Ten Questions: One-on-One with Ruben Merre, CEO NGRAVE
Private wallets have been viewed with suspicion by many within the crypto-space. Many issues have arisen as regards their issuance use, backup, and others. Ruben Merre, MBE CEO of Crypto security company NGRAVE spoke with E-Crypto News about these issues and a few other matters.
The great thing is that NGRAVE will be issuing its new hardware wallet (NGRAVE ZERO) with quite a few security features for the daily crypto-user. Here is what he had to say.
Ruben Merre MBE, CEO of NGRAVE
1. When it comes to hardware wallets just how secure are most hardware wallets?
Ruben Merre, Co-Founder and CEO of NGRAVE: Hardware wallets are definitely the way to go if you want to protect your crypto to the maximum level.
In contrast, crypto exchanges, for example, are the only owners of your private keys. As a user, you merely receive a password to log on to their platform.
This is why so many exchanges do exit scams: because they can. Software wallets and other online wallets have similar vulnerabilities: the online attack vector, giving hackers the ability to try out their full toolbox to compromise your solution’s security.
Hardware wallets today aim to keep as much as they can offline, especially when it comes to your private keys. The issue here is that they still need a connection sooner or later. Most of them use USB connections, and newer ones use Bluetooth as well.
Obviously, this means that part of the user’s experience is still online. Residual vulnerabilities are still an inherent risk. Think of the Stuxnet virus, where USBs were used to bring a virus to the offline Iranian nuclear enrichment facilities. A USB connection was enough to reportedly mess up 20 percent of a country’s nuclear plants.
While a few of today’s existing hardware wallets are secure, they still have vulnerabilities. I recommend avoiding stripped phone-based models because you can actually turn 4G on those devices and they tend to be very weak hardware “wallets.”
2. What is NGRAVE doing differently from other hardware wallets?
NGRAVE takes an exhaustive end-to-end approach to security, considering every step in the user journey and upgrading it for security and ease of use without leaving any stone unturned.
For example, most hardware wallets provide a piece of paper – a “paper wallet” – to back up the key generated by the device. NGRAVE provides a whole other solution for the backup, called the GRAPHENE, which is a stainless steel cryptographic puzzle.
This is obviously way more durable than paper. And because it’s encrypted, if someone finds your back-up, they still don’t have knowledge of your key.
Secondly, let’s zoom in on the NGRAVE ZERO from a security perspective. Our solution is 100% offline, meaning there is no need for a USB or network connection (such as 4G, WiFi, Bluetooth, or other).
The ZERO works completely on its own and never needs to connect. Keys are generated offline and never exposed, offering a whole new feeling of peace of mind. Incumbent solutions still need to make connections and are therefore more vulnerable.
The ZERO is also fully physically tamper-proof, meaning that if someone gets their hands on your ZERO, they can’t find out your keys. Even better: the device will detect any intrusions and will wipe all the keys.
We certified the secure firmware on the device for EAL7, which is the highest security certification in the world. No other blockchain solution does better.
If we look at usability, our solution hides all of this beautiful cryptography and complexity behind a slick, touch-screen experience. Users will be able to operate the device in very intuitive flows that we built with the end-user ourselves. Your coins are always just a tap away.
3. What happens if the wallet owner loses access credentials?
It is paramount for the wallet owner to make a backup of the private key or master seed (e.g. a 24-word mnemonic phrase) that he receives from the hardware wallet.
Today’s solutions mostly provide a piece of paper to write down that key, whereas NGRAVE offers its stainless steel encrypted puzzle, GRAPHENE. In general, if the owner loses his hardware wallet, he can always fall back on the backup solution. But if in any circumstance he loses the backup
as well, there is no way that he can ever get his coins back. That’s because private keys are practically not brute-forceable. There are 2^256 or 10^80 different possible values for a private key. Brute forcing this – even with a quantum computer – is impossible.
The range would have to cover is as large as the estimated number of atoms in the universe.
4. How does the NGRAVE wallet deal with lost wallets? Do wallet owners lose their tokens?
With NGRAVE, we thought end-to-end and therefore considered all the what-ifs. If you lose your hardware wallet, we have your back with our NGRAVE GRAPHENE. The latter is a stainless steel backup solution that can withstand house fires and other extreme situations.
