To understand how hardware wallets work it is important to know that it consists of two parts. The first part is the actual hardware that makes up the device which contains integrated circuits (Chips) that are instructed to run algorithms that generate and store private and public keys. The second part is the software or app that is installed in the computer to be able to communicate and provide a user interface so that transactions can be performed easily and securely.
The program that runs on the device is open source, meaning that anybody who wants to check what the program is doing can do so to make sure there is nothing fishy going on in the code.
The algorithms used in all hardware wallets have been checked by thousands of programmers all over the world to make sure that the code is clean and honest. Just as the bitcoin protocol is open source and thousands of people have checked it to make sure it does what it’s supposed to do, the same way is with the hardware wallet algorithms.
Hardware wallets such as the Ledger Nano S are designed and constructed around secured chips like the STMicroelectronics ST31H320 which is the same type of chip used for secured IDs and banking applications. These secured chips are tamper resistant because each one has a unique encrypted key which checks its integrity each time the device is turned on. The chip cannot be counterfeited thanks to encrypted keys inside of it.
All the information they handle is encrypted using the most secured encryption algorithms that can be up to 4096 bits long. In simpler words this means that the chip that handles your private keys is virtually unhackable.
Added to that robust security these chips are completely isolated from outside communication. All the processing needed to generate the public, private keys and ownership verification happens inside the chip, and in order to receive communication from the user it uses 2 switches that allow the user to select and control what is happening.
The user must physically press the switch to accept or reject a transaction. No hacker can press the switch unless is physically there to press the switch.
Also, everything is visible on the device’s screen. Each time you send funds the screen shows you the address to where the funds are being sent. After the user verifies that the address is correct, a button is pressed to accept the transaction.
When a hardware wallet is initialized for the first time, the user is prompt to enter a PIN. This pin can be 4 or 8 characters long. The internal isolated microcontroller then creates a unique key that through mathematical calculations chooses 24 words from a pool of 2048 words randomly in a specific order.
If you are asking yourself how many different combinations you can have by selecting 24 from 2048 words, the number is a mind blowing: 41,731,122,174,410,236,047,796,743,722,730,466,018,640,279,171,473,593,600. Yeah, I know that is a huge number, so the probability of one wallet being the same as another is nonexistent.
After the algorithm selects the 24 words called seeds it takes that information and process it to create all the private and public keys for the cryptocurrency wallet. The public keys you can see in the app so that you can give it out to anybody to send you Bitcoin or cryptos, but the private keys are inside the unit in a different integrated circuit that has no connection to the outside world.
The software or app that is needed for the user interface can be downloaded from the manufacturer’s website. After it’s installed in the computer, it connects to de device through a USB cable.
Most hardware wallets such as Ledger Nano and Trezor can run multiple cryptocurrencies wallets on the same device. Ledger Nano supports 30 different cryptocurrencies and can have up to 18 wallets or apps installed at a time. Trezor also supports about the same number of wallets.
When you decide to send Bitcoin, you would use the companion software that interfaces with your hardware wallet. This software uses your public key to check the available balance by connecting to the blockchain. The sender then enters address to where is sending the Bitcoins. Then the algorithm validates ownership of the funds internally using your private key.
Once the transaction is validated, the user can verify in the device’s screen that the receiving address is correct. To accept the transaction the user must physically press a button. After this the software sends to the blockchain this information and the worldwide ledger is updated and the funds are accredited to the receiving address.
The wallet doesn’t store the actual cryptocurrency. The only things stored in the wallet are the public and private keys which enables the owner of the coin to send and receive funds. Bitcoins and other cryptocurrency coins are stored in the blockchain through these cryptocurrency keys.
Since cryptocurrency doesn’t physically exist aside from bits of storage in the blockchain, the keys that identify the currency must be protected and the best way to do so is with the use of a hardware wallet.
What Would Happen if I lose my Hardware wallet?
If the hardware wallet is lost, destroyed or stolen, you don’t lose your cryptocurrencies as far as you have your 24-word recovery phrases.
Let’s say that your hardware wallet is stolen, once the thief connects it to the computer to try to get access to it the first thing the device is going to ask for is the PIN to be able to log in the device. After 3 failed tries, the device resets itself and in doing so all the information encrypted inside the device self-destroys meaning it’s deleted, but because your bitcoins and cryptocurrencies are in the blockchain, you basically don’t lose anything.
By using your 24 words and a new hardware wallet, you would enter the information and would recuperate all the information from the blockchain in an encrypted way.
In closing, hardware wallets are designed taking into consideration all kinds of security measures. These measures make it impossible to hack a device to steal the private keys meaning that as of today there is no safer place to store your keys other than hardware wallets.
Alberto is the originator and primary contributor for this blog. He is an electrical engineer, tech and crypto enthusiast. Likes to learn and help others understand the amazing world of Bitcoin and cryptocurrencies.