The Stellar Podcast

Building a Security Company with Ledger

Episode Summary

Ever wonder what it takes to build and run a state of the art hardware wallet company? What are the tough choices and compromises? Who keeps everything running and improving? Wonder no longer: today we're talking with Fabrice and Benjamin of Ledger covering these questions and more as we discuss the mission-critical roles they both play within security company Ledger.

Episode Notes

Ever wonder what it takes to build and run a state of the art hardware wallet company? What are the tough choices and compromises? Who keeps everything running and improving? Wonder no longer: today we're talking with Fabrice and Benjamin of Ledger covering these questions and more as we discuss the mission-critical roles they both play within security company Ledger.

Episode Transcription

Fabrice (00:00):
Because we are not only a blockchain technology company, we are really a security company. That's the core business that we have today and blockchain is just a great use case for security. We are realizing it today.

Tyler (00:25):
What is up Stellar Community? This is the Stellar Community Podcast. I'm Tyler van der Hoeven and today I am joined by Fabrice and Benjamin of Ledger. So those Ledger nano S's and X's that we all use to store our massive wealth. They are a couple of the guys behind that project. I thought we'd have him on the show to talk a little bit about what it's like building that project. It's a hardware wallet, but there's a lot of software involved as well, so we thought it would be interesting to have a conversation with them around what building that is like and get a better understanding of as a developer on that team, what that looks like.

Tyler (01:10):
Also just by way of housekeeping, if you haven't already voted in the Stellar Community Fund, be sure and head over to and cast your vote for those final eight projects, which will make it to the final round here in the next week.

Tyler (01:27):
So Fabrice, we'll start with you. How did you get involved at Ledger? What interests you? What's your background a little bit and what interests you about cryptocurrency or crypto?

Fabrice (01:42):
Okay. Hi Tyler. Thank you for having us today. So I joined Ledger one year and a half ago. I'm a head of point integration. So what it means basically is I'm in charge of defining the roadmap of all the blockchains and therefore cryptocurrencies that will support across all our products. So whether it is Pablo wallets or Ledger Live or Ledger volts, which is our institutional grade platform, I need to know what are the launching projects that are interesting out there and how we can support them efficiently.

Fabrice (02:19):
So I'm working in close collaboration with Benjamin and as you were asking, why am I here in the crypto currency ecosystem? I discovered this space, I would say somehow, yeah something like three years ago. I was working in the industrial computer industry and I discovered blockchain technology, fell in love with it and since then I've been like really looking at all the projects out there.

Fabrice (02:46):
And Ledger is a French company, maybe you are aware about that. And so it was kind of luck for me and because we were all based in Paris. And essentially made sense at some point to spend so much time looking at blockchain technology. After my job I decided, okay, let's do it my job. It will be differently easier for everyone.

Fabrice (03:11):
And I think it's really interesting because we are not only a blockchain technology company, we are really a security company. That's the core business that we have today, and blockchain is just a great use case for security. We are realizing it today.

Fabrice (03:29):
So basically in a very few words, what I would say is I'm addicted to cryptocurrency in general. I discovered Stellar, of course, a while ago and I joined Ledger fairly recently I would say. But so far the journey has been great.

Tyler (03:47):
Awesome. Very cool. Benjamin?

Benjamin (03:50):
Yeah. So on my side as the product manager of the Ledger Live, my role is to overview the whole development of the product, to be sure that we have a roadmap that is clear and identifies the needs of the users, but also that's going to be able to match what's going to happen in the future with the cryptocurrencies as a whole.

Benjamin (04:15):
So yeah, as Fabrice said, Ledger is a security company and on the Ledger Live team we are like really currently oriented on the cryptocurrency side. And so it's more focused on something that is more used today.

Benjamin (04:33):
And so the goal, that's kind of my goal. And for my background, I was aware of cryptocurrencies like maybe four years ago. I began to being interested in cryptocurrencies at this time, to be honest, it was because I wanted to make more money like a lot of us. And I got interested through an article that a guy from Norway who did his thesis on Bitcoin.

