# Hardware Wallet Use Cases Purpose: Collect and document different use cases for hardware wallets. Make an effort to find commonalities and address multiple use cases through a single unified hardware wallet API effort. Index of APIs: https://docs.google.com/spreadsheets/d/1flpIl8YG7vqWBWoLvFOMVW7xMuuk36F4asaiBQ5LBVM/edit#gid=1124258349 ## Purpose of Hardware Wallets * **Short memorable key**: A short key (PIN) can be used to protect the wallet's secret seed. With a secure retry counter, the device can auto-wipe after a certain number of tries. This allows for a hardware wallet to be stolen without the user immediately losing all funds (assuming the user has another backup hardware wallet or some other backup). * **Self-contained all-in-one solution/product**: Provide a simplified overall package for consumers to store their coins and private keys. The total number of steps from purchase of the device to active use should be a short list of steps. If there is anything to install, then at most one thing should be installed on their desktop or laptop. * **Small software footprint**: Reduce the total amount of software that has direct access to a private key. Reduce risk of malware being able to access the private key. * _Example_: Using an offline airgapped laptop with Windows or Ubuntu Linux would install substantial amounts of software that could have malicious activity. Reducing the total amount of software used can make verification easier. Depends on user's threat model. Tails Linux and deterministic builds might make some users confident in offline airgapped laptops. * **Isolation**: Isolate the private key on a separate device, and make a communication channel available to the device that has limited capabilities or functionality. Protect the private key from malware that might be on a desktop or laptop device. Offline airgapping is optional but very helpful. Be mindful of how airgaps get bridged or traversed across. * **Easy key management**: Make key management easy, and protect users from footguns. Make collaborative key management easier. Make it easy to create multiple hardware devices that store the same wallet (for redundancy). Also password management. * **Second factor**: Be the 2FA second factor. * **Payments and transactions**: Give users a way to review their transactions before signing. Provide some level of security with regards to inputs, input amounts, output addresses, change addresses, and other transaction details that get signed. * **Not a 'daily driver'**: To the extent that the device is used on a daily basis, it is safe to use because it is not loading arbitrary code from the internet on a regular basis. For example, it is not executing javascript from ad networks on each page load in a browser. ## Out of scope What is a hardware wallet *not*? * It does not protect against Wrong Address mistakes/malware/attacks. # Use cases **At home purchases**: Alice wants to securely store her crypto, and wants to make purchases while at home with her desktop computer. **Long-term cold storage**: Everlyn wants to securely store her crypto for multiple years without access. She sets up a single hardware wallet and stores it in a safe location inside her home. **Succession planning**: Ebenezer wants to securely store crypto and make sure it is available to his successors in the event of his demise. However, he doesn't want a quorum below size k-of-n to be able to collude to unlock and distribute his funds before that time, and he wants to be able to spend his own assets without the help of other people. **Mobile payments**: Bob doesn't understand crypto or computers much, but he wants to try it out on the street. He purchases a hardware wallet, creates a wallet, and a friend sends him some bitcoin. He walks around downtown and purchases goods and services with his bitcoin using his phone and his hardware wallet. **Second factor**: Carol has been told by her bank that she can only login online with a second factor device to authenticate her. She already uses a hardware wallet for cryptocurrency purchases, payments and storage, and she wants to use the same device to authenticate herself on a daily basis to different websites that require 2FA TOTP or other requirement. **Custody**: Acme Co wants to securely store crypto on behalf of its customers. The business also wants to setup a custody operations team such that k-of-n members of the team must coordinate to spend or move any of the assets. Acme Co also wants the assets to be offline or not directly accessible to internet-connected machines. **Password manager**: Alice wants to use a physical hardware device to manage her passwords for logging into websites. She either plugs in her device directly into the machine, or communicates between devices using airgap QR codes. **Watchonly wallet**: Alice wants to regularly check her wallet balance for her business, but she doesn't want to carry around the secret keys to spend the money. She also doesn't want to reveal to a third-party which exact addresses she is checking, because she wants to maintain privacy from competitors. **Enterprise security**: Acme Corp wants to run containers in the cloud and give these containers secure access to their database. However, they want the software that manipulates the database to be under physical security. They also want firmware attestation from the physical device in the cloud. **Wallet developer**: A software wallet developer wants to be reasonably sure that they won't have to implement 100 different hardware protocols, and instead just implement one or two to cover most of the hardware wallet ecosystem for whatever hardware choices their users make. **Collaborative key management**: Alice, Bob and Carol each want to self-custody their own bitcoin, but they also want to setup multisig to allow for social key recovery for their hardware wallets. **IoT**: A vending machine needs to store and collect cryptocurrency in a secure way such that anyone that steals the machine would be unable to access the money stored by the machine. **Exchange hot wallet**: ... ## Brainstorming scratch notes * Secure and manage all of your cryptocurrency assets * Buy/sell/trade digital assets * Offline airgapped signing * Small device that is easier to securely store * Multiple devices for redundancy * Multiple devices for supply chain security * Avoid malware/attacks from your "daily driver" computer * Process bitcoin blockchain data and validate consensus rules * Store secret keys in a way that they are protected by a shorter key (PIN) but with limited number of retries * Physical countermeasures- active mesh, voltage glitching mitigation, etc * Collaborative key management on your own behalf * Collaborative key management on the behalf of others * Custody of other people's digital assets * Daily payments (walking around money) * Cold storage * Long-term cold storage * Very very long-term cold storage * Secure hot wallet hardware * Hot HSM signing device * Lightning signing tool ("number go up" only) * Manage multiple wallets with different seeds, derivation strategies, different PINs, different passphrase/seed techniques * Coin selection * Transaction coordination - native multisig, MuSig, FROST, ROAST, etc * bip174 PSBT * bip322 + signmessage * Elliptic curve signing * FIDO2 * U2F * OATH * 2FA TOTP * webauthn * PIV ? * Watchonly wallet * DNSSEC * Signing ceremonies w/ auditing and other participants * Trusted setup ceremonies * Zero-knowledge proofs * Multi-party computation (MPC) participation * Nuclear launch code management * Audits * Attestation * Trusted execution environment (TEE), SGX, etc * Password management (daily driver) * Secure hashing on an airgapped device * Tap-and-go payments * Paying lightning invoices * Receiving lightning payments * Receiving Stealth Address payments (bip47 or otherwise) * Confidential transactions & blinding * Firmware attestation * Vendor-signed firmware, multiple signatures, multiple public keys * User-signed firmware * Verify all firmware and proprietary blobs * Threshold signed firmware * Blockchain rules execution & block processing * International travel * Secure Address Book (cryptocurrency addresses & otherwise) * GPG/PGP cryptography * Encryption/decryption tasks * watchonly wallet * Key derivation * TLS certstore stuff * Web-of-Trust trust score calculations * User plugs in an old hardware wallet into their computer. A protocol coordinator allows modern software to talk with the older hardware wallet that doesn't support the new 'universalized' protocol. * A wallet maker wants to make a new hardware wallet, and wants wide/broad compatibility with other pre-existing wallet software.