):

Just like ECDSA, they are universal algorithms. You can easily verify the results of those algorithms by another device. Or even with some Python libraries⁠—you can easily verify that. So the most important two parts: one is true random number generation, and then the cryptographic algorithms, they are in the black box of the secure element, but one can be bypassed. The other can easily be verified. So again, jumping back to our open source strategy. If we open source the firmware of the secure element, then the secure element is just as transparent as a general-purpose MCU. So it’s almost totally a white box then.

Vlad Costea (00:50:33):

Okay. So how is the secure element comparable with the one that you find in the Coldcard and the Bitbox?

Lixin Liu (00:50:43):

Our secure element just has more RAM and more memory in the secure element. And there’s some cryptographic algorithms pre-installed into the secure element. So after we open source our firmware of the secure element, you will see that in the firmware we just call a function. It’s just like we call a function which is pre-installed into the secure element as the cryptographic algorithm. So it’s just like a pre-installed function in the firmware, and the function can be verified easily. Our secure element supports those kinds of pre-installed cryptographic functions and it has more RAM, so it’s more premium than the secure element that Coldcard is using and also than the secure element that BitBox is using.

Vlad Costea (00:51:50):

I feel like we have clarified this part about hardware and there’s definitely going to be some interesting stuff going on with the second generation of the Cobo Vault with the camera and QR code scanning and the air-gapping. But what about the software? How much of the software in the current generation Cobo Vault is auditable and open source, and how much of it is going to be open source in the next generation?

Lixin Liu (00:52:22):

For the next generation, I think you know that open source is not like a one-day work. So for the next generation first we will open source the whole code—we call it on the cold end—which is on the Cobo Vault. For the app currently we are using iOS and Android mobile app to support people do the QR code transmission and to get the balance from the blockchain and to broadcast the transactions. Currently we don’t have a clear timeline to open source that part, but the point is, because Cobo Tablet has the QR code here it’s very easy to decode the QR code or encode the QR code. So Cobo Vault can definitely be used with third party wallets just like Electrum. If you don’t trust our mobile app because it’s not open source and you don’t trust it, it’s okay. We will also make some Electrum plugins for people to easily decode or encode the QR code so that you can use the Cobo Vault with third party wallets like Electrum.

Vlad Costea (00:53:53):

Yeah, that’s definitely useful. And I think you should also integrate with Wasabi as that turns out to be quite a popular choice because of Tor routing and all of that privacy extra.

Lixin Liu (00:54:06):

Actually we will also open source the QR code protocol so that you will see how the raw transaction is assembled, and what’s the default format of this QR code. So any third party wallets can integrate Cobo Vault very easily. You just need to follow our format to assemble the unsigned transaction and to generate the QR code. And then you can use Cobo Vault to scan the QR code to then sign the transaction. So it’s very easy. Also Cobo Vault will support PSBT. PSBT is definitely for the scenarios of CoinJoin and also PSBT will support Multisignature between different hardware wallets, so even without our app, which is the app on iOS or Android phones, you can definitely use Cobo Vault with any third party wallet if they support the QR code thing.

Vlad Costea (00:55:22):

Right. But I guess you haven’t answered about the current generation of the Cobo Vault. How much of the software in it is open source?

Lixin Liu (00:55:32):

Currently for the first generation of Cobo Vault, we only open source the secure element code, but we didn’t open source the upper layer software on the Cobo Vault. So currently the first generation of Cobo Vault is not fully open sourced.

Vlad Costea (00:55:53):

Okay. I’m happy about the clarification because my next question is about building your own. If you’re going to follow this philosophy that Trezor and also Coldcard recently have pursued to basically make a list of the components that you need to build your own and also offer you the software just in case you’re in a part of the world where you cannot order their product and you want to build your own. Are you ever going to allow people to build their own Cobo Vault?

Lixin Liu (00:56:35):

So for building Cobo Vaults we’ll offer another route, which is much more hardcore. It’s that, just like I mentioned, we will offer people the development board of the secure element. So I just offer you a raw secure element on a circuit board, and you can manipulate the whole circuit board and the secure element by yourself. So I think that’s a much more hardcore way of open sourcing the whole thing. You don’t need to build your circuit board for the Cobo Vault, we just give you the development board of the secure element and you just build your stuff upon the secure element. You see what I mean? So we don’t ask people to rebuild a Cobo Vault. We ask people to build their own based on the secure element that Cobo Vault uses.

