Pascal Gauthier, CEO of Ledger joins me in this episode to talk about Ledger Hardware Wallet devices. We talk:
- Pascal’s background in bitcoin
- Ledger device overview
- Privacy while using Ledger
- Multi signature
- Bitcoin-only devices?
- Future directions with Ledger devices
Pascal and Ledger links:
Stephan Livera links:
Stephan Livera: Pascal, welcome to the Stephan Livera podcast.
Pascal Gauthier: Hey, thank you for having me.
Stephan Livera: So yeah, look Pascal, I’m keen to talk with you about what you’re doing with Ledger and also just your story and how you got into all this with Bitcoin. Let’s just start with a little bit about how you first got into all this?
Pascal Gauthier: Ooh, it’s a long story. I got into all this because I did the first part of my career in online advertising and it was great. But I mean, one way to put it is you’re not really curing cancer. I mean, it’s online advertising and and I had a great success with a company called Criteo that we listed at the NASDAQ. And after that I was sort of soul searching and trying to figure out where to take my career and where to invest. And I was presented Bitcoin by Wences Casares from Xapo. And I thought he was an amazing speaker and I thought that everything he said made sense. And so I decided mid-14 to invest time and money in the space. And I did several things building my company called Kaiko that is ran today by Ambre Soubiran, which is a market data company. Invested in Ledger, I was actually the first investor in Ledger and the first board member too, because security seemed important and various sorts of things that I did at the time. But this is how I got in.
Stephan Livera: Awesome. And so then what was it about Ledger that appealed to you and like the idea of investing in Ledger? Was it just a demand for hardware, wallets, the security, the need for security in the space?
Pascal Gauthier: Well, no, because at the time, like I mean, hardware wallet was merely a concept and people were surprised how quickly I invested into Ledger. Actually, I’m the little story is that I’m the investor that sort of led the seed round because I had like, absolute faith into what Eric and Nicolas and the team presented at the time. But it was mainly because first of all, betting in the space. So that was my mission at the time. And so therefore I needed to find like a few companies and security seemed the most important thing. I mean, you know, you have to remember that this was just after the Mt. Gox incident. And so, you know, security and data seemed to me like the two missing pieces, the endpoint security seemed to be critically the missing piece of the ecosystem.
Pascal Gauthier: And what Eric and Nicolas presented is what we do today. But it’s using the chip and pin technology to actually secure secrets which is a French invention. And this is why chip and pin that technology has been designed, like the hardware security has been designed is to protect secrets. And so to me it seemed like just a really good idea to apply the technology to protecting Bitcoin secrets and private keys. And so it was really a no brainer. The team was great. The technology made sense. It was a French technology. So, you know, when you invest in a company, you start trying to figure out whether they have an unfair advantage, which seemed to the case. And so all of this for me was a no brainer at the time for a few years after it was it was a no brainer where you were like, you know, wondering whether you did a mistake or not because the market was just so low. And so there was always a question of like, is a hardware wallet going to become a thing? But really 2017 where everything picked up. I think, you know, we, we along, Trezor and all the other guys in this space, we sort of created a new consumer electronic category. And that’s very rare and that’s probably here to stay actually.
Stephan Livera: Yeah, totally agree. I think this whole consumer category, if you will, of hardware wallets was very much started by companies such as Trezor and by Ledger. And because of that, I think most people, when they think of Bitcoin hardware wallets, they’re thinking Trezor and Ledger as the first names in their mind. Can you give us just an indication of the size of Ledger’s customers? I mean, I presume you’d have a lot of retail level customers who have bought a Ledger device to hold their private keys.
Pascal Gauthier: Sure. I mean, we, there’s one number that we share and then the rest we keep to ourselves and to our users. But we sold today about 1.5 million units of our products. So it’s a big number, but more, more than that. Actually, the other number that is really incredible is we shipped our product in more than 165 countries. And so that’s a number then like even more because 1.5 million units of any consumer product, a hardware consumer product is a big number, but 165 countries is incredible. I think that it’s a testimony that the crypto phenomenon is global because if you take any product, I mean, it’s very rare that a company that young on top of that company, that young will ship so many products into so many different countries. And so that’s, that’s amazing.
