Interview with SatoshiLabs CEO: The Future of Cryptocurrency Security will be Open Source
October 2019 by
SatoshiLabs, the company behind Trezor, the first cryptocurrency hardware wallet in the market, is improving its services and facing many challenges in the cryptocurrency industry.
In a recent exclusive interview with PreciseSecurity.com, Marek Palatinus (or Slush), the CEO of SatoshiLabs, talked about how the company is working to improve Trezor’s solutions and security.
1. Is Trezor the safest cold wallet for crypto assets on the market?
“The short answer is, yes! The long answer is that Trezor devices are designed to give you the tools you need to manage your security independently. If you need a safe place to store and manage your cryptocurrency, then Trezor is right for you. With extra layers of security like PIN, passphrase, and Shamir Backup, you can customize your security according to your threat model.”
2. How is SatoshiLabs dealing with a more competitive landscape in the crypto space?
“By setting standards that others in the industry now follow. We started by creating the world’s first cryptocurrency wallet, and ever since then, the industry has followed in our footsteps. We helped create the standard for recovery seeds (BIP-39), which every crypto wallet now uses. We created SLIP-39, a brand new security standard designed to solve two significant weaknesses our users deal with in their recovery seeds. We’re continually innovating and responding to the needs of our users, which has been our goal from day one.”
3. Could you please tell us what SatoshiLabs’ goal is behind the recently unveiled Shamir Backup Security Standard? How does Shamir Backup work?
“When we created the first hardware wallet, we wanted to improve the way people stored their bitcoins, and ultimately, their digital identity. Now we want to expand our scope to include the whole ecosystem in our continuing efforts to push boundaries and address every aspect of user security. Our goal is to focus on the end user and the problems they’re having.
Shamir Backup counteracts one of those user problems: securing the physical backup of your hardware wallet. When you use a hardware wallet for the first time, you will have to write down a sequence of words, called a recovery seed. That is a physical copy of your wallet’s private key. You can use the recovery seed to recover your crypto if anything happens to your device. On the other hand, if anyone gets your recovery seed, they can use it to steal your crypto. If your recovery seed is lost or accidentally destroyed, you risk losing access to your crypto.
So we solved this with Shamir Backup. Instead of one recovery seed, you can choose to generate up to 16 unique recovery shares. And then, you decide how many of those shares you want to use if you need to recover your wallet (the threshold). So you can generate five shares, and then set the threshold to three. You’ll need any three of your five shares to form the private key of your wallet. How does this help? If someone steals one of your recovery shares, they can’t do anything with it. They can’t use it to steal your crypto—they would need all three shares.
And you can help lower the chances of losing or destroying any of your shares by distributing the shares among different people and places.”
4. Can you explain what the SLIP-0039 standard is? Do you think the SLIP-0039 standard will revolutionize the market in the near future?
“SLIP-39, or Shamir Backup, is an open-source security standard that we created and implemented in Trezor Model T, which is the first hardware wallet in the world to implement it. It really broadens our focus beyond the device itself. Now we are working to address the whole ecosystem of how people independently manage their private data.
We saw a gap in the market: people needed a way to back up their private data in a decentralized way; Shamir Backup is another step toward making backup less digital and more physical, more real, while addressing the nuanced needs of our users—as opposed to the all-or-nothing option that the recovery seed gives.
It’s already revolutionizing the market; it’s on the roadmap for multiple wallet companies, and it’s already being used by companies like Unchained Capital. And this is why we do everything open-source. It’s better for the industry, and it’s better for the end-user because it drives innovation and better products, to their benefit. Previously in the security industry, every company would do its own thing; but we come from the culture and philosophy behind Bitcoin. We believe the best way to move forward is to make open-source standards for anyone to use.”
5. The cryptocurrency market has been affected by hackers and massive attacks to exchanges and companies, how do you see the evolution of the space and how is Trezor getting involved?
“All those hacks really drive home the importance of having the right tools to manage your own security. Cryptocurrency lets you be truly independent of any institutions or other third-parties—including exchanges. We want to make it as easy as possible to handle your own security, so people are confident about taking their data security in their own hands.
If you keep your crypto offline and off of exchanges (and you really should), then you don’t have to worry about those hacks. Trezor is the tool you need to get that confidence and peace of mind.”
6. As the CEO of one of the most recognized companies in the cryptocurrency market, do you believe hackers in the industry will ever be stopped?
“No. But you can escalate your security and follow best practices to discourage hackers. Don’t make it easy for them to hack you (i.e. don’t store crypto on an exchange, don’t broadcast how much Bitcoin you own, protect your recovery seed). If hackers know that a lot of assets are stored in a centralized service, they have more incentive to attack that single point of entry. But when you store assets in a hardware wallet, then there’s no one place that they can attack and access a huge collection. Without hardware wallets, the entire crypto space would be extremely vulnerable to attack, and it would severely limit what can be accomplished or innovated since it would stunt the space’s growth and availability to the general public.” 7. What are SatoshiLabs’ goals for the next two years?
“Let’s just say, if you were surprised by the last several years of our success, you’ll be impressed by the next two. We’ll continue pushing the boundaries of what’s possible for independent self-sovereign security. We will continue focusing on the end-user while upholding our open-source philosophy.”
8. How did the bear market affect SatoshiLabs in 2018, and what do you expect for this year and the next one?
“We’ve been on the market long enough to have seen it happen before; we weren’t surprised or caught unprepared, and the same can be said for the future as well.”
9. Do you consider Quantum computing a threat to the future of cryptocurrencies?
“No. While Bitcoin is quite conservative, there are pre-existing principles that make it possible for it to evolve technically in the face of any systematic risks coming from quantum computing; however, it’s a bit soon to address this.”
10. How do you think the future of cryptocurrency security will evolve?
“The future will be fully open-source; right now, microprocessors are still closed-source. In the future, they’ll be fully auditable. When decentralized projects like Bitcoin rely on closed-source, proprietary parts like MCUs, it creates a huge potential for systematic risks. That’s why I think open-source hardware is the next stage where open-source philosophy can disrupt whole industries.”
11. How does cryptocurrency wallet security differ from security measures applied by banks and other financial institutions?
“For banks, user security is just about making sure you can authenticate yourself to the bank, a third-party institution. The security of your identity and your funds is entirely in the hands of the bank.
Crypto security needs to be much more solid, because Bitcoin transactions are irreversible, and there are many hacks and phishing schemes to watch out for. If a wallet’s security is breached, there’s no way to get your bitcoin back. Without any third-parties or intermediaries, you’re the only barrier between your assets and any threat.
But that personal responsibility, as scary as it might sound, comes with so many benefits, like personalizing your security according to your threat model to make sure you’re getting the best.”
What advice would you recommend for anyone who has lost their security key/wallet password or family’s of deceased relatives when this happens?
“Unfortunately, this is exactly how so many bitcoins have been lost already. This is a very real danger that is irreversible, so the advice I would give is to avoid ever getting into that situation, by using tools like Shamir Backup to make sure you’ve counteracted the threat of loss. For example, you can distribute your recovery shares in a way that enables your family to recover your wallet – perhaps with the help of a lawyer – if anything happens to you.”