Trent Lapinski interviews Ruben Merre, CEO of Ngrave.io. In this episode Trent and Ruben discuss blockchain security and their new crypto hardware wallet the Ngrave Zero.
Automated Transcript (may contain errors):
Ruben Merre: 00:05 what we focus on is security so that people can invest in it and don’t have to worry about the fact that it’s tomorrow, the investment might just be disappeared. We are really applying the most paranoid model you can think of. So this is our hardware wallet. It’s called the Ngrave Zero. And so we came up with the idea by thinking first about what is actually wrong with all the existing solutions. So if you think about it, if you’re not sitting in the same room as me, you cannot, you can not attack me anymore, which is of course incredibly secure. And that’s, let’s see the remote dectector we removed that completely. And then we have a physical attack factor. So the device, we build it from scratch with one of the world’s leading r and D and innovation institutes on none of electronics. Um, and so basically we built this from scratch with their experts to make sure that if somebody gets their hands on these devices on the Zebra and tries to open it up, the device will wipe itself, your keys will be gone. And then obviously we have the second template as a backup.
Trent Lapinski: 01:16 Welcome to Techpost. I’m your host Trent Lapinski. In this episode I interview Ruben Mirror. He’s a CEO and founder of ingrained there are hardware crypto wallet solution. And in this episode we talk about how they’ve solved for most of the vulnerabilities of existing hardware wallets and what it takes to generate secure private keys. This is an amazing episode if you’re interested in learning more about cryptocurrency. So please stay tuned.
Trent Lapinski: 01:51 welcome to the podcast. I’m here with Ruben. Tell us a bit about who you are and what you’re working on.
Ruben Merre: 01:56 So I, everybody I trend, yes, I’m Reuben, a Reuben Mirror, if I say it with an English accent, um, and the CEO and go find a roughing grave. But we basically do in a nutshell is we take away, we remove the most important attack vectors of your blockchain wallet. So we have built a solution that is completely offline and we think about hardware wallet. It’s a completely offline hardware wallet. There is, there are no online attack factors anymore. We don’t have any connection that we need. So we don’t need USB NFC for g any kind of network capability. And that means that we actually effectively have taken away the whole online attack factor that comes into mind. And basically, which is the most important way that all crypto wallets today get a get hacked and compromised. Um, and then the physical device itself, we build it together with a world’s leading experts in their fields, in nanoelectronics, in a hardware security, in applied cryptography to ensure that the device itself physically, because that that’s the last kind of attack sector that exists.
Ruben Merre: 03:00 If you attack it, if you try to open it up, if you tried to preprogram it, the device has been tamper-proof on many, many different layers to basically ultimately self-destruct and watch your keys away. And that’s only number one, part one of our solutions. So we are actually bringing out the first end-to-end, uh, solution to managing your private keys to managing the access keys, the credentials, the private keys, or the master receipt to your cryptocurrency wallet. And we have thought about all the what if, so if you have the first one, if we should think about is what happens if I lose my device? Um, today’s market gives you a base of piece of paper. We give you a cryptographic puzzle made of two stainless steel plates is deliberately done completely non-electronic because electronics can degrade. And the thing is you need both plates to find the key back.
Ruben Merre: 03:50 It’s a, it’s quite an advanced cryptographic principle. Some people might compare it to Shamir secret sharing with sexually something different. Um, the, the core morale there is that if you only have one plate, you have zero information on the key. So you still have to brute force the entire private key, which is basically impossible computationally with the, uh, computers we have today. And then the question becomes, what if I lose that packet? We also have a way of recovering those plates for you, but without any third party risk and we can even go as far as opposed to him recovering those plates and getting them to your next skin. And by doing that, we basically created a fully end to end solution, the first one of its kind. Um, but I guess that’s more about engraved in about me. So,
Trent Lapinski: 04:39 Hey, no, that’s what you’re working on. So it’s a really, it’s a fascinating concept what you’re working on. I love the fact that, you know, you’re trying to solve for all these use cases because unfortunately right now when it comes to crypto wallets and hardware, it’s a mess. I mean, you know, you’ve got all these different devices. Like you said, you’re literally storing your private keys on a piece of paper. Um, you know, paper wallets in some cases. You know, now we’ve got no custody wallets, which just use like a QR code, which I can’t even imagine how many potential security issues that I can raise. Um, obviously you probably don’t want to s anyone who’s listening. You probably don’t want to store a lot of crypto in a noncustodial wallet. But, um, you know, they’re, you know, there’s so many different vectors and challenges and we’ve, we’ve seen this with, you know, people who have left a lot of their crypto and exchanges.