Vlad Costea (00:57:40):

All right. Sounds reasonable to me. So we have discussed about the hardware, we have discussed about the software and I guess we should talk about more stuff about the competition because everyone else has done it who has been in this podcast. So I have challenged everyone who participated in this season’s podcast to say something nice and something bad about other competitors. And Cobo is competing right now with Trezor, with Ledger, with KeepKey possibly, with Coldcard, and also BitBox02. So let’s get them in some sort of order and you get to say something nice and something bad about them. Let’s start with Trezor.

Lixin Liu (00:58:33):

Okay. Just like I mentioned, I love Trezor the most among all these products, not only because it’s the first hardware wallet, but also they’re just a giant. We take Trezor as a giant and we take all the other hardware wallet vendors, we stand on the shoulders of this big giant to build better products for the market. Another thing I want to emphasize for the reasons I like Trezor the most is the transparency of Trezor. If you look closely at Trezor’s blog, it explains the details about the bugs and vulnerabilities, you can see that they even disclose how much time they spent on each bug or vulnerability. I think this kind of transparency is really good and makes people trust this brand, trust this product.

Lixin Liu (00:59:42):

Trezor is like a teacher for all of us, for all the other hardware vendors. But just like I said, what I cannot agree with Trezor is the security structure that comes without a secure element. That’s also the reason I won’t purchase a Trezor to store my personal assets on it, because without a secure element it cannot survive from physical attacks. I think the second best one in my mind is Coldcard. I like Coldcard mostly because of NVK, because he’s the most paranoid guy I’ve ever known in this industry. And in order to make something like Coldcard—because you need to think about all the attack vectors in advance—you really need some strong imagination.

Lixin Liu (01:00:56):

And NVK is that kind of guy who’s very paranoid and who really has some imagination, especially on the attack vectors. And they have some very interesting features like anti-phishing PIN input. I’m not sure you know that. For that feature, you just input the first half of your PIN and then you see a word. If the word is cracked, you input the second half of your PIN. So this kind of tactic can prevent evil maid attacks if a evil maid exchanges your product into something with malware on it. You can call the paranoid, but this kind of feature really helps people to protect them from different kinds of attack vectors. If you ask me to criticize Coldcard, I think the bad part for Coldcard is that my wife cannot use it.

Lixin Liu (01:02:02):

But as NVK said he’s designing Coldcard for himself and for people who are like him. I think that is not a disadvantage. It’s the product positioning. So NVK is just trying make a product for himself—not for my wife—so it’s not a disadvantage. But if it’s more user-friendly, I think it’d be much better for Coldcard. For Ledger, I really admire Ledger because they introduced the secure element into the industry. But I think if ledger can open source more on the secure element—like the firmware, I think that would be great. Yeah, that’s, that’s full ledger. I’m a user from the first generation, Ledger Nano S, and one disadvantage is that you need to install the apps into your Ledger Nano S to support different kinds of coins. And usually the memory is not enough. So sometimes if you wanted to add one more coin into the Ledger Nano S, you have to delete some old one. So that’s a disadvantage of the Ledger.

Vlad Costea (01:03:37):

What about the BitBox?

Lixin Liu (01:03:42):

The BitBox—I was not a user for the first generation. Yesterday or the day before I just got the BitBox02. So I cannot share too much about that because I haven’t got time to put my own hands on the product, but I think BitBox, they are very clever by separating the product into two versions. One is for the multi-chain version and a second one is BTC-only. I think the BTC-only version brings some simplicity into the product for people to have a better feeling for the product, because simplicity always brings security. So I think that’s very smart for BitBox.

Vlad Costea (01:04:39):

So you haven’t found anything that you don’t like about it yet?

Lixin Liu (01:04:45):

I didn’t play with the second generation and I was not a user of this from first generation. So currently I cannot say anything to criticize BitBox.

Vlad Costea (01:05:02):

Then what about the KeepKey, which I guess has been around for 4 or 5 years?