It is also encrypted and consists of two parts. The user can keep these two parts separately so that if anyone finds a part, they can’t do anything with it. If the user needs to retrieve his full key, he just puts the two plates together, and the key will reveal itself.
Also, GRAPHENE is the first recoverable backup in the industry. If you lose it, there are mechanisms to get it back to you, without any third party risk.
5. How did you get started in the cryptocurrency space?
Throughout my career, I have worked for financial institutions and in the fintech sector. I launched one of the first automated investment platforms in my home country, Belgium, years ago.
Then, in 2015, I was drafting the Vision 2020 for an international banking conglomerate. That was where I first crossed paths with bitcoin, blockchain, and crypto. It got me interested and I followed it from a distance, with the main reason being that in one of my postgraduate degrees, I studied the tenets of Warren Buffett’s investment strategies, which basically tells you to stay away from bubble markets.
Obviously, bitcoin was and still is an asset characterized by this bubble behavior. So I stayed away until late 2017/early 2018 when one of my now-cofounders Edouard told me to take a real look under the hood of the blockchain and crypto world. And honestly, I was hooked.
The idea that a poor farmer whose land got wiped away by a tsunami and a dictator who claims the land as his own because he is the one with the central database and the only version of the “truth,” made me realize the societal impact blockchain could have.
If everyone had the same version of the truth, suddenly there were legitimate ways to at least contest the dictator’s one-sided and untruthful claim. I bought my first bitcoin in early 2018 and dollar cost averaged down to a now profitable and spread crypto portfolio.
6. What is the greatest factor militating against cryptocurrency adoption?
I believe there are many factors holding crypto back from adoption. The ones we at NGRAVE focus on most are 1) making it safe to invest in cryptocurrencies, removing the risk of absolute volatility i.e. exit scams, and you completely losing your crypto, and 2) vastly upgrading the usability and convenience with which you can invest.
At the same time, we also take every occasion to advocate the beautiful underlying technology.
7. Do you think that advancements in supercomputing will pose a challenge to Decentralized Ledger Technology Security?
Will they pose a challenge: yes. Will they compromise DLT security? Not necessarily. The thing is that we will see the results of quantum computing pop up in other places first before it becomes a problem for current DLT.
That means that we will see warning signs and that we will be able to prepare well in advance. So there is no immediate threat here. Quantum computers still have a way to go before they can crack 256-bit keys such as your bitcoin private key.
Moreover, our own product development partner COSIC – who invented the worldwide data encryption standard AES256, used in a.o. Whatsapp to encrypt your messages – is currently leading the NIST competition for the post-quantum cryptography standard, with more than one algorithm that they entered. So, as we speak, efforts are being made for better cryptography.
8. In your opinion, do you think that decentralized ledger technologies will replace legacy systems? If so why? if not why not?
I believe so. I won’t be listing all the benefits that blockchain has over these legacy systems. But the removal of a centralized decision-maker and the distributed nature of the technology has so many powerful implications, that I believe DLT will indeed replace a lot of the legacy technology.
9. What are your thoughts on the implementation of Central Bank Digital Currencies (CBDCs)? Will they need hardware wallets? How can they be secured from theft and other risks?
Anything that runs on blockchain benefits from the great advantages the technology brings. But what makes blockchain so strong is also its biggest weakness: the underlying cryptography. And more specifically the issue of the private key.
If you don’t know my private key, you cannot brute force it. But if you can look over my shoulder, you don’t need to. At NGRAVE, we call this the “Private Key Paradox.” The biggest problem with private keys these days is that they are mismanaged.
The moment they have an online touchpoint, their security is compromised. To counter this, financial institutions today are already using a form of hardware wallets, with the traditional terminology of hardware security modules” or HSMs.
In that sense, hardware wallets are already used in the back-end of these institutions. But again, they don’t work the way the NGRAVE ZERO does, and we see the latter as a logical evolution of the HSM industry. This also means that if you have such CBDCs, the best way to protect them remains a hardware wallet.
10. If you had three wishes for the crypto-space and a Genie that could make them come true what would they be?
1. I’d wish for security to become a priority in the cryptocurrency industry, and for NGRAVE to lead the way,
2. For enthusiasm in crypto and blockchain technology to increase tenfold, with more people and companies innovating in the space and implementing real-world use cases that improve our lives,
3. And for Bitcoin to scale to 10,000 transactions per second and for smart contracts to suddenly become bug-free