They say that when you don’t like something, you should build your own. Well, Satoshi Labs (the company behind the Trezor hardware wallet) has announced the launch of Tropic Square: a new project which aims to create truly open-source and transparent chips.
This sibling company would effectively remove the need to sign NDAs and trust third parties, by integrating public peer-review and helping the end-user avoid blind trust in certifications that they can’t verify themselves.
Tropic (TRuly OPen IC) will support the development of more secure Trezor hardware wallets, and also advance the entire chip-manufacturing industry. If the project succeeds, then all hardware wallet companies will benefit from this type of innovation because everything is transparent and open source – just like the Trezor devices have been since launch.
The story of the Tropic Square project echoes the spirit of many Bitcoin ventures: a group of disillusioned people can’t find off-the-shelf chips to satisfy their transparency demands, isn’t not happy with the idea of signing NDAs (non-disclosure agreements), and therefore they decide to start doing the research necessary to build their own chips.
“We want to provide access to design specification, verification, and testing without obscurity”, says Tropic Square’s launch video. And it’s going to be interesting to see to which extent the company succeeds in delivering chips that fit this philosophy.
What does Tropic Square mean for Trezor and hardware wallet security?
Trezor has always prioritized transparency and accountability over hardened physical security on their devices. As co-founder and inventor Slush has explained in S4 E8 of the Bitcoin Takeover Podcast, there’s a huge tradeoff involved in using secure element chips and it works against both the company building devices with the chip and the customer who blindly trust certification.
Yet this came at the cost of receiving bad PR each time someone gained physical access to a device and extracted the seed phrase from the chip. The wallet.fail team has hacked the Trezor, Josh Datko and Chris Quartier have exposed vulnerabilities during the DEFCON 25 conference, and more recently the Kraken Security Labs have brute force attacked the PIN of a device.
While it’s true that Trezor has never claimed to be physically secure, their competition has quickly moved on to adopt more or less transparent secure element chips. Ledger is at the lack of transparency extreme with a black box design (that, to their credit, wasn’t hacked yet), while BitBox, Coldcard, and Cobo use a hybrid approach which open sources some parts of the design.
As he revealed during his Bitcoin Takeover interview, Slush did create a secure element prototype of the Trezor. However, he wasn’t happy about the verifiability tradeoff. At the time, he said: “I have a Trezor with secure elements on my table. We have R&D in this area. But we still don’t think any of these solutions is strong enough to really deliver this product and say to people: you can trust this.”
By launching Tropic Square, Satoshi Labs will be able to do more research and development in the field of security chips. If they succeed, they won’t have to trust a third party with NDAs and other agreements, and can truly design the kind of physical security that users can trust specifically because they are able to verify it.
Right now, potential customers, security experts, and investors can sign up to Tropic Square’s newsletter and find out the latest information about the project. While the scope is ambitious, there is still a long way to go until we have security element chips that are uncompromisingly verifiable.
Yet it’s still endearing to see attempts to improve existing issues with the power of open source development. This is what we mean when we say “Bitcoin fixes this”.
Donate to Bitcoin Takeover!
Bitcoin Takeover is an independent project which aims to deliver Bitcoin content (podcasts, articles, and videos) of uncompromising quality. By making a donation, you are incentivizing me to continue and spend more time working on it.
If you’d rather dump your dirty criminal fiat on me, you’ll find a Patreon option which also grants you some membership benefits: https://www.patreon.com/bitcointakeover
And if you prefer the convenience of the Lightning Network, use Tippin. Hopefully soon I’ll raise enough funds to get a Raspberry Pi and run BTCPay server (so I don’t have to rely on a custodian service): https://tippin.me/@TheVladCostea