Benjamin (05:06):
So yeah, I got interesting into that. It took some time to get really into it. And yeah, it took me like maybe two months before really getting everything and I got more interested into Ethereum than Bitcoin and in the end that's how I got into crypto and I read more and more about it and I began trading, of course, and at some point I was like, yeah, I need really to secure my investment.

Benjamin (05:35):
Ledger came. So I bought the nano, I wasn't an employee at the time. And some day I got a call from a guy that I knew already from HR. He was working at the time, he tried to hire me for another company in IOT. And it didn't, well, anyway, we stayed in contact. And at some point he tried to hire me again for Ledger. At this point I was already a client of Ledger, and I was like, yeah, that's a unique opportunity to work in something that I'm interested in, and for a product that I use.

Benjamin (06:10):
So being the product manager of the product you use, that's something that doesn't happen very often. So I accepted like right away.

Tyler (06:18):
That's awesome. So what is it that the Ledger does? What is it that the Ledger allows? You've mentioned that you're a security company and I think I understand that at some level. What does that look like? How does that work? What is the Ledger, what's your thing when you look at it from a hardware perspective and integrating software into that?

Fabrice (06:40):
Okay, so maybe I'll answer this one. I'll let Benjamin talk maybe more about the user experience itself, but regarding the hardware wallets and the technology that we use and what it can offer to the user, we are relying on a very strong experience in the smart card technology that we have in France and that we have specifically at Ledger. This type of technology allows to really secure secrets and execute goes in a secure environment.

Fabrice (07:12):
So what it means related to blockchain technology is that you can safeguard your private keys or secrets, which in the end is often in the form of 24 words in a piece of hardware that is extremely secure and that is reliable and resilient.

Fabrice (07:33):
So for the user it helps them sleep at night. But what's more important is that they can use this secret. So the hardware wallet is not only there to safeguard the secret, but to be able to use it and perform transaction.

Fabrice (07:49):
So basically you should see the hardware wallet as a signing box. There is a secret in sign and you can sign messages. If this message is to send some lumens, then you will apply the signature by approving on your device. The signature with the Stellar application will verify that the message is correct, display the message information to the user so that he can actually check what he's doing. So there is a screen on the device and that's fairly important and if the information on the screen matches what the user wants to do, then you can approve, and it releases the signature.

Fabrice (08:29):
So only by humanly verifying what you're doing and securely approving the transaction, you can actually broadcast it.

Fabrice (08:38):
So what we're trying to offer is a really piece of piece of mind, I would say, to the user and making sure that whatever they are doing they want it to do, that's really the objective here. But that comes at a cost, because now that you have a hardware wallet, you need a proper user experience to make all of those operation easy and understandable, because not everyone in the space is familiar with the blockchain technology. So it can be a bit tricky at times.

Fabrice (09:07):
So that's why also Ledger Live was invented. It's really the perfect companion application for the hardware wallet. And it will help and guide the user through the flow of operation that you need to do before being able to actually send or receive cryptocurrencies.

Tyler (09:28):
Yeah, absolutely. And that's a very good answer. Anything to add, Benjamin?

Benjamin (09:32):
Yeah, for the Ledger Live side. So Fabrice perfectly explained the role of the Ledger. I know when you want to perform transaction or secure your assets. But yeah, the screen of the nano both, Nano S and Nano X are a bit small to do everything. It's not a computer. It's a place to secure your assets. And that's why we developed on top of that Ledger Live ... before Ledger Live we had the [inaudible 00:10:04]. So the [inaudible 00:10:05] we had four of them. It was three for the coins, Bitcoin, XRP and Ethereum and one to manage the apps on the device.

Benjamin (10:16):
And we saw that it would be better to have everything in one place. That's why we created Ledger Live. So that was the beginning of the story. And we created this app so that you can see your accounts, you can manage your device, you can also perform a transaction. I mean like everything that is all the basic stuff that you want to do. So that was the beginning. And when we work on Ledger Live, we have to make sure that the user doesn't make any mistakes.