Lixin Liu (01:05:08):

Yeah. Actually I’ve been using KeepKey in early days, but I didn’t follow KeepKey’s later updates too much. In the early days I used it. I still can remember that KeepKey’s software wallet experience is much better than Ledger, because it’s very simple and easy to get your hands on it. If I remember correctly, it only supports Bitcoin, Ethereum, Litecoin, and another coin—only 4 coins on it, and it’s super easy to play with. You don’t need to worry about the different apps. You don’t need to worry about different features. It’s very simple to start to using it. So it’s very user-friendly I think. But again if you asked me to criticize KeepKey, I think the downside is that it doesn’t come with a secure element. I think that’s the worst part, because from my perspective, a secure element is a must.

Vlad Costea (01:06:17):

Yeah they began as a clone of the Trezor, but provided that large screen which shows the entire address and that’s nice. It’s robust. It’s nice. I didn’t like that it has that connectivity issue, which they never fixed. Sometimes when you connect the cable it just doesn’t work.

Lixin Liu (01:06:39):

Oh really? Okay. I didn’t use KeepKey too much, so I didn’t encounter this kind of issue before.

Vlad Costea (01:06:48):

It happened to me and then I went on YouTube and I saw that somebody else had the same issue and I said, Okay, it’s common—I didn’t get a defective unit or something. But it’s solid and it’s very robust and the cheapest on the market right now.

Lixin Liu (01:07:10):

Yeah. I still remember one little detail of KeepKey that is you need to long-press the button to confirm a transaction. If you stop during the full-circle, the signing stops. So that’s very interesting, this kind of little interaction on the product.

Vlad Costea (01:07:42):

So I wanted to ask you something else about the Cobo Vault software. Will you allow connection or connectivity to a full node that is owned by the user to minimize the amount of data that gets shared and increase privacy basically.

Lixin Liu (01:08:01):

Currently for the first generation software, it’s connected to our node. I think Trezor is doing the same thing because just like Trezor, we are a multi-chain wallet, so if you are building a multi-chain wallet, software structure wise or development structure wise, it’s easier to send a message to your own server and ask your own server on your own node—or the vendor’s node—to give the user their balances. And the other verification information. It’s much easier to build the multi-chain wallet on this structure. So for Cobo Vault first generation, we follow this structure currently, and also it’s a mobile app. So we’re not supporting connecting the software, wallet to a full node or something like that.

New Speaker (01:09:05):

For the second generation, for the most normal or average users, we will still follow the strategy, but like I said, the QR code is easy to encode and decode. So you can easily make it compatible with Electrum or with your full node, with your Bitcoin Core, it’s very easy. Also for the second generation, in our roadmap we are going to develop a SPV software wallet on the mobile site for Bitcoin only. It would be SPV so it will have better privacy protection than the normal version of the software wallet, but it’s not as good as full node. Again, if you wanted to play with the full node with Cobo Vault, currently I think the solution for you is do it with Electrum or Bitcoin Core.

Vlad Costea (01:10:11):

Right. And speaking of privacy, I want to ask you something else. So let’s say that I go on your website right now and I ordered a Cobo Vault for $479. That’s the price right now. And are you going to store my home address or does the Cobo Vault have a serial number that you can track and associate with me as a user?

Lixin Liu (01:10:36):

The website where you place the order, this website is built on Shopify. It’s not built by us. Shopify is a Canadian company that provides this eCommerce platform, or you can call it an eCommerce solution, for companies like us. You can also take Shopify to WordPress if you wanted to build your own blog. So it’s just a platform. Your order information is not stored in our server, but it is stored in Shopify’s server. And here another thing I can share is that Shopify has a really strong bounty program. If I remember correctly, Shopify has the highest paying bounty program on hackerone.com.

New Speaker (01:11:44):

So you can take Shopify as a eCommerce platform that is the most secure eCommerce solution currently in the world, even though it’s not very cheap—it is much more expensive than other competitors. So we use Shopify and your address is in Shopify’s server, not in our hands. And for our second generation, for your serial number, we never transfer your serial number back to our server. So that means, if you use the software wallet on the mobile site, we will see that the crypto moves from here and there, but we cannot associate those funds with a specific serial number of the hardware device. And later after we open source the firmware, after we open source all the code of the second generation Cobo Vault, I think it’s very easy to verify that we didn’t transfer any serial number back to our server—this kind of thing. It will be very transparent.

Vlad Costea (01:12:57):

All right, so there is no way for your company to know that it’s I who owns like 0.5 Bitcoin and know that because I connect to your servers basically.

