I think I ordered 3 when the presale started 👀

Looks amazing. Congratulations.

Congrats Nick & team! It's been a long time in the making.

Any secure element?

Frostsnap's security model primarily focus on the ability for you, or an attacker, to visit T-of-N devices. The Frontier model does not have a secure element. However we do encrypt the secret stored on the device using a decryption key held in the phone's secure element. This means you need to unlock your phone to sign or access anything useful, so by extension, protecting the device secret behind the phone's secure element. Now you may be wondering about recovery, what if you lose the phone and its decryption key? If that happens you can take a new phone to visit T-of-N devices, reconstructing the decryption key! Now you're ready to go signing again!

Secure elements are really just secure PIN checkers that release decryption keys. When I was naive I thought the signing operations occur off the main MCU and in a secure enclave, but this is not the case with most hardware wallets. A successful PIN releases a decryption key which then passes onto the main chip to decrypt the secret key in memory.

Thanks Brisket!! 🧡

Thankyou!!!

Legend, can't wait to get the devices into your hands

Also, another question, which MCU does this use with what protection features enabled?

MCU is ESP32-C3FH4X with Secure Boot v2 enabled

Compared to for example SeedSigner with a hypothetical FROST implementation with paper backups, what would be the benefit of this device? Spend limits sound cool, but they can’t be securely enforced without a SE. And not a simple PIN-protected secure memory, but one that can run arbitrary code. Also, how is key reconstruction handled when changing for example the quorum size?

Me either, been wanting to test these suckers since we first jumped in a call.

It would be hard to get FROST to work on seed signer because it’s stateless. I know a trick that *might* make it possible. So the main advantage of frostsnap is that it exists! Yes spending limits require secure hardware that never leaks its secret. Changing quorum size just means making a new sharing of the secret and everyone deleting their old shares. You can do this without reconstructing the secret.

Interesting. How exactly does creating new shares work without temporary reconstruction somewhere? You could do it on SS by kind of using the SD card to store state, encrypted by the share. Not recommended but still pretty secure.

A few more questions: 1. Will the price increase after the product launch? 2. How is this competitive with say, devices like the Jade Plus, which can do more and is even based off of the same ESP32 platform beyond the firmware? 3. Have you done a penetration test of the device or contracted an external party to do so, to ensure sufficient resistance against SPA/DPA, EMFI and LFI attacks? 4. Will there be an initiative by the Frostsnap team to ensure interoperability with other HWW vendors that may implement similar functionality? 5. What functionality will the display support? 6. Does the Frostsnap team intend to implement a secure and certified secure element in a future product?

1. Currently priced in sats so depends if you mean increase in dollar term. Possibly. TBD. 2. Other HWWs can't do FROST, infinitely worse multisig experience and drawbacks. 3. No one loses bitcoin to laser and power glitching attacks. Frostsnap's security model focuses on your ability to visit T-of-N devices. 4. Yes we'll be encouraging other FROST teams to be compatible with us and our code is available to integrate with. 5. Our displays allow for onscreen device confirmation and backup entry. 6. Probably just so people stop focusing on secure elements. It's not that important in our security model and people misunderstand the security guarantees they provide.