Trent Lapinski: 05:35 They’ve been, you know, they’ve had their cell phones hacked because you know, a lot of people enabled like two step authentication. So we literally had this situation where people were like calling at and t or Verizon and pretending to be the user and like get spoofing their numbers and getting access to their phones and, you know, switching their phone to a different device that, you know, the hacker had to, I mean there’s, there’s a lot of pitfalls with the existing security solutions when it comes to managing crypto securely. And then for a lot of companies, you know, like that are in the blockchain space, they have to figure out like how they’re going to exchange crypto. So many cases, a lot of these companies have to essentially become an exchange themselves or at least have some initial exchange functionality within their blockchain or their blockchain project. And then they now become vulnerable to all of these, you know, all of these hacks. We’ve seen this number of watching companies since, you know, kind of the 2017, uh, boom there. And you know, there’s been a number of people who’ve walked away with millions of dollars in crypto because you know, they just took that little piece of paper, that private key and millions of dollars of crypto it, you know, were stored on one, a hardware wallet and a yeah, they disappeared all it. And that’s it.
Ruben Merre: 06:57 I think a good example, there is a, the Winco vase product set it themselves not so long ago that they basically cut their piece of paper, that paper want in to and then stored it to different places. Um, well paper Wa as for one, it’s the worst part place where you can actually write down your, your, your key. Because if you just spill a bit of water or coffee on it, you already lose your, your all, your bitcoins. Um, so towards them I would really say, just have a look at our Graffina solutions called in gray for graffiti. And that’s the, that’s those two plates. So these two plates are made of stainless steel, um, and they can withstand a house fire, corrosion, water, uh, [inaudible]. You can basically put them in a vault and they will not fail. Just like paper. They will not fail in the next 50 years. And the fact that there are two of them and you need both means that you can put them somewhere separate and it’s even harder to basically get your hands on somebody.
Trent Lapinski: 07:51 Well, and then let’s talk about the actual device itself. So I love the concept of the two plates and I mean curity implications of that are pretty obvious, but your device, your actual hardware device that generating these wallets, that’s storing, uh, you know, that’s creating these, these private keys. Can you talk a bit about that and how it works?
Ruben Merre: 08:12 Yeah, sure. Well, I guess this is a podcast right? So I can show this to you. Uh, I’m not sure if I already did that, like one of our previous encounters, but, um, so this is our, our wallet. It’s called called the engraved zero. And so we came up with the idea, um, by thinking first about what is actually wrong with all the existing solutions. And we found that concept, we call ourselves the, the box of Pandora for cryptocurrencies. And for us opening the box of Pandora of Crypto, it’s the equivalent of, um, setting up an online connection. Um, any kind of connection to connected device also falls under that category. So if you look at incumbent hardware wallets, they either use, which is not only friction but also are not very safe. Uh, if people know about it, like the flux net hacks, uh, a couple of years ago were basically, um, very advanced and sophisticated hackers.
Ruben Merre: 09:07 They, uh, were able to replicate the virus simply by the USB drivers on the USB. And so eventually they were able to get into the, um, the atom, um, well where they were enriching and raining, I think it was in Iran, I’m not sure. But even those offline computers, they were able to infect those and disturb the process of enriching that uranium correctly. Um, it’s completely crazy. But, or something like that. Yeah. Stuxnet, Stux and that, so it’s a, so even you’re with a USB connection, like incremental use. It’s dangerous. And it’s the same with NFC, with Bluetooth, with four g basically the moment you have that, all my connection, you’re opening, um, some kind of avenue where hackers can start trying all their Arlen special tricks. So all we’ve done there is we kept it completely offline. You can compare it with setting up a wall in between our device and your private keys and the online world.