Fabrice (10:53):
I would like to add, and it's a fairly important one, Benjamin just said, we really rely on the Ledger core technology, the secure element technology to really ensure that what is displayed on the screen is the only thing that can be trusted. So of course we do everything we can to make sure that Ledger Live is always the right version, that people are downloading the right version, but we cannot control everything. What we can control and what we are sure about is that the secure element is, I will not say impossible, but because nothing is impossible, but infinitely harder to hack than anything else on the market.

Fabrice (11:34):
And so we rely on this technology and we ask our users to understand this technology, because essentially that's what prevented them from making a mistake. You need to verify what is on your screen. You need to make sure that you're approving what you want it to do. Otherwise, there is no point in using a hardware wallet.

Tyler (11:54):
Okay, that's a good point. That's all very interesting. And, well, I mean that's obviously the reason why I use Ledger devices, is just that layer of security and assurance that what you're signing is secure, that you're not leaking secret seeds anywhere. Like they always stay on the device. The only thing that's spat out from the device is assigned key. That was actually a bit of a revelation to me. It took me a long time to realize like what was actually happening when things were getting signed. Like where the key was going. Because when you're not using a hardware wallet and you're using an interface to sign transactions, either that's obfuscated away through the secret key, just being hidden on your account somewhere or you're actually pacing a secret key into some signing interface and not really recognizing that the only thing that needs to be verified is the signature for the operations when it comes to Stellar.

Tyler (12:54):
And so once you make that realization that when it comes to Ledger devices or any hardware or software wallet, that the only thing that should be being passed between the device and the interface is the signature and not the key.

Tyler (13:14):
Once you recognize that, you've got the understanding like, "Wow! Okay." So signatures are important and it's signatures for very specific actions. Whether that's to make payments or create accounts, whatever you might be able to do on the Stellar network, it's the signatures that are important.

Tyler (13:32):
And you can then begin to extrapolate that out and have signatures do other things. Like when you come to U2F signatures where you have authentication or log in, it's really just saying, like you said, ensuring that the action that a user is performing, that it's actually that user or whoever is performing that action on behalf of the user, that it's permissioned.

Tyler (13:58):
It's the business of permissions and ensuring that only the things that are permitted are what are being done. And so it was limiting and scaling back the allowed interactions to very, very specific ones by only passing signatures for specific actions rather than just having a copy-pasted secret seed that could do who knows what by anyone who got ahold of it, you scale all of that back to very specific actions. And it's really like you've already mentioned, just ensuring that the actions that are about to be performed, the signature that's about to be given back as for an action that you expected.

Fabrice (14:38):
Tyler, you're perfectly right. And what you said earlier is actually quite interesting, because in many wallets, software wallets I would say, where you hide this complexity about the signature, people don't realize what they are doing and eventually at some point some of them will lose funds just because they thought or they didn't think or rather than how it worked. And so they just figure out once the problem appear and it's too late.

Fabrice (15:15):
The other day, one of my colleague told me, "Yeah, at Ledger we make the intangible tangible." So, by holding a hardware wallet, you are actually understanding that you need somehow to do something to authorize, whether it is for U2F or whether it is to sign a transaction or to store a password, because we also have this kind of application available on the device. Indeed, it is the physical approval that is the important part.

Fabrice (15:47):
And of course this is a problem in terms of user experience, but at least in terms of education, I think it's the right way to explain to people what is actually happening behind the scene.

Tyler (15:57):
Very cool. When it comes to building out actual individual apps, so when you have a Ledger device you can install through the manager, you can install individual, I guess blockchain items and with like Ethereum, you can install individual coins or ERC-20 tokens. How is that managed? Who writes the code for that? How does the deployments work? I mean there's tons of them. How in the world do you manage all of the infrastructure for the code that's involved in maintaining and updating and pushing out feature requests for all of these different blockchain apps that you can install?