Stephan Livera: Yeah, that’s quite a achievement I think because it’s one of those things where you’re trying to change the mindset for people where traditionally if they’re buying stocks, they’ve got, they’re not holding the stocks themselves, right? It’s not like a bearer asset, whereas Bitcoin is a bearer asset. And so I think one of the challenges then is trying to articulate to holders why they should take their own power, take that key into their own possession. And so I think that’s, hardware wallets are one way to really help achieve that. Has that been difficult for you to make that case to Bitcoin holders or has that just, have you found that that’s been part of the ethos of the industry or the way that people talk about Bitcoin?
Pascal Gauthier: Yeah, I think it’s the latter. I mean, you know, the first phase of the development of the company is more like, you know, part of the ethos of Bitcoin and crypto community is, and usually early adopters sort of understand like they go through a path where they buy Bitcoin and then once you have Bitcoin you’re like, shit, what do I do with that? And you know, I had to make sure that I’m secure? And so the next step, and actually you can see it online. Like there’s so many blogs and so many things that have been written where by default for your security, people say, you know, get a hardware, often get a Ledger. And so I think that’s the first phase. And I think for us now the challenge is, going forward, like how do we make sure that we remain, you know, important and relevant for consumers.
Pascal Gauthier: And so because now, you will have like a broader adoption of cryptocurrencies and or other type of tokens. And so and I think these technologies basically will succeed only if they’re really secure. And if the endpoint security is really secure. And so therefore, you know, we will do a lot of efforts in, in 2020, you know, educational efforts but, you know, promotional, etc. Just to make sure that the broader audience understand the need for security and understand the need for decentralization because we also believe that you know, the first phase of the industry has been really centralized on a few platforms, which is okay because you know you know, sometimes you need simplicity. And it’s true that decentralized value propositions were probably not as simple as centralized value propositions such as Coinbase for example. But we believe that this is not the promise of decentralization. And so therefore we are working hard to offer in ’20 and ’21 decentralized product that will be as good as, if not better than centralized product, but with a decentralized way where users really own their private keys. I mean, not your keys, not your crypto.
Stephan Livera: Right. And one other aspect I was keen to ask about is hardware is difficult, right? So, and this is a very cyclical industry, right? Bitcoin, it tends to move in these big waves up and then big waves down. Has that represented a challenge? I mean, I’m sure it has represented a challenge for many Bitcoin businesses. How did Ledger deal with that very cyclical nature of the industry over the years?
Pascal Gauthier: It’s a huge challenge because as well as this is happening, change is also happening. I was listening to an interview of Arthur Hayes from from BitMex and he was asked the question like, what has been the challenge for you recently? And he says, change. Everything changes all the time. And so adapt to change in this industry. It’s complicated. And it’s true that this is also complicated with like ups and downs because of course the ups and downs represented your revenue. So when everything keeps on changing and you need to invest in the change. While your revenue is going up and down. This is the most difficult thing. So not only is difficult to adapt to a market that is going up and down, but it’s even more difficult to adapt in that for that up and down as the market is changing so much.
Pascal Gauthier: And yet you have the need or the obligation to invest so much into your products. So, but I mean for a CEO and for management team it’s a great. I mean, it’s hard, but it’s where you learn the most probably. So for us it’s been it’s been, it’s been a fantastic ride, to be honest. I think it’s very challenging intellectually. And so, you know, we thrive into, in difficulty. So I prefer actually that market to the bull market that we had in ’17 because it was just too crazy. I didn’t really understand what was going on. And so, you know, for me it was like, okay, well, everything goes up and, you know, it seems to be crazy, but like we don’t control it. Like we don’t really understand it. At least I would say that at the end of ’19 for me and for the team here at Ledger, I think we had a great year because we better understand our business. We better understand our company, we better understand where we’re going and and we think we have a plan for 2020 and beyond. That’s going to be really amazing.