Ruben Merre: 10:07 A wall, an offline world, one, like let’s say the game of Thrones wall, but one that doesn’t, uh, fall in the end of the last team. Um, how is that riding for sure. Um, so imagine now that you can create on that device, your private keys or your seat. So you just click on the side of the, of our, of our RL wallet, and if the screen pops up, it lights up and you can create your private keys. And from that point on, the only person who’s ever seen them is you. And you can sign transactions, receive transactions, whatever you want to do with your wallet, without ever even exposing those private keys to secrets, cryptographic keys to online connection. So if you think about it, if you’re not sitting in the same room as me, you cannot, you can not attack me anymore, which is of course incredibly secure.
Ruben Merre: 10:58 And that’s, let’s say the remote attack factor. We removed that completely. And then we have a physical attack factor. So the device, we built it from scratch with one of the world’s leading r and d, uh, and innovation institutes, um, on nanoelectronics. Um, and, and so basically we built this from scratch with experts to make sure that if somebody gets their hands on this device, on the Zebra and tries to open it up, the device will wipe itself, your keys will be gone. And then obviously we have the second template as a backup to protect you against that. So basically you have a device that is effectively the most secure in the world to manage cryptocurrencies.
Trent Lapinski: 11:37 And the thing that I found really interesting too is the fact that you could generate as many wallets on this device as you want. So in theory, you know, an exchange could use this to generate all of their private keys, um, and you know, use one device to be able to do that. And then in print them on those, uh, on the steel plates that you were talking about earlier before, I’m not in that way, they, you know, they’ve got a secure method of generating this that I never touched a computer that was online. Um, I mean that’s basically what you have to do. You have to have a solution that’s not connected to the Internet because if it’s connected to the Internet, it’s vulnerable.
Ruben Merre: 12:16 Yup, exactly. And um, so we are, we are really applying the most paranoid model you can think of. Um, one of the reasons for that is basically our CTO, he has been in the space in the crypto space since very early. He was a victim in the Mangox hack. He was a victim in the Dow hack. Um, and he was working on a project called arcade city and then swamp CD where they raised 40, 76,000 eater in an ICO 2016. And for those who have heard of the parity hack, it’s a famous a heck, um, their project was impacted the most. So they stole 44,000 eater from, uh, the whole ICO, uh, um, bulk of money they had, but they realized it very quickly in the team. And what they did is they replicated the act to all the other projects that were protected by the same smart contracts.
Ruben Merre: 13:06 And they had all those projects, uh, you know, white hat form so that they, so that they basically could secure and safe and safeguards those projects, their money. So they gave it back obviously afterwards. That’s crucial detail. Um, but, um, but ivs, our CTO, that was really one of the reasons why he said I have to go to security. And every time we are building something, we think of every single detail that can go wrong. We are working for a security site. We are working with uh, seven, uh, professors who are basically world renowned for their expertise in cryptography. Um, if you think about all these, uh, cryptographic algorithms that blockchain is based on, a has two 56 shout to shout, we get shocked. The uh, the way that bitcoin actually creates private and public keys. It all stems from either completely from their minds 20 years ago to even today they compete in the Nesta, uh, competition for the next post quantum cryptography standards.
Ruben Merre: 14:09 So we have an amazing, amazing back there of, uh, of these guys and together with them and the technology player and ourselves, we, that’s how we can actually build the best solution. Um, and maybe one interesting angle just to give an example of how paranoid we go. Um, in the creation process, the first thing you do in your device, a lot of things can go wrong. And simple example is an incumbent hardware wallet. They give you a key. They say, here is your are your 24 words, write them down on a piece of paper. That’s it. But who’s to say that they don’t have a whole database of every key? They every January. I don’t believe it’s real possibility. While it always is that it’s super small, but it’s something that we don’t even want to use as a user to worry about. So we basically have taken more or less the same, um, process for generating your private keys.