Fabrice (16:43):
It's an interesting question. As we discussed earlier, so our technology relies on the secure elements. On top of that, we built our own operating system. And so we made it so that people can actually develop their own application on top of this operating system. So you, if you have knowledge in C, you can build your own application. Whatever you want this application to do, you can run it on the nano device. Of course not all applications are suitable, but at least if you want to handle some kind of security, this could be a solution. So whether it is to manage your password or to sign transaction on a specific blockchain, you can develop your application. And this is the SDK and all the documentation about this is opensource and available online. So you can actually check all of the code that is deployed for all the applications, including the Stellar application.

Fabrice (17:42):
And so originally, if I remember correctly, there was a ... so I don't know exactly the name of the developer. I know his GitHub handle. But this guy actually developed the application and it was a while ago. And since then we received four requests to update the code of this application.

Fabrice (18:03):
We also ourselves reviewed this application and modified some parts when it was needed. And so essentially it's a community work to make it more usable, always working and improved over time. And this is the case for Stellar. Some other applications, Ledger will handle, let's say from the beginning till the end, but most of the applications that we have today are made and designed by the community.

Tyler (18:33):
What is next for, for Ledger? What are your plans? What's your 2020, 2021 look like?

Benjamin (18:41):
So I'm going to begin for the Ledger Live part and I'm going to leave the rest to Fabrice. So for Ledger Live, our main goal for 2020 is to provide more services to the users. So I'm sorry I can't really tell you in detail what are going to be the services, but trust me, you won't have to wait for too long before seeing them. So that's the first part.

Benjamin (19:07):
We finished 2019 with the integration of [inaudible 00:19:13] and at the same time we integrated [inaudible 00:19:17], we integrated the possibility to do delegation since it's a proof of bitcoin. And that should give you a good idea of what we are going to do in the near future, what we are going to focus on in the near future, because when we integrated the delegation role, it was to give to the user the possibility to have passive revenue.

Benjamin (19:39):
So it was giving that and also in a simple way. You don't have to be like a blockchain freak to understand everything about delegation. You just follow the flow that we give you. You have explanations. If you want to dig more into it, you have pages that are going to explain you everything. But if you just want to make a little bit of money by [inaudible 00:20:06], you can now thanks to the delegation.

Benjamin (20:10):
And with the coin integration that Fabrice is supervising, we are going to give more of possibility to the user. So that's one of the focus that we are going to do and there are more services that will let you interact more with your assets.

Benjamin (20:26):
So that's one of the main goal for us in 2020. And 2021 it's going to be hard, because blockchain moves really quickly, and when you do a roadmap you try not to look too far away and focus on the next six months mainly, because otherwise you issue engrave it since like yeah, in 2021 that's going to be it. You might miss something and that's not what we want to do.

Tyler (20:54):
Nice. Yeah, absolutely. Well cool. That's neat.

Fabrice (20:58):
We will support many other assets throughout 2020. I cannot give you so much details about that, but we will follow the same rational that we did for Stellar. And essentially we want to add more and more features like Benjamin was saying, and more and more asset support. I think that's really the goal for 2020. Make it easy and provide more possibility to interact with your assets to the end user. But for 2021, I will do the same as Benjamin, and tell you it's way too early to do any forecast on what we'll be doing.

Tyler (21:35):
Yeah. When you look at all the different coins that are coming on, all the different blockchains and use case, do you see that as a net positive or a negative as it starts to almost muddy the waters? You said kind of earlier on that you don't judge the projects themselves, but as you take a larger ecosystem perspective and start to think about blockchain and how it's used, do you feel like we should stop building new ones and start just using the ones we have? Any thoughts around that?

Fabrice (22:00):
It's a good question. I think that's the question that everyone is asking in the ecosystem. For now, I believe that we have already several blockchains that are quite good at what they are doing. We don't have a one fit all solution. Everyone is totally trying to get this solution to address all needs. Maybe it's not even possible. I don't have the answer to this question, but what I can tell is that this environment is growing. Okay? There is a lot of activity from many developers. We have a dedicated Slack channel for developers that want to build a nano application. And it's getting full of people.

Fabrice (22:43):
We have many people that are interested by many projects. So we can see that the ecosystem globally is moving forward. But honestly I cannot answer your question. I don't know if we should just focus on the one or move through others.