Stephan Livera: Right. And one other plan I wanted to touch on there was around lead time when you’re making a new product, right? Because you could get really awkward timing where let’s say it’s like a crazy bull market and then you’re, at that time there’s, you know, you’re coming up with a new product. Did, you did, but it takes time for that new product to land and you don’t obviously don’t want that to land during the down cycle. Did you have any trouble dealing with that kind of issue?
Pascal Gauthier: Not really. I mean, not the short answer is not really. And the longer answer would be to say, you know, like the market moves quickly, but you have like and, but you have periods of three to six months where you can sort of make your decision. So you know, it’s quick, but you still have like, it’s not one week over the next. And so therefore for hardware production typically, which is something that has huge impact on the company you know, you need sort of three to six months to to make, to make decisions in order to you know, six to 12 months to take a product to market. So I would say that, there is nothing that that hurt the company in the sense in that period in the sense that we always had time to plan and we plan everything carefully.
Pascal Gauthier: And I think that everything we’ve done in the bear market has been somewhat successful. I mean, the Nano X our new product has been received very positively by the community. We sold a bunch. It’s a great product. I’m using it every day. It’s really good. I mean, Nano S was good, but Nano X I think is the better version of the Nano S so, you know, so, so far so good. We didn’t break anything. Everything went, it was difficult and it was a storm. It is still a storm, but we didn’t break anything and the ship is still sailing.
Stephan Livera: Right. Speaking of breaking things, I’d love to talk a little bit, a little bit about the security aspects as well. So listeners might know, I recently interviewed Charles from the Ledger Donjon, who’s also working with Ledger. Can you tell us a little bit from your perspective, what has it been like trying to maintain security standards on the product and you know, dealing with things like hacks and attacks that come up here and there?
Pascal Gauthier: Sure. Well, so Charles Guillemet that you’re referring to is our Chief Security Officer. And has been recently promoted to our Chief Technology Officer is our CTO and he’s our CTO and CSO. And Nicolas Bacca, who is the founder and original CTO is now our chief innovation officer. So CIO look, security is at the core of everything that we do. And we again come from all of our engineers here and if you speak to Charles or if you speak to Nicolas, they have security in their background and they come from security companies themselves and they’ve been working on that security issue for a long time. But again, we come from this chip and pin industry, so secure hardware industry and so everything from the hardware perspective has to be secure. And as you know, probably Leger has designed his own operating system that runs then into the secure hardware that either we design or that we buy off the shelf from, from vendors.
Pascal Gauthier: So typically what you see in the Ledger, Nano S, I mean it looks like a USB stick, but inside there is a, there is a secure element onto which we port our operating system. And that’s what secures the private keys. And so for us, really there’s never a question about, compromising on security or, you know, do we do we lighten up security, for example, to make it more usable? And of course, you know, when you work on security and you build a product for consumers, there’s always this question, usability versus security. But for us, we never compromise on this. We, we believe that we have the most secure products in the market today. But security is a cat and mouse problem in the sense that you know, the bigger the industry becomes the higher the fee the attackers are willing to pay in order to attack.
Pascal Gauthier: And so therefore, it’s a never ending problem where you always need to work on your security. So this is what we do. And as you know, Charles as chief security officer, is at the head of something that we call the Donjon here at, at Ledger. So we have a hacker team internally that hacks our products that hacks our partners products, our competitors products. And the aim of the Donjon is just to raise the security level of the industry overall of Ledger products of course, but the security of the industry overall. So when we break a competitor’s product, it’s always in the spirit of helping them do better. And so we have a responsible disclosure scheme that we apply. So of course we fix the problem first before we release anything. And it’s really in the spirit of just the industry doing better for the consumers and for the enterprise or for everyone that’s going on that’s going to have that security end point issue.
Stephan Livera: Great. And does Ledger make use of a bug bounty program also?
Pascal Gauthier: Yeah we do, actually I think you can find it on our website. I’m just, I’m just typing it as we speak, but yeah, bounty program Ledger, Ledger.com/bounty-program. It’s there, it’s all explained and we are working with a lot of researchers actually outside of Ledger with the Ledger Donjon to to work on various security issues. Again, it’s a never ending problem. Like, we think we’re good right now and we think we probably have the best security in the market but, it doesn’t stop there. So we continuously invest into security and the future security of our products.
