Just one year ago, you would be hard pressed to find more than a handful of cold storage solutions for your cryptocurrencies. Bitcoin launched in 2008 and it wasn’t until 2014 that two hardware wallets were launched that are still leading the pack today - Trezor and Ledger. At the same time as the launch of the Trezor, another option which was designed more like an early Nokia style “brick” mobile phone with a low quality screen called Hardbit came out.
“When it comes to crypto wallets, hot is the new cold.” - Joseph Lubin, ConsenSys founder and Ethereum Co-founder
Not only were the options extremely limited for a method of secure cold storage, but the featureset on these products was not nearly as diverse as it is now. They were primarily for Bitcoin (BTC) storage only. However, in the past year novel forms of cold storage seem to come out more than once per month. And at this point, it looks like the Hardbit device was on to what the customers truly wants - everything available on a smartphone, but the same one the user already owns.
TrustVault Institutional Mobile App
Trustology has been at work on their newest development since closing up their initial seed round last year for a modest $8 million led by ConsenSys and Two Sigma Ventures. Yet, the company has already collaborated on projects with major banks such as BNY Mellon, RBS and Barclays.
“It allows you the ease of a mobile phone, but really what we always talk about is a TrustVault account. If you mention the phone, people think it’s just a phone app. But that’s a bit like saying my bank account is just the mobile bank app. It looks like a simple app, but the real power is in the service behind that.” - Alex Batlin, Trustology’s founder and CEO
This first version of TrustVault is available only in the Apple UK App Store at this time. The company has designated the Google Pixel 3 phone as the next target for operating their app.In addition, it is only compatible with storing BTC and ETH, however the company expressed that it will soon have the ability to handle any ERC-20 tokens. The app leverages a combination of hardware security modules (HSMs) operated by Trustology with verification processes distributed among secure data centers.
“To move money you have to be able to sign the transaction with the key inside your phone and send it to us. We then load the appropriate policy file and then only if that key is mapped to the key inside the HSM do we re-sign that transaction with the real key inside the HSM.” - Alex Batlin
Because of this, transactions can take up to 48 hours. However, the company claims this to be the price for having the utmost secure cryptocurrency storage with a user-friendly app. But within the next six months, it’s likely there will be numerous launches to compete with the
Indeed, like a bank, Trustology identifies its customers upfront, and if the phone is lost, the account can be recovered with the company since the private keys to the crypto wallet are not stored on the device.
Yet involvement of humans in certain parts of the setup process doesn’t mean this is a typical cold storage solution, which can take up to 48 hours to get assets out. Once the user is on-boarded, TrustVault is almost entirely automated and takes a fraction of a second to move funds
“The problem with the person scenario is you absolutely reduce cyberattack, but you now increase the physical attack. Because in the end, an individual is just a very slow network connection.” - Alex Batlin
HODL the phone
A slew of blockchain phones has hit the market of late, such as the Samsung Galaxy S10 or the HTC’s EXODUS 1 and Sirin Labs’ Finney – and they all offer some method of storing keys.
For example, Samsung’s S10 touts what it calls “defense-grade Samsung Knox,” as well as storage backed by hardware and so on. But one suspects the goal for Samsung is ultimately the possibility of connecting to Samsung Pay in the future.
For now, TrustVault is only compatible with iPhone because historically it’s the only phone with an enclave secure enough for this type of custody service, Batlin said.
However, Android compatibility is coming soon, he said, in the form of the recently released Google Pixel 3 phone.
“It has something called a Titan M chip which is very secure, more secure than the iPhone. So we will be working on an Android version, but it won’t be for every device; it will only be for the more secure ones” - Alex Batlin
The nuts and bolts
Trustology has tried to put everything in hardware. “We took the tried and tested HSMs, which is what banks have been using for SWIFT network and many other very highly secure systems, but we customized the firmware,” said Batlin.
When the app is launched, a cryptographic private key is created in the iPhone enclave, followed by bank-grade know-your-customer (KYC) process which ties the non-extractable key to the user’s identity. Note that this is not the same key that directly controls the user’s funds.
The next step is to create a key account with TrustVault, a request which is signed by the private phone key. A private key is then created inside the HSM and a “policy file,” which associates the key inside the phone with the one inside the HSM.
From there, the user’s public address becomes the equivalent of a bank account, said Batlin.
In addition to the minimum viable product (MVP) being launched today, TrustVault is also being offered to financial institutions as a white-label service they can provide to their customers. Batlin said there is demand from top-tier and mid-tier banks.
There will be a range of business models going forward (the early adopter MVP comes at a simple flat £4.99 a month subscription) depending in part on insurance, which Trustology is in the process of arranging, he said.
, described Trustology in a statement as “industrial grade security, but available to anyone” and added,
By: BGN Editorial Staff