The goal is to keep the access to our funds and never expose them to any malicious actor, hence the main focus is SECURITY.

To better address the issue, first we must understand the critical points of the signing process. A wallet generates a private key (preferably a BIP-39 mnemonic phrase), which will give access to “accounts” on the blockchain. The generation itself is key in security. If it is hostile, then the vicious party has nothing else to do, they know (or are able to deduct) your secret phrase and will just wait for you to move enough tokens to your account.

Since we mainly cover hardware wallets where the private keys are stored in a specific hardware device, let’s first dig deeper into this subject. A straightforward option is to use a custom secure electronic device specifically designed to resolve this issue. Ledger uses two microchips in their design, where one element is dedicated to executing the cryptographic functions and evaluation. It is arguably the best solution to protect private keys, however in this case you must trust the secure chip manufacturer that the chip does what it’s supposed to do.

In the case of the Trezor device, you have an open-source architecture. If you are able to validate that your Trezor is running a specific firmware, then you are good to go, your generation process works as intended. So we found the best solution? Not really. Validating a firmware is called attestation and it is an active research area with a lot of possible attack vectors. To be able to validate with the method Trezor uses, you must keep your code-base compact to avoid any additional attack surface. There have been numerous hacks against the Trezor firmware already, and due to its connection to a computer via USB cable, an attacker could possibly steal your funds if your PC gets compromised.

Next critical issue is the connection itself during the signing process. If your device is connected to the internet (e.g.: mobile wallets), then you expose yourself for every possible attacker there is. If you are connected on cable, then validating the communication requires technological skills, and you just use your device as an additional “firewall” to your keys. Learning from the above a cold-wallet is a must, where you keys never touch any device, which has ever been connected to the internet.