Stephan Livera: And I guess the other question is just around the the secure element question as well. So I think this is a point where I think it came up with Charles as well where we spoke a little bit about that and, Charles was making the point that essentially there are some components within the secure element which are closed source. But this is again just a difficult problem at this point. Do you have any views on where that is at this point and where we would see that going in the future?
Pascal Gauthier: Sure. I mean, we have to understand that. I will tell you the way I learned this through my experience at Ledger, because of course, as you understand from the beginning of this chat, like my background is not in security. It’s in advertising. And so in advertising, we didn’t really care about hardware security. And so I had to learn sometimes the hard way of like, you know, the indications of security and why et cetera. Most of the security companies before Ledger do actually something that’s called security by obscurity. So meaning they don’t tell you anything, they don’t open source anything. Because obviously as soon as you try to open source, it’s a much more difficult problem that you’re trying to solve because then you’re showing what’s inside and because you’re showing what’s inside, attackers can potentially use that against you.
Pascal Gauthier: And so this is why again, most security companies do security by obscurity. Ledger is very new. We are very new in our approach because we use the same kind of secure hardware. But we tried to open it and, but we only open it partially, but we tried to open it as much as we can in order for third party companies and third party developers to be able to work on the operating system and develop new features on top of our operating system. So it’s a very new approach. And and typically with the Donjon Again, it’s also a part of that approach where the Donjon is publishing a lot of the results. Usually attack labs don’t publish much. But we’ve attracted probably some of the best hackers that we have here. And some of the best researchers that we have here because of that open approach because it’s a very frustrating world where you know, you finding great things but you can’t talk about it.
Pascal Gauthier: And here at Ledger, our approach is to actually, find things. So the problems and then talk about what we found just to share the knowledge with the community. So our approach, our security is very open. However, there are certain things that we can’t open. Not so much because of Ledger and what we do, because we would prefer to work in a fully open manner. But there are some constraints that we have with our vendors because they are part of things that actually are irrelevant to Ledger, but that will be part of the code but could be open. That then has to do with our vendor product and so forth. For reasons like this, we don’t open all the way because we have some constraints with vendors, which is, which is okay and normal. And that’s how the market works as well. So we’re trying to push the limits of security and but within boundaries that are sometimes that we have to obey, happy to obey to those boundaries sometimes.
Stephan Livera: I appreciate that. Yeah, sure. And look, let’s talk through just some of the key products then. So as you mentioned, we’ve got the Ledger Nano S which is the original Ledger device. And more recently we’ve got the Ledger Nano X, which is the Bluetooth enabled newer device by Ledger. And then as I see it, the main software is Ledger Live, which is the computer software to interact with the hardware wallet and there’s also a mobile phone version of Ledger live. So could you just give us a bit of an overview on those different products? What are the main differences between them?
Pascal Gauthier: Yeah, so that’s the consumer products that you just described. And so, well, the main difference between the Nano S and the Nano X is really, you know, Bluetooth connectivity like you just said, but capacity, I think a memory capacity. I think the market has evolved between like 2014 or early ’15 where was Bitcoin only to today. And even the future where we went from one coin to potentially like hundreds of coins or thousands of coins, et cetera. And so the Nano S was actually designed in already 2015 was released in 2016. And so it was designed with the needs of the time. So with the Nano S at any given time, depending on the firmware update that you’re on, et cetera. But let’s say that you can have between like three and seven apps to run at one time on your Nano S which means that you can use on Ledger Live between let’s say three and seven coins without having to install or uninstall the apps.
Pascal Gauthier: Because the Nano S or the Nano X, they work a little bit like a phone. So you have a capacity and you can, one coin is one app, so you can put only so many coins at the time as an app on your onion. A noise. So is three to seven.
Stephan Livera: Gotcha.
Pascal Gauthier: And so, and so people were asking for more capacity. So this is one of the reasons why we designed the Nano X is because now it was in the noise. You can have a hundred apps to run on, your Nano X at any time. So which is much, much bigger. Like it’s a huge capacity. And so Nano S costs 59 and the Nano X costs 119, so for double the price you get, I dunno, something like 10X the capacity or 15 X the capacity. So it’s a really nice upgrade and it’s something that I’ve been asked for a long time. So, that’s the main difference between the two.
