Hardware crypto wallet firm Ledger has faced harsh criticism from the crypto community after announcing its “Recover” service, which is an optional paid feature that will eventually allow users to back up and restore their private seed phrase.

Due to concerns expressed about the security elements of Ledger Recover, the hardware wallet manufacturer decided to postpone the launch of its service. On May 23, Charles Guillemet, chief technology officer of Ledger, explained in a Twitter thread that Ledger will “accelerate our open-sourcing roadmap to bring more verifiability to everything we do.”

Ledger CEO Pascal Gauthier told Cointelegraph that Ledger Recover would launch once the company can open-source the code behind the Recover protocol. He further stressed that the new service is optional:

“Right now, the overwhelming majority of crypto users hold their funds on exchanges or software wallets, which are not secure. However, many people find managing their 24 words daunting or too complex. Ledger Recover — which again is completely optional — is designed for those people to make secure self custody easier, while not compromising on security.”

According to Gauthier, the goal behind Ledger Recover is to onboard the next 100 million users to the crypto sector. Yet, to achieve this, he believes that “access to secure self-custody should be much easier.”

While this may be the case, the concept behind Ledger Recover has upset many of the company’s current users. Shahar Madar, head of security products at Fireblocks — an institutional digital asset custody platform — told Cointelegraph that Ledger Recover goes against the core ideals of Ledger’s customers:

“If it indeed allows a user to recover the full private key into a brand new device with just a form of identification, then technically, if the providers wanted to collude and initiate the process without the proper identification and authorization, they could.”

“In this case, the user is trusting the providers to follow the procedures, and there are inherent risks there,” he said.

Ledger Recover may be needed

Although Ledger Recover has created uproar in the crypto ecosystem, some industry participants believe this service could be useful for onboarding new users and helping current crypto holders keep track of their seed phrases.

For instance, Madar highlighted that one of the biggest challenges associated with cryptocurrency is that it’s too complex for many users. “Specifically, keeping track of your physical device and seed phrase for years is far from trivial for the average person. Every user should be able to back up their keys somewhere,” he said.

With this in mind, a service like Ledger Recover may be ideal for some individuals. Madar added that the good thing about Ledger Recover is that the feature is optional. “Users that are uncomfortable with this scenario can choose not to use the service, either forever or until Ledger is able to satisfy their concerns.”

Echoing this, Marvin Janssen, co-founder of hardware wallet provider Ryder, told Cointelegraph that Ledger Recover might appeal to mainstream customers. “It absolutely happens that people, especially those new to Web3, lose access to their wallet because of a faulty or complete lack of a backup. A feature like Ledger Recover can, therefore, definitely help,” he said.

However, Janssen added that it remains questionable if users would want to pay for such a service, given the current lack of clarity around the new feature. “Users still need to understand exactly what they are signing up for and how it can help them.”

While Gauthier mentioned that Ledger would soon make the code behind the Recover protocol open-source to help users better understand the technology, he explained that users who subscribe to the service would prove their identity through ID verification to ensure that only they have access to their backups. Once this is approved on their Ledger, their device creates an encrypted backup that’s split into three shards using Shamir’s secret sharing. He said:

“These three shards are then sent via secure channels to three different companies in three different jurisdictions, where they’re secured on hardware security modules (not in the cloud). To restore, users must go through identity verification again through two different providers, after which two shards will be sent back to your new device and decrypted on the Ledger.”

In other words, Ledger Recover uses multiparty computation: a cryptographic protocol that allows multiple parties to jointly compute a function over their inputs without revealing those inputs to each other.

Although this model may provide some form of security, Janssen noted that the challenge actually lies in the transport of the shards. “The nature of the algorithm used by Ledger Recover is such that the original secret information is recovered if enough shards are combined. Thus, an attacker might be more interested in intercepting them when they are transmitted instead of trying to attack the Ledger itself,” he said.

In addition, Janssen explained that if all shards are transported to the custodians at the same time, then there will be a moment when they all exist together on a single device, like a customer’s laptop. “Ledger has undoubtedly thought about this situation, so as more information becomes available, it might become clear that this isn’t an issue,” he said. 

Mixed sentiments around Ledger Recover

Until more clarity around Ledger Recover is revealed, there will likely be mixed feelings about the service.

For instance, Margaret Rosenfeld, chief legal officer for crypto exchange Cube Exchange, told Cointelegraph that she believes non-crypto natives and many crypto users desire some recovery support they can trust.

“Complete self-management of digital assets is not what most people want. What they desire is a noncustodial solution that keeps them as the owner of their assets and allows them to interact with others and platforms to transact seamlessly with little effort and no additional cost,” she said.

On the flip side, security concerns will remain. John Woods, chief technology officer at the Algorand Foundation, told Cointelegraph that, in particular, he is concerned whether it’s possible for Ledger’s custodians to collude: 

“Ledger has said the keys that leave the Ledger device (the controversial bit) are ‘encrypted’ and sharded. The sharded bit is clear. But they’ve said, ‘The keys are first encrypted with a symmetric key.’ I’m asking, what is that symmetric cipher? And what randomness is used to generate the key? We are still awaiting answers.”