Clear-signing: only trust the display of your Ledger device

As the world of crypto and digital assets has evolved over the last decade, so has Ledger’s security to face ever-increasing threats. Our core underlying approach, however, has remained unchanged:

• Safely parse your transaction within the Secure Element.
• A trusted transaction summary is displayed on the secure screen of your Ledger device.
• Securely sign the original byte sequence with your private key.

This approach is referred to as What You See Is What You Sign (WYSIWYG).

Let’s go over the three levels of transaction signing.

Blind signing – Data

Let’s begin with a quick test: can you tell what would happen if you were to sign this contract data and broadcast it on the Ethereum blockchain?

0xcfc0afeb0000000000000000000000002791bca1f2de4661ed88a30c99a7a9449aa84174000000000000000000000000eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee00000000000000000000000000
00000000000000000000000000000000ac6ca00000000000000000000000000000000000000000000000004aac34fbb545d2f60000000000000000000000000000000000000000000000004cfb6e0b69108f
97000000000000000000000000000000000000000000000000000000000000018000000000000000000000000000000000000000000000000000000000000001c00000000000000000000000000000000000
0000000000000000000000000002c000000000000000000000000000000000000000000000000000000000000003200000000000000000000000002cbd03487800e5ae9793db8d6017d909e676780a000000
00000000000000000000000000000000000000000000000000000003600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
0000000000000000000001000000000000000000000000e7cbbd11be7f993197aef41c2d6df6e5f6867d890000000000000000000000000000000000000000000000000000000000000002beef0000000000
00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000000000000000c4000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000
0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000076c656467657232000000000000000000000000000000000000000000000000
00

This format, while very efficient, is not designed for us but for computers. We are unable to tell if funds are being transferred, how much, and to whom. We refer to signing this raw data as blind signing: You take an indecipherable sequence of bytes and blindly sign it with your private key, allowing whatever it contains to be executed on-chain without properly reviewing it.

If an attacker were to change just a couple of bytes in the transaction above, they could easily steal your funds, and you’d most likely be unable to tell the difference at the time of signing.

Another dangerous side effect of blind signing is that you get into the habit of approving just about anything you’re prompted with. At this point, you aren’t verifying that the information related to any DApp you interact with is accurate.

Transparent signing – Information

While the byte sequences that compose blockchain transactions may seem cryptic, they all have a well-defined structure. Using the proper format description, it is possible to parse these transactions to make them readable.

{
   "function": "simpleSwap",
   "arguments": {
       "fromToken": "0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48",
       "toToken": "0xEeeeeEeeeEeEeeEeEeEeeEEEeeeeEeeeeeeeEEeE",
       "fromAmount": 5830000000,
       "toAmount": 5300000000000000000,
       "expectedAmount": 5300000000000000000,
       "callees": [0xE7CbBD11bE7f993197aEF41C2D6dF6e5F6867d89],
       "exchangeData": "0xbeef",
       "startIndexes": [0, 196],
       "values": [0],
       "beneficiary": "0x2cBd03487800E5Ae9793dB8d6017D909E676780A",
       "referrer": "ledger2",
       "useReduxToken": false
   }
}

In this case, we used the Application Binary Interface (ABI) of the contract we’re interacting with. Now, before signing, I can easily verify that:

• I am indeed calling a swap function,
• The tokens 0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48 and 0xEeeeeEeeeEeEeeEeEeEeeEEEeeeeEeeeeeeeEEeE are being swapped,
• The amounts swapped are 5830000000 and 5300000000000000000.

If you’re an expert in ERC20 tokens, you may have recognized that the first one is USDC. Still, if you’re not an expert you might struggle to understand this data. And that’s where clear signing comes in.

Clear-signing – Knowledge

At Ledger, we use clear signing to show a summary of transactions that is easy to review and understand. Something along the lines of:

Swapping 5830 USDC for 5.3 ETH on address 0x2cBd03487800E5Ae9793dB8d6017D909E676780A

To produce this final clear signing display, we’ve had to:

• Limit the number of fields to the ones that matter to the user’s security.
• Interpret the 0xEeeee… address, and replace it with a reference to ETH. Indeed, that’s what this address actually means for the contract at hand.
• Convert the amounts into their respective main units, ETH and USDC, which eliminates the hard-to-count 0s.

DApps and clear signing

At Ledger, we consider clear signing to be the only acceptable signing method, as it’s the only way to intelligibly approve a transaction with full knowledge of its content and impact. 

When interacting with a dApp, you can initiate a transaction and get a summary with details about the transaction. Keep in mind that what is displayed in the dApp transaction summary can be modified and is susceptible to malware. 

If you’re using your Ledger device (as you should) when interacting with the dApp, you will also have to review and sign the transaction on your device. Your Ledger device, which is isolated from the dApp, will allow you to clear sign the transaction and you should only trust what is displayed on its screen.

You need to carefully compare the details displayed on the dApp and your Ledger device. In case of any mismatch, you shouldn’t sign the transaction, but immediately cancel it since there is a high probability it’s malicious.

Summary

While the advanced signing methods we covered improve the security of blockchain interactions, they also introduce issues we didn’t have initially.

With blind signing, you are given the exact raw data for signature. It is hard to read for a human, but it is faithful to the What You See Is What You Sign approach, as long as you don’t mind not understanding what’s on your screen. With clear signing, you are given a transformed, human-readable version of the original data.

In addition to protecting your private key, our hardware wallets also guarantee that you can trust the data displayed on their screens. Both key and screen security are enforced by our Secure Element, and parsing is constantly reviewed by our renowned security team, the Donjon.

Finally, when diving into the world of DeFi, it is essential to remember that you ultimately trust the smart contracts you interact with, to behave as expected. Always be careful which contracts you use and whether they have been reviewed or audited.

What’s next?

Following the rise of crypto and its increased adoption over the past decade, the need for a secure environment has never been so critical. Scammers and hackers are always looking for creative ways to trick new and experienced users into sharing their private key.

At Ledger, we believe clear signing, as opposed to blind signing, will help mitigate these issues. If the user can see what they sign on a trusted display, unintentionally signing rogue transactions can be avoided.

We remind users to always clear sign transactions with their Ledger device. What you see on the Ledger screen is what you actually sign. If you still need to blind sign, use a separate Ledger mint wallet or parse your transaction manually. 

Bringing absolute transparency and security to every single one of your transactions is what we strive for, and we firmly believe that only hardware-based clear signing can give you the peace of mind you deserve.