Fabrice (22:55):
Once again, our goal is to make it easy for any user to manage their asset and to deal with blockchain. We also need to educate them, but once again the core business is security. And in the end that's why we should be focusing on.

Fabrice (23:12):
So personally, like I said, I am really a crypto fan, and I love all projects. But in the end, what we really need to focus on is how to make it easy to use while still being secure.

Tyler (23:28):
Anything to add, Benjamin?

Benjamin (23:30):
I agree with Fabrice. Yeah. Lots of different blockchains and I don't think there's going to be like one in the end that's going to be the one. There is one blockchain for each use. Yes, there are lots of blockchain today and nature. They are all useful and they are all used for something. And in the end, yeah, it's going to be like the internet bubble. At some point something's going to disappear, but what's going to stay is something that's going to be really useful and something that will become the next internet revolution. So not one blockchain, but many blockchain for many users.

Tyler (24:12):
Yeah. I think something that we forget often is the world is just a huge place. And anywhere that there's an industry that's really large like finance, you don't, even in traditional well-established technology like the banking we have now, you don't have one bank, you don't have one currency. There's lots of room for competition. There's lots of room for companies that do the same thing, but a little bit differently or specialize in a little bit different area. I mean the world is just a huge place.

Tyler (24:45):
And in the digital age we might feel like it's a little bit smaller, but it's still a huge place and there's definitely room for lots of different people trying things out. And I think there's a lot of value in people challenging ideas and trying different tweaks on other people's solutions until we do end up, like you said, in this place where there are some really well established and solid solutions or improvements on existing technologies to the point where it is incredibly valuable.

Tyler (25:15):
But it's way too early to tell a who the winners are going to be and I would argue B, we don't really know how this thing's going to be used yet. And it would be foolhardy to assume that and to only build for that, and to assume that we've figured that out and to stop innovating and just start implementing.

Benjamin (25:34):
Yeah, I think you're right, Tyler. It's a good way to summarize it.

Tyler (25:40):
All right, very good. Well thanks so much guys for jumping on. I don't know if you want people getting in touch with you directly, but if you want to plug where people can get in touch with Ledger either for, you said if they're C developers, there's opportunities for building out Ledger applications. If there are any links or social media places that you would like people to go, now would be the time to plug those.

Fabrice (26:10):
So I would say for developers that's really are interested in developing on both, on our operating systems or that are interested by Ledger Live or any Ledger product, first of all, have a look at our GitHub, because everything is there. So you can check how we do things. You can do pull requests, you can help us. And for those who are looking for additional documentation or who wants access to our Slack channel, for developer, the best way to do this would be by requesting access through our customer support.

Benjamin (26:44):
Yeah, so the GitHub is LedgerHQ. That's the name of the repo. And if you want to know more about cryptos and all the stuff that we are trying to create, there is the Ledger Academy also, which is the website that we created in order to educate people around cryptos and security, et cetera. That's the main place to get all the information you want to have. The goal is to secure the asset. So we created those pages in order to educate people on those topics.

Fabrice (27:20):
And one last thing. On our website we have a place where you can see the job offers that we have. And because we are still hiring, do not hesitate to take a look.

Tyler (27:30):
All right. Fantastic. So thanks so much guys for jumping on and sharing some of your insights in the future of Ledger. Very excited to see where both the hardware wallets and software like Ledger Live go.

Tyler (27:41):
Best of luck to you guys and maybe we'll see you around.

Fabrice (27:45):
Thank you for having us.

Tyler (27:47):
All right guys. You guys have a good day. Thanks so much for jumping on.

Fabrice (27:50):
You too. Bye-bye!

Benjamin (27:51):
You too. Bye!

Tyler (27:58):
For more information about Stellar and the future of decentralized finance, visit Get involved in the discussion and one of our active communities on Keybase at Stellar.public or Stellar stock exchange.

Tyler (28:12):
Until next time, I'm your host, Tyler van der Hoeven. Catch you all later.