3

if you have a nano ledger, you can access your coins with the ledger live app. Even if the device is not plugged in, I can still see my currency from the app. You are given a 24 word recovery phrase when setting up the nano ledger.

What makes this any different from a software wallet like Electrum? The electrum wallet has a seed phrase just like the hardware wallet, no? If I can access ledger live from either my PC or phone, I don't understand what makes the two any different? Is it the case that you can not trade or transfer coins unless the physical device is plugged into the PC or phone with the app open?

What is the differentiator between the two that I am missing?

aownaf1239123
  • 31
  • 2
  • Electrum also supports offline signing (aka cold storage), which shares the core idea of a hardware wallet. – Chris Chen Jun 25 '20 at 03:45

2 Answers2

3

The difference is that the private keys that allow you to move your Bitcoin are stored on the hardware wallet itself.

Bitcoin uses asymmetric cryptography. This means that a "key" has two components: the private key, and the public key. The public key is computed from the private key and can be shared publicly. The private key is randomly generated and needs to be kept private.

Hardware wallets store the private keys and provide a way for software to communicate with the device. Software will create transactions (and other data) and ask the hardware wallet to sign it with its private keys. Furthermore, those hardware wallets also allow the software to ask for its public keys.

So your software wallet on your computer (like ledger live) asks the hardware wallet for a public key. It then saves that public key on your computer and generates the address for it. Then it can search the blockchain for your transactions and be able to see your balance. In order to spend your Bitcoin, you need to plug in your hardware wallet so that the software can request it to sign transactions.

Software only wallets (such as a default Electrum wallet. Note that Electrum can work with hardware wallets.) save the private keys on your computer. You don't need a separate device to sign transactions; the private keys are stored on your computer and everything happens on your computer.

What this means is that if your computer is compromised with malware, with a software wallet, that malware can steal your private keys. With a hardware wallet, because the private keys cannot be retrieved from the hardware wallet and because the keys are stored on the hardware wallet, the malware cannot steal your private keys. In this way, your funds will be safe.

The 24 word recovery phrase is a BIP 39 mnemonic. It is a representation of the private keys in your wallet. Modern wallets use this and BIP 32 Hierarchical Deterministic wallets. BIP 32 allows for many private keys to be deterministically generated from a single randomly generated seed. So BIP 39 provides the seed and BIP 32 generates the actual private keys that you use.

In this way a wallet can store generate and store a single random seed and derive the actual private keys and public keys on the fly. BIP 32 also allows public keys to be derived from public keys. So for hardware wallets, they will export a single public key and the software can derive further public keys from that.

Both software and hardware wallets use things like BIP 39 and BIP 32 (Electrum has an alternative mnemonic scheme, but they still use BIP 32). The difference is where the seed is actually stored.

Ava Chow
  • 70,382
  • 5
  • 81
  • 161
0

Hardware wallet is a dedicated, air-gapped (offline) device with its own buttons and screen, with security mechanisms similar to SecureBoot which blocks unofficial firmware. It allow you to generate your private keys and then use them to sign transactions always in a secure, offline environment.

When you are signing a transaction it also allows you to examine the transaction details without the risk of being tampered by malwares, that's why it has its own screen and buttons.

It can also display your receiving address (and its QR code) on its own screen, so that it won't be possible to be tampered by malwares. (I'm not a Ledger user. It seems that the QR code feature is not supported by Nano S? I'm not sure. However this dosen't really matter as long as you check the address carefully after scanning the QR code) However this security measure can't work if you or your transacting counterparty (like an exchange sending withdrawal to you, or accepting depositing from you, where most exchanges are in fact a website in a browser, so that a malicious browser extension is totally able to tamper the address) can only see tampered address, that's sadly one of the inherent limitations of hardware wallet. To my knowledge only in a face-to-face scenario can the participants of a transaction be immune from this risk.

Not like the case of PC that processes can inject code to each other freely (and even worse, inject to the kernel), so that malwares could be really ghosty, hardware wallet doesn't allow installing arbitrary things on it, which creates a very secure environment. The firmware of hardware wallet is digitally signed by the manufacturer, so that the device can validate them, and then refuse to install or run a unofficial firmware.

(However, sadly this assumption that "only official firmware can be installed" does not really hold in reality sometimes, that some famous hardware wallets have been reported to have vulnerabilities allowing to bypass such limitation)

(Besides, there's also a potential risk called "supply-chain attack", that the hardware wallet device can be tampered/substituted during manufacture/delivery)

You are given a 24 word recovery phrase when setting up the nano ledger

That's your mnemonic phrase. All your private keys are derived from it. It can control whole your wallet, so it's very important.

you can not trade or transfer coins unless the physical device is plugged into the PC

Of course. Anyone cannot spend these coins without private keys. The private keys never leave the hardware, that's the point.

However, just as you can see, since all the private keys can be derived from the mnemonic phrase, you still have to keep the mnemonic phrase safely.

Especially, don't type/photograph/screenshot/store it on any electronical device (except the hardware wallet itself). Just write it down on paper.

I can still see my currency from the app.

Andrew Chow has explained this. You don't need the private keys to obtain the transaction history and final balance. Only public keys (or addresses, which are essentially hashes of pubkeys) are required to obtain such info.

To improve your privacy, most wallets avoid address reusing by generating a brand new address for each transaction, either sending (where the new address is used to receive the change) or receiving. BIP32 HD allows the wallet to derive almost infinite addresses from one single seed, and what's more, it allows the wallet to derive pubkeys (addresses) without the private key, therefore, you can avoid reusing an address with ease.

Note that BIP32 also has an inherent weakness that as long as you can derive "child" pubkeys, a single leaked "child" privkey would lead to leaking all the other child privkeys as well. BIP44/49/84 mitigate such risk by deriving the "parent keys" through "hardened-derivation", so that the influence of a potential breach would be within a limited range. However, since a lot of people use only one single account (defined in BIP44/49/84, which is a subset of address/privkey pairs, where different accounts are isolated from each other), one single currency (like Bitcoin), and one single address type (like 3-starting compatible SegWit address), this mitigation may not take much effect. How to deal with this problem? Simple, don't mess around your private keys carelessly. Just take good care of the mnemonic itself.

Chris Chen
  • 944
  • 4
  • 15