Ruben Merre: 15:02 But we add additional inputs like your fingerprints, a specific technology such as a photo technology just to make the key better. Um, and we also include one crucial thing that nobody has done before and which is an interaction step between you and the key. And the easiest you can imagine is, um, that you are allowed to change a couple of the characters in the key, let’s say. And by doing that, you know that, okay, even in grief, the guys who made the wallet have no way of knowing what my t can be because they cannot computationally get to it anymore. Um, and obviously we have taken into account the psychology factor. People are predictable and all of those things to make sure that we still have a strong process. Uh, but by doing that, you as user, even in the first step, no Ikea has been generated offline. It’s statistically unique. Nobody else will ever have the same key. There is no process that can predict what kind of key I have. And I’m the only one who’s ever seen it. So I put my bitcoin on that, tried to steal it.
Trent Lapinski: 16:00 I mean, that’s a, that’s quite the solution. And we were talking about this a little bit before we were recording. I mean, ultimately if you didn’t create something like this, someone else was going to have to, because ultimately for Crypto as a market to succeed, we need security solutions to be able to secure, uh, you know, our, our cryptocurrency, there’s not really like, there’s no other path there. There has to be a way to secure your private keys. And ultimately, like I said, removing the internet from the equation, removing computers from the equation, removing all the known attack vectors from the equation, exactly what we’re being to something as simple as a standalone offline device. And then those two steel plates, uh, you know, that’s not ultimately is a, you know, a fairly secure solution for this. Um, and I mean it’s, this is gonna have implications for a lot of these crypto companies so that they can figure out like, Hey, like we’ve now got a secure way of doing this and it’s, it’s gonna enable some innovation for them because right now I know a lot of these companies have to partner with different partners to try and secure it.
Trent Lapinski: 17:12 I mean, people are literally walking their private keys and bank faults and like, Yup, Yup. Taking that kind of older traditional model. Uh, and they don’t have a tool to be able to do that. They’re still just storing their paper wallets. So, um, it’s to be really interesting to see, you know, once your devices on the market, you know, how things start to shift. Is this going to open people up to being able to be more flexible with their exchanges and you know, offering additional layers of security for their users and what that looks like. So Ms ads, you know, adding extra layer of security
Ruben Merre: 17:50 adds a lot of potential to the market and allows people to innovate on top of that as well. Um, for example, I met the guys from skews to a fault. I didn’t know if she knew that, I’ve heard about that company. Um, so what they, what they do is they basically have set up a bunker in the Swiss mountains where they keep private keys for whoever wants to put their keys there. So that’s completely crazy, but it’s, it’s, it’s what crypto needs right now. Um, and we also talked before we were podcasting about, um, centralization versus decentralization and the implicit word, it’s happening between, between them. Um, our first solution now is completely decentralized. So I want meet a continuum of centralization, decentralization, and then looked at every aspect of what we do. And we’re based basically now completely decentralized, meaning that if you buy our solution today as a PTC customer, you don’t need us anymore.
Ruben Merre: 18:51 We don’t, we don’t need to exist after that. And you don’t have to be afraid that the third party will get access to your keys. Now we’re to your plates and so on. Um, and obviously if you know, you know, like Clayton Christensen’s books on the innovator’s solution, the innovator’s dilemma, um, I haven’t read them personally, but yeah, I’ve heard one of the things he talks about is how you can disrupt, disrupt the markets. And we have, we have these existing solutions that, uh, are having already a certain quality. Um, but you have obviously a demand that is, has, has some sort of a statistical continental distribution. And most people at some point, uh, in, in that set at the time is zero. They want, um, the exact capabilities of that solution. Let’s talk about, for instance, smart phones, your smartphone. Nowadays, it can do so many things that you don’t need anymore.
