Trustonic: secure smartphone OS and key handling

Thursday 16 July 2015

Hardware wallets are cool, but they’re another device to carry and maintain. What if you could have the security of a dedicated hardware wallet on a smartphone?

A couple of weeks back I went to a bitcoin meetup to check out a cool new piece of security kit that a local company called Trustonic has been working on.

Read also: the CoolWallet 

Apparently, some 10 percent of all bitcoins have been lost, simply due to private keys being mislaid and old wallets deleted or forgotten about (if you believe that Satoshi didn’t bother to keep the private keys of most of the addresses he mined into, it could be nearer 20 percent).

Trustonic

The security of a hardware wallet, on a phone

Trustonic’s solution is not a separate hardware wallet, like the Trezor. Everyone carries a mobile phone already, they argue, so why not use that? The obvious answer is security. Simply, there’s enough malware around to make keeping large quantities of bitcoins on a smartphone wallet a bad idea.

Trustonic’s approach is to split the phone’s resources and have a completely separate operating system that deals with all the cryptography and wallet functions. It’s linked to the fingerprint scanner and keyboard, but the rest of the phone’s memory is off-limits and it’s protected from the main operating system. That means key storage and operations can be carried out securely, because your private keys are never exposed to anything that might grab them.

This dual OS idea is effectively a way to turn your smartphone into a hardware wallet. It’s an approach that has gained some interest, with Ledger (virtualised hardware wallets) and Rivetz (e-commerce) using Trustonic’s platform for their own applications.

Odds on we’ll be seeing more of these: the convenience of a phone with the security of a hardware wallet, via a dedicated OS. Overhead isn’t much, either - the OS weighs in at just 300 kb, so it’s not going to cause too many problems. All in all, a very nice solution.


comments powered by Disqus