![](\"https:\/\/media.wired.com\/photos\/5ba2d7052d096346a42d32e2\/master\/pass\/htc%20blockchain%20phone.jpg\"\/)
<\/p>\n<\/p>\n
Credit to Author: Brian Barrett| Date: Thu, 20 Sep 2018 01:30:00 +0000<\/strong><\/p>\n Blockchain phones are <\/span>coming, that much is certain. The Sirin Labs Finney and the HTC Exodus are both expected by the end of the year, each with its own, sometimes vaguely defined sense of what exactly that term means. HTC\u2019s Phil Chen, who spearheaded Exodus development, has at least started to fill in the blanks of how the Exodus will pull off its most important trick: keeping your cryptocurrency safe<\/a>.<\/p>\n The Exodus has loftier ambitions than mere storage, of course. \u201cA few years down the road, we see a world where people own their own identities and data, where everyone understands the concept and economics of digital property,\u201d says Chen, HTC's decentralized chief officer. For the moment, though, the primary concern for the Exodus\u2019s intended audience is how well it works as a hardware wallet.<\/p>\n That had, until now, been a bit of a question mark. After all, a smartphone seems like an inopportune place to stash digital currency. Android phones, in particular, present inherent security risks<\/a>, subject to a wide assortment of malware and other targeted threats. Smartphones also, as you may be personally and painfully aware, tend to get lost or stolen, at least more than is ideal for what aspires to be a digital bank vault.<\/p>\n "We see a world where people own their own identities and data, where everyone understands the concept and economics of digital property."<\/p>\n Phil Chen, HTC<\/p>\n In fact, even the mere act of connecting to the internet goes too far for protective cryptocurrency investors, who prefer to keep their assets in so-called cold storage wallets<\/a>, which remain entirely offline. If anything, cryptocurrency storage has trended toward that extreme, with some deep-pocketed enthusiasts opting for physical vaults with Faraday cage surrounds<\/a>.<\/p>\n By contrast, putting your cryptocurrency\u2014more specifically, the private keys required to access it\u2014in an Android phone might seem the equivalent to stashing your money not under the mattress but neatly on top of it, and then placing that mattress on a fairly busy street corner.<\/p>\n \u201cPhones are very promiscuous in the sense that they transfer a lot of data, they connect to a lot of networks, we install third-party apps on them. They can be made relatively secure, but they\u2019re not the safest thing to carry around a lot of money,\u201d says Matthew Green, a cryptographer at Johns Hopkins University who is affiliated with a privacy-focused cryptocurrency called Zcash. \u201cAnd if you\u2019re not carrying a lot of money, you don\u2019t need a special phone.\u201d<\/p>\n And yet tens of millions of people already use software wallets, Chen says, tied to centralized exchanges like Coinbase. \u201cWhat\u2019s obvious in the old internet model, is centralized cloud systems are very hackable,\u201d says Chen. \u201cCentralized honeypots are continually hacked. The concentration of data in walled gardens increases the cost of security.\u201d<\/p>\n The HTC Exodus aims instead for something of a compromise. It isn\u2019t quite cold storage, but at least it empowers users by allowing them to hold their own keys. It does so by placing them in a so-called trusted execution environment, a part of an ARM chip called TrustZone. The secure enclave sits apart from the operating system, designed to inoculate precious cargo even in the event of a broader breach. Think of it as a smartphone\u2019s panic room.<\/p>\n The concept of a secure enclave isn\u2019t new; Intel has offered one for PCs for some time, and Apple uses one to protect the biometric data\u2014your fingerprint and face\u2014that it uses to unlock the iPhone. Even TrustZone has been around for years, commonly used by studios and such to lock down DRM-protected content.<\/p>\n It\u2019s as good an answer as any right now, and preferable to HTC attempting to built its own solution from the ground up. But TrustZone isn\u2019t a security panacea. \u201cIf somebody claims something is secure, a lot of people try to poke into it,\u201d says Simha Sethumadhavan, a computer scientist at Columbia University. \u201cOver the years there have been several attacks on TrustZone.\u201d<\/p>\n That includes one from Sethumadhavan, who along with coauthors Adrian Tang and Salvatore Stolfo published research<\/a> last year detailing how to not just break TrustZone security but alter the code that\u2019s running in the secure environment.<\/p>\n To be absolutely clear: These attacks are difficult to pull off, and TrustZone generally works as advertised. \u201cIt does significantly raise the bar for the attacker,\u201d says Sethumadhavan. \u201cIt\u2019s better than putting it in the insecure world, for sure,\u201d he adds, referring to the broader Android operating system.<\/p>\n Even Chen, refreshingly, recognizes the trade-offs involved. \u201cThere\u2019s no such thing as 100 percent security. It\u2019s always a balance between security and usability,\u201d he says. \u201cWe\u2019re still at the very early stages of educating users that this is not a 100 percent secure solution, but as of right now it\u2019s the best so far. It\u2019s our attempt to do something that\u2019s best from the market.\u201d<\/p>\n Until and unless the industry open sources everything, Chen says, HTC has to take as an article of faith that ARM and chipmaker Qualcomm will deliver the security they promise. He acknowledges that hardening the HTC Exodus will also require input from cryptographers and the broader cryptocurrency community. \u201cIt\u2019s really a beta,\u201d he says. \u201cWe\u2019re still targeting the 30-35 million people that have software wallets, and this is a much better solution than that.\u201d<\/p>\n And while Chen wouldn\u2019t argue that the Exodus is more secure than cold storage, he does stress that it offers much better usability. There\u2019s no dusting off a hard drive and connecting it with USB to your laptop and struggling through a clumsy interface.<\/p>\n The HTC Exodus will also offer a novel way to recover your keys, which are often a series of words that need to be entered in the event that you lose access to your wallet. If you lose both your wallet and your recovery keys, you\u2019ve officially lost everything<\/a>.<\/p>\n That dynamic comes into especially sharp relief with smartphones, which, when you aren't losing or breaking them periodically, you're actively replacing every two or three years.<\/p>\n HTC\u2019s proposed failsafe: You can split your key among three to five people you trust, all of whom will need to download an app for this to work. You won\u2019t need their help to assign transactions, but you will if you lose your phone. \u201cIt revolves around this fundamental principle of users owning their keys. I do want to stress that this is a very, very difficult problem. People aren\u2019t used to owning their keys. People are used to calling up Apple or Google,\u201d says Chen.<\/p>\n Putting that power in the hands of users and their friends is certainly in line with the HTC Exodus philosophy. But it also raises several immediate flags: What if you have a falling out with one of those friends, or they get a new phone, or delete the app, or die? Does the backup have a backup?<\/p>\n Not yet. \u201cThis is the 1.0 version,\u201d Chen says. \u201cThere are other backup plans that we\u2019ve thought of, but they\u2019re not part of the solution yet.\u201d<\/p>\n That sounds dire, but it\u2019s at least something. If you find yourself in a comparable situation with a cold storage wallet\u2014or the Sirin Labs Finney blockchain phone<\/a>\u2014you generally have no options at all.<\/p>\n Plenty of questions remain about the HTC Exodus, especially regarding the company's long-term vision of revolutionizing how people relate not just to their cryptocurrencies, but their data and identity. HTC may still be figuring out how the blockchain smartphone will change the world. But at least it has some answers as to how to make it safe.<\/p>\n