Ruben Merre: 19:46 So the distribution of your demands will actually shifts towards, uh, new layers where you say that is good enough for me. Um, and how this, how disruption typically works is somebody comes with a way cheaper solution, let’s say a first super cheap smartphone, but at some point they’re innovating themselves and they become, they come on the radar of good enough. Um, and people start buying that because they don’t need to buy that expensive thing anymore. And the expensive players, they are actually happy that they don’t have to have that. They don’t have to serve the low margin segments anymore. So they just start to, um, they’re actually happy to meet with, to move up in the market to, to higher ends. Apple’s whole business model, they, they literally have built their business models so that they don’t really serve the lower margin. Yeah. So, so actually apple is kind of an anomaly in that model because normally at some point the, the, the premium player will be out of the market because the player is good enough for everybody.
Ruben Merre: 20:48 You know, a smartphone, like an apple in its weight, it has all these capabilities. Nobody needs them. You can send a rocket to the movies that iPhone two I think so apple hack that model and they’re still capable of grabbing all the demand. But in other industries you really see that it’s a problem almost perfectly. It’s super interesting to see because they’re basically one of the few players that ever was able to just crack that model and don’t be bothered by the fact that there’s cheap smartphones. Um, the brand appeal is amazing. Um, and why, why am I saying that? If you, if you will get that full decentralized model we have now and next to that we have a fully centralized model. The thing is you have people with different demand periods as well. People who want to be completely decentralized, who are super paranoid, they don’t want to have anything to do with even the smallest central is centralized a vulnerability. But the reality is that we are not there and we will probably have to shift a bit towards the centralized version where people say, no, no, I want you to keep my private key or at least the backup in case I lose my plate. Um, so that we actually have to move a bit towards the realized part. And I think a lot of these centralization players today in the markets, if they start from that model, they can actually overcome the centralized partners they have today. But it’s a complex, uh, your session starting in.
Trent Lapinski: 22:10 Yeah. So you’re basically saying start with the decentralized model first and then move backwards towards centralized services on top of the decentralized model. Um, as a way to kind of bridge that gap to help, you know, user adoption in certain use cases for different, uh, solutions. That’s a awesome approach. Cause I told a lot of people in this space like, we’re going to need to start with hybrid solutions. You can’t, it’s really hard to go 100% decentralized from day one and be able to provide the same level of service that people are used to on a centralized system. So you need that kind of a hybrid. But I definitely see the, uh, the benefit of, you know, as from a product standpoint, you really want to build that decentralized product first and then move backwards towards figuring out how can we now create additional layers or services that will then connect in a more centralized fashion so that you can kind of bridge that gap.
Trent Lapinski: 23:11 Because you’re going to probably have customers that are going to be like, complete blockchain purists are gonna be like, I don’t want wanna. I don’t even want to talk to your company again. Like, we’re going to buy your device and you won’t even know our name after this and we’ll buy it with cryptos. You don’t even know who we are. So then you’ll, then you’ll have the guy who’s like, I don’t want to deal with this. Uh, I’m happy for you to have, you know, a copy of the private key on, you know, your secure server system as a backup. And I don’t have to think about it. I don’t have to worry about putting my plates and, you know, a Swiss, you know, mountains, the, you know, in a bunker and that kind of thing. So you’re going to have eventually, probably more people in that camp, um, that it’s going to grow your user base. But at this end of the day, they’re still gonna want your device because they want that extra layer of protection that your, they’re not gonna get from the existing exchanges or any of the existing wallets out there.
Ruben Merre: 24:09 No. Well, I think like you have a couple of, you have a lot of centralized players and their strategies should be different. And we started from scratch and we, we are serving a niche that doesn’t, doesn’t, doesn’t, there is no other player doing this, giving you the full decentralized possibility. If you’re a centralized player today, it makes sense to gradually move it more towards decentralized. But we wanted to start with the end users. Uh, security as the, as the most important goal, taking away every kind of little detail that might jeopardize that. Like even us having the possibility of knowing what your key is. And that’s also what we as users ourselves are looking for. The only place I would ever want to put a significant amount of crypto is on is on the [inaudible] device. That’s why we built it.
