Try   HackMD

NURI Hardware Supplier Briefing v1

Date: Jan 13th 2025
Emin Mahrt

Below is a concise request to our supplier for a biometric smart card that merges:

  1. Crypto Hardware Wallet (standard single-sig + optional MPC/threshold).
  2. FIDO2/WebAuthn (passkey).
  3. EMV Payment capabilities (Visa/Mastercard), prepared from the start but optional for the user.

Key Addendum:

  • No plaintext private key export (similar to Cypherock’s multi-share approach).
  • Clarification needed on Visa encoding/personalization process.

1. Core Product Overview

We want a biometric NFC smart card featuring:

  1. On-card key generation (no raw private key exposure).
  2. Dual-mode for crypto:
    • Mode A: Standard single-sig hardware wallet (like Ledger/Trezor).
    • Mode B: Advanced MPC/Threshold signing (partial sig flows).
  3. FIDO2 passkey for passwordless logins.
  4. EMV (Visa/Mastercard) prepared from day one:
    • Some buyers only want crypto + FIDO2.
    • Others want to activate debit card functionality.

Goal: A single card that can do normal hardware wallet duties (standard or MPC), serve as a FIDO2 authenticator, and optionally function as a debit/credit card—without ever exposing the full private key.

2. No Plaintext Key Export & Backup Approach

  1. No Full Key Leaves the Card

    • We never want to output the entire private key as plaintext.

  2. Backup with Split Key (e.g. Shamir Secret Sharing)

    • The card can internally produce partial shares for backup (2-of-3, 3-of-5, etc.).
    • No single share is enough to reconstruct the entire key, so intercepting one share is harmless.

  3. Day-to-Day

    • The card holds the master key for normal signing (Mode A).
    • Or does partial signing if we use MPC (Mode B).

3. Dual-Mode Crypto Wallet

Mode A: Standard Single-Sig

  • Acts like a normal hardware wallet.
  • Compatible with open-source wallets (e.g., “Lead Wallet,” MetaMask).
  • Returns standard ECDSA or Ed25519 signatures (depending on curve support).

Mode B: Advanced MPC/Threshold

  • For users wanting partial-signature flows across devices.
  • The card never exports the whole key, only partial signatures.
  • External shares (phone, server, cloud) combine with the card’s partial data for final signatures.

4. FIDO2 / WebAuthn

  • The card also functions as a FIDO2 passkey for passwordless logins.
  • If a FIDO2 applet is already certified, perfect. Otherwise, we can help integrate it.
  • Biometric check on-card + NFC or USB for universal second factor.

5. EMV Payments (Visa/Mastercard)

  • EMV must be included or easily loadable so the card is “payment ready” from the start.
  • We’ll offer two SKUs:
    1. Crypto + FIDO2 only (no EMV personalization).
    2. Crypto + FIDO2 + EMV (Visa/Mastercard).
  • Question:
    • When and where do we load the user’s Visa data (PAN, name, etc.)?
    • Do you (the supplier) handle encoding/personalization, or can we do it ourselves (or via a third party) after we receive the blank batch of cards?
    • If we must rely on your facility to do the final personalization, please clarify timeline, process, and additional costs.

6. Questions on Visa Encoding / Fulfillment

  1. Fulfillment & Encoding

    • Who is responsible for the final card encoding for Visa (the user name, PIN, card number, etc.)?
    • Can the supplier handle it in a secure facility, or do we need a separate partner for that?
    • Is there a “generic” Visa card version we receive, then activate/personalize later?

  2. Batch File from Supplier vs. Our Own Encoding

    • Do you (supplier) provide a batch of partially personalized cards and we do final activation?
    • Or do we provide the user data, and you do all the final encoding before shipment?

  3. Timeline & Cost

    • If personalization requires new certification steps or specialized hardware, let us know the lead times.
    • We want to clarify how quickly we can launch the debit card variant for end users.

7. Fast Go-to-Market & Minimal Supplier Dev

  • NURI will:

    • Implement advanced cryptographic logic (MPC/TSS or Shamir backups).
    • Create phone/server apps for partial sig combination or multi-sig flows.
    • Integrate with standard wallet software for single-sig usage.

  • You (Supplier) provide:

    1. A secure hardware card with:
      • Biometric sensor
      • NFC
      • Java Card environment
      • On-card seed generation
      • Base cryptographic APIs (ECDSA secp256k1/EVM, Ed25519 if possible)
      • FIDO2 support
      • EMV readiness
    2. Documentation for cryptographic calls (partial sig, ephemeral shares).
    3. Clarification on Visa encoding/personalization steps and how we integrate or do it ourselves.

Timeline: We want to move quickly. Please let us know what’s “ready now” vs. any new dev/certification (especially for Visa, partial ED25519 sig, etc.).

8. Conclusion

Our card merges:

  1. Hardware Wallet (standard single-sig + optional MPC)
  2. FIDO2 passkey
  3. EMV payments (built in from day one, but optional for end users)

We maintain a strict no-plaintext key policy—Shamir or MPC shares only. Please advise on Visa encoding processes (who personalizes the user’s card data and when) so we can finalize how to bring this product to market swiftly.

9. Resources

  1. zengo.com MPC Software Wallet
  2. cypherock.com MPC Hardware Wallet
  3. Binance MPC Sofware Wallet
Last changed by 
Emin Mahrt
0
54

Read more

Tutorial: Installing Open Source FIDO2 Applet on IDEX Card (macOS Silicon)

Date: May 4, 2025Compiled For: Internal Use / Reproducibility

May 4, 2025
Nuri AI Pitchdeck Feedback

After analyzing the pitch deck for NURI, a biometric smart card solution for cryptocurrency and traditional finance, I have identified strengths, gaps, and improvements necessary to make it investment-ready. Below is a structured briefing for enhancing the deck, supported by additional research insights and concrete suggestions.

Jan 5, 2025
NPM Fund: Continuous Token Bonding Curves for Open Source Funding

Abstract

Jan 3, 2025
CryptoKona MPC Wallet Setup

To use your FIDO2/Passkey-compatible device (like the CryptoKona card) as part of an MPC (Multi-Party Computation) setup, you need to focus on leveraging the cryptographic capabilities of the FIDO2 protocol while integrating it into a distributed key management system. Here's how you can achieve this:

Jan 3, 2025
Read more from Emin Mahrt
Published on HackMD