Opting for Rust in the Development of Keystone 3
Anyone with a technical background understands the challenges associated with developing on embedded systems. These systems often have limited memory, processing capabilities, and battery life, necessitating judicious use of these resources by developers. Additionally, real-time constraints are crucial, requiring the software to be deterministic and free from any sort of delays.
Why Rust?
Keystone recognizes Rust as a contemporary programming language engineered for safety, speed, and expressiveness. It is particularly suitable for developing applications critical to security, such as operating systems, embedded systems, and financial software. The type system and memory safety model of Rust aid in averting common errors that could result in security vulnerabilities, like dangling pointers and null pointer dereferences, thereby enhancing the reliability and security of applications. Moreover, Rust also offers a high level of control, making it an excellent choice for performance-critical applications, a key consideration for embedded systems where resources are limited. Furthermore, it’s popularity within the crypto community is evident, with blockchains such as Solana adopting it.
By utilizing Rust, the Keystone team can allocate development resources more efficiently, focusing on the integration of our hardware wallet with additional software wallets instead of the underlying development. One good example would be our recent integration with Keplr 2.0’s desktop plug-ins.
Reflecting on the Past
The Keystone Pro Gen2 was built entirely on Android
The previous generation of the Keystone Wallet was built on Android. We chose Android for its advanced set of tools that are crucial for applications such as the camera (for scanning QR codes), touchscreen (for ease of use), and other functionalities that improve the overall user experience. Additionally, the decision to construct our hardware wallet application layer on an Android operating system was influenced by its open-source nature and its widespread use in several payment and banking terminals.
However, two drawbacks we encountered were the inability to make the hardware wallet entirely open-source because certain parts of the operating system were proprietary to different vendors and the extensive size of the Android codebase, which made auditing difficult. Consequently, we proceeded to implement several measures to mitigate potential Android vulnerabilities, including:
- Disabling adb and removing the adb daemon
- Eliminating unrelated system processes and applications
- Prohibiting the installation of third-party applications
- Patching Linux kernel vulnerabilities
Transiting from Android to Embedded OS
In early 2022, we decided that it was the time to develop the Keystone wallet further by incorporating significant enhancements to make it completely open-source.
An embedded operating system is designed only to perform a specific task
The biggest hurdle our team faced was ensuring the security of the software on the Keystone 3 hardware wallet. Rust’s emphasis on safety made it an obvious choice for this purpose. We leveraged Rust’s type system to prevent bugs and errors and utilized its ownership system for safe memory management. By harnessing these features, we were able to create a software highly resilient to attacks.
Performance was another significant challenge, as the software on the Keystone 3 hardware wallet needed to be efficient enough to operate with the device’s limited resources. Rust’s performance optimizations facilitated meeting this requirement. We employed Rust’s compiler to optimize our code’s performance and utilized its standard library to access efficient algorithms and data structures. This approach enabled us to develop software that was both secure and efficient.
What’s Next?
The next major step in Keystone’s open-source plan is to concentrate on usability and documentation. Our main objective is to make the Keystone Github repository as accessible and readable as possible, even for those without an engineering background. We plan to make the documentation straightforward and succinct, enabling anyone to comprehend our development progress. The objective of this open-source initiative is to develop the Keystone wallet into the most secure and easy-to-use hardware wallet on the market.
The road ahead may be uncertain, but it’s the one we must take to move forward
The release of the open source codes for Keystone 3 will be done in a staggered manner rather than simultaneous. This approach is necessary to protect our users from the heightened risk of cyberattacks that typically arise when the source code is revealed, as it simplifies the process of identifying vulnerabilities.
The importance of open-source cannot be overstated for us. It not only substantially reduces the risk of backdoor insertions by rogue engineers but also enables smoother integrations with various DApps and software wallets. We are extremely optimistic about the potential for expanding compatibility, which will also contribute to reducing trust dependencies on our products in the future.
Closing
Build bridges, not walls
We are fully committed to enhancing the Keystone 3 by focusing on usability, documentation, and maintaining the vitality of open-source. This journey has its challenges, but it is necessary and worthwhile as we strive to provide a secure and easy-to-use wallet, facilitate smoother integrations, and ultimately reduce the reliance on our products. By doing so, we are not only contributing to the security and functionality of the Keystone hardware wallet but also promoting a more open and collaborative ecosystem.
About Keystone
Keystone is an open-source airgap hardware wallet that utilizes an embedded system. To further enhance its security, the device is equipped with three secure element chips. One of Keystone’s unique features is its ability to support multiple recovery seed phrases, reducing the need to purchase multiple hardware wallet devices.
With the primary aim of maximizing security against potential threats, minimizing dependence, reducing human errors, and eliminating single points of failure, Keystone also places a strong emphasis on extensive interoperability. It is compatible with well-known software wallets such as MetaMask (both Extension and Mobile versions), as well as other premier software wallets like the OKX Web3 Wallet, Solflare, Rabby, and more.