Trent Lapinski: 24:57 Very cool. Like I said, you know, this is a, this needed to exist. This is going to bring legitimacy to the market and it’s going to allow a lot of exchanges to have a more secure solution. You know, we’ve seen the hacks, we’ve seen all of the things that have happened. Uh, we’ve seen this battle taking place between decentralized and centralized companies. And the number one thing is centralized companies point to security, which is ironic because they’re also getting hacked on like a daily basis. I mean, apple one was just hacked recently. Um, it was a, I believe it was an AWS employee that got access to their, uh, to their data and stole like a bunch of information. Um, which one was that? I was capital one. Uh, yeah, yeah. Major, major credit card and uh, you know, Financial Company and loan provider vulnerability is not always necessarily even on the technical side if it’s in the human being.
Trent Lapinski: 25:55 Um, it’s actually people that are your biggest vulnerability when it comes to any computer system because at the end of the day, if you can hack the person behind the computer and convince them to do something that isn’t in their best interest, you’re in their system and you don’t even necessarily have to have remote access to their system just as long as you got a human being to do the wrong thing to get you access. That is kind of what just happened with capitol one and that’s going to continue happening. So you’ve removed the, that from the equation because now basically someone would have to physically give someone their, their two plates in their keys and say, here’s my key. And that is pretty much the only vulnerability that’s present is someone would have to physically give those items up. That’s just reality. Your, your, that’s a challenge that, you know, as a tech company, you’re, you’re never fully gonna be able to solve, but you know, at the end of the day, you’ve solved for everything else by having an offline solution. So that, you know, that is the only real vulnerability, uh, is the reality that we live in a three d universe.
Ruben Merre: 27:01 Yeah. And, and I, I guess like, uh, some of the cryptic change hacks are supposedly like inside jobs. Um, we’ve also eliminated the possibility of having even an inside job in, in say, in grief as there as we will never know what your keys. Uh, so, yeah.
Trent Lapinski: 27:19 Awesome. Well, do you have any final thoughts before we wrap up?
Ruben Merre: 27:24 Uh, sure. Yeah. Um, I think a couple of things. First of all, we believe that, um, our, our, our goal is to foster worldwide blockchain adoption and what we focus on a security so that people can invest in it and don’t have to worry about the fact that tomorrow the investment might just be disappeared for us. That is really important. And we also believe that that is something we’re not doing against, uh, incumbent hardware wallets and so on. We think we’re all in this together. It’s a story of challenging each other to become better talking to each other, be it customers, be here, uh, competitors and so on. So it’s a, it’s a joint effort. It’s a, it’s basically all of us together against malicious hackers, against the losing your keys. Um, it’s a sort of a revolution, a blockchain technology and, and we still have to get that community feeding up again and um, and, and realize that, um, and apart from that I would say, so we will be launching a presales campaign as from September. Uh, I think the ninth might be the 16th. So, uh, mid, mid September we will be live with our presales. That’s where you are. We’ll kind of get the steepest discounts if you ever want to buy a solution like this. So definitely keep an eye out on that. You can just go to our website and, um, and ngrave.io very simple. You can subscribe. Now today you get a VIP, uh, um, uh, what’s it called? The VIP status for the rest of your uh, life, uh, crypto life. And then um, yeah, that’s it basically.
Trent Lapinski: 28:53 Awesome. And where else is there anywhere else people can find you? So that’s ngrave.io and
Ruben Merre: 28:58 yeah, so the Facebook handle and the Twitter handle and zone is engrave official and mine is just Ruben and double r e you can find me anywhere and talk to me wherever you want.
Trent Lapinski: 29:13 Awesome. Well thank you for coming on the show.
Ruben Merre: 29:15 Thank you. Trans. A pleasure. As always
Trent Lapinski: 29:23 thanks for watching another uncensored episode of Techpost.io. I’m your host Trent Lapinski and don’t forget to subscribe to us on Youtube and hit that little notification bell next to the subscribe button so that you can get notified when we release new episode. You can also find us on iTunes, Google play and other social networks including Twitter and Facebook at tech post Io. And you can find me personally at Trent Lapinski. Once again, I’m Trent Lapinski and this has been another great episode of Techpost.io. We’ll see you soon.