Lixin Liu (01:13:07):

No way, no way.

Vlad Costea (01:13:08):

So you have this watch-only power, right?

Lixin Liu (01:13:10):

Yeah. We know that someone is using Cobo Vault and he has 0.5 Bitcoin. We only know someone does but we cannot associate this 0.5 BTC to a specific serial number or to a specific address. We cannot do that.

Vlad Costea (01:13:33):

Okay, that’s good to know. And I always ask this question because it’s useful for privacy.

Lixin Liu (01:13:41):

Yeah. I think everyone of us should pay attention to the privacy because the privacy is like the future of your security. If you don’t pay attention to your privacy one day you or your assets would be lost.

Vlad Costea (01:13:59):

Yup. It’s like a predetermining factor. If you give away too much information, people can just collect it and figure out patterns and see stuff and they can social engineer to find out more about you and what you do and any kind of information that you can also put into passwords and stuff like that. It can get hacked. And with Bitcoin it’s even more delicate because unlike your bank account where your money can be recovered by the bank, there is no third party that can recover your Bitcoins ever. So I guess this is the worst kind of hacking. If somebody steals your TV from your house, I guess you can find that TV by serial number.

Lixin Liu (01:14:56):

Somehow. Yeah. Also the TV’s leaking electronic waves, so you can check their waves. But for hardware wallets it’s protected.

Vlad Costea (01:15:10):

Yeah. And usually I look at this whole community and I realize that Bitcoiners are much more cautious about both their security and their privacy. And sometimes I ask myself, why doesn’t this happen to the Ethereum people? Why do they seem to be so confident about their light wallets on their phones? And they don’t care much about running their full notes to validate their own transactions and be sure that the balance that they have is actually real and is verifiable according to their own full nodes. Why do you think that these altcoins holders don’t care much about custody and security?

Lixin Liu (01:15:59):

I think for Bitcoin and for altcoins, just like you said for the chips, they’re not born equally or they are not born in the same situation. So for Bitcoin it was born to fight against the bad privacy situation under your governance. And also the purpose of Bitcoin is to give you full financial sovereignty. I think that’s the whole purpose of Bitcoin. And after the birth of Bitcoin, everyone is trying to improve Bitcoin to achieve that. So from my perspective, privacy and the security of your assets is naturally born with Bitcoin and everyone takes that for granted. If I own some Bitcoin, I want to maximize my security, my privacy to better protect my assets from other third parties. But for other coins like Ethereum or EOS or TRON or anything they were not born for this purpose. They were born for building another world computer or they were born to build another ecosystem for something else rather than for security and privacy. All the coins, BTC or other altcoins, they have their own positioning. For Bitcoin it is helping people to gain your personal or your financial sovereignty. So that’s why I think BTC HODLers care that much about security and privacy.

Vlad Costea (01:18:03):

All right. So Lixin, I’m not sure if I have any more questions for you at this time. So I want to thank you for your time and I know it should be kind of late in China right now.

Lixin Liu (01:18:16):

It’s okay. It’s okay.

Vlad Costea (01:18:18):

So do you have any closing words or anything that you want to say?

Lixin Liu (01:18:23):

I think we have done that a lot of work on the second generation and with the first generation Cobo Vault it’s proved with the miners here to be the most secure hardware wallet in China. And with the second generation we see—with a better price, with PSBT, with QR code completely air-gapped interaction—we want to help more people in the States or in Europe to better have their crypto in security hardware wallets. That’s what we want to do. And also we’re open to cooperate with any third party wallets to make the products work together and also we are open to any opportunity to co-brand on the Cobo Tablet. I think that’s the final word. Thank you.

Vlad Costea (01:19:35):

Okay, I wish you the best of luck and thanks for doing this interview. I guess it’s useful to step outside of the usual big names.

Lixin Liu (01:19:46):

Yeah. Thank you too. Thank you so much. By the way, I really liked the intro music of your podcast. It makes me feel really futuristic and something very cypherpunk. I really like it.

Vlad Costea (01:20:02):

Oh, thank you. I actually recorded it and it’s my composition.

Lixin Liu (01:20:08):

Oh really? Oh that’s really cool.

Vlad Costea (01:20:12):

Yeah. Thanks.