With a screenless hardware wallet, users rely on the phone to see what they are signing.
The device maintains the model without a recovery phrase, the most debated point of its design.
Block Inc., the company founded by Jack Dorsey, announced today, April 27, the launch of the second generation of Bitkey, its hardware wallet for Bitcoin, incorporating an OLED touch screen for the first time.
The absence of a screen was the most specific security limitation of the previous generation, launched in December 2023. Without a screen, the user I depended on the phone to see what I was signingwhich carries a risk as a fake or compromised app can display one address on the phone and send funds to a different one. The screen of Bitkey’s new hardware wallet solves that problem by showing transaction details directly from the hardware, without going through the phone.
According to the announcement, the screen is not limited to verifying transactions. It also allows confirm changes to security settings– Spending limits, recovery contacts, inheritance settings and notifications. Each of those configurations is a critical security decision that in the previous generation could not be verified directly on the device, they affirmed.
He devicewhich is priced at about USD 250, measures 66 × 60 × 13.6 mm, weighs 79 grams and has a Corian exterior, the same material used in industrial kitchen surfaces, known for its resistance. It connects to the phone via NFC (near field communication, short-range technology that does not require a cable) and charges via USB-C. According to Block, the battery lasts up to a year per charge.
The rest of the features of the previous model are maintained. According to the statement, Bitkey uses a 2-of-3 multisig (multi-signature) scheme, where three keys control the wallet, but only two are necessary to authorize a transaction. One key resides on the hardware, another on the user’s phone and a third on Block’s servers. Access to the hardware requires a fingerprint and the key never leaves the device.
The debate over the model without a recovery phrase
The most questioned point of Bitkey’s design, according to answers of users to the company’s publication on the absence of a recovery phrase (seed phrase)which is the sequence of words that in most wallets allows the user to reconstruct their keys if they lose the device.
Block answers this question with three arguments in his technical document posted next to the ad:
- First, that the recovery phrase is the main vector of social attack in self-custody. It is a plaintext secret that hardware cannot protect once it exists, and removing it eliminates the most common target of type attacks. phishing.
- Second, the user can always exit without depending on Block through the Emergency Exit Kit: a mechanism that allows transactions to be built and signed using only the user’s two keys (the hardware key and the phone key), without intervention from the company’s servers. The code is publicly accessible and there is a separate app on GitHub to run it.
- Third, Block cannot see the user’s balance or history: thanks to a technique called Chain Code Delegation, proposed by the Bitkey team as an open standard (BIP-89), the Block server only accesses the minimum information of each transaction it co-signs, without the ability to reconstruct the complete history of the wallet.
Block’s own whitepaper acknowledges that the no-recovery-phrase model involves a tradeoff. The user cannot rebuild their wallet from a single sequence of words, instead, recovery depends on three alternative mechanisms depending on the scenario:
- If the user loses the phone, you can recover the application key from a backup encryption stored in the cloud, which only hardware can decrypt.
- If you lose the hardware, Block can co-sign a transaction that moves funds to a new wallet after a waiting period with notifications to the user.
- If you lose both devices, you can turn to pre-designated recovery contacts, trusted people who hold a decryption key but never have access to the funds.
Finally, Block recognizes that none of these mechanisms are as simple as writing down twelve words, and that their effectiveness depends on the user setting them up correctly from the beginning.