Stephan Livera: Right. I see. Yeah. I guess for me and my show, it’s mostly, it’s basically a Bitcoin only and my listeners are mainly interested in the Bitcoin only component of it. But I suppose there might be another security aspect of it where perhaps from a minimizing the attack surface point of view they might be interested to have a Bitcoin only device. Is that something you would explore?
Pascal Gauthier: Well, it’s already the case. So I think there’s a misconception about like how we do things. And also because sometimes we’re being compared to the competition that has a different approach, actually different technological approach, which makes the Bitcoin only thing a thing, where for us it’s already part of the DNA. It’s already part of what we do. So this app system that I just described is actually the fact that all apps are segregated from each other because of the hardware security. Okay. And so therefore if you only download the Bitcoin app, your wallet is Bitcoin only. You don’t have to, don’t know that other app. And we don’t need to design an OSD specific to Bitcoin because the job is already done. The problem with other vendors and some of the competitors is that, you know, apps potentially could contaminate each other, et cetera. Which is not the case for us. And so therefore there is a need on the one side to develop like a specific OS for Bitcoin. When for us, it’s already part of the value proposition that if you want to be Bitcoin only, that’s fine. It works. And so we don’t need to develop a specific operating system for that because it’s already been designed for that.
Stephan Livera: Great. Yeah. Look I think there was some discussion I saw, this was a little while ago around that. I think that gets a little bit more into the technical weeds though. So I think we can leave that for another time. But I’m also interested to discuss it, just any of your thoughts around Bitcoin privacy as well. So right now if you set up using Ledger Live, obviously as part of the way the software works, you have to basically give your extended public key to the Ledger server to feed you what your addresses and your balances are. And I suppose, do you have any thoughts around ways that users can maintain more of their privacy? Is that something that you would try to build into a future product or software?
Pascal Gauthier: Yeah, I think it’s something that’s on our roadmap for 2020. You know, the difficulty for Ledger is that, you know, there are some features that you describing that are super advanced and are very important for like a subset of the broader crypto community. And then there is the mass market. And so therefore for us it’s always a difficulty to, understand, you know, what’s the most important to do next? Because you have features that are mass market and you have features that are equally important, let’s say physically speaking, but therefore like a smaller market. But it doesn’t really matter to us whether the market is big or small. I mean, there are certain things that play into the philosophy of this industry. And so typically privacy being one, this is top of mind for us. And it’s differently in the roadmap for for 2020. I cannot give you any dates but I can tell you that it’s an ongoing debate internally on, how to do this and how to do this the best possible way. And and there’s a broad, broad,
Stephan Livera: Yeah, no, I appreciate that.
Pascal Gauthier: It’s something that is definitely top of mind for us and live in 2020.
Stephan Livera: Gotcha. Yeah, and I appreciate it. Again, it is a, there is this question of how do you get people to firstly hold their own keys. So it is at least an improvement on them leaving their coins with a custodian where at least if they are self custodying even if with reduced privacy, well at least that’s better than not having their own keys. Right. So I appreciate that. So yeah, and obviously appreciate that there is a question here around mass market versus what the, what we might say the more advanced or hardcore Bitcoiner user might desire in the product. Another one as well. Maybe this will be a similar answer as well as this question of multisignature. So right now I would love to be able to do multisignature in a way where I could use different hardware wallet providers all as part of a multisignature set up.
Stephan Livera: So for example, I could have, a Coldcard and a Tresor and a Ledger all as part of multisignature set up. But right now that’s a little bit more difficult to achieve with the with the Ledger devices. As I understand, well, one example might be if you try to perform a multisignature transaction with Ledger today with some of the devices, it won’t be easy to verify exactly on the device, which address am I spending which how much am I spending, et cetera. I think, I think, sorry to be clear, I think it will show the amount you’re spending, but it won’t necessarily be clear about the address component of it. So it makes it a little bit more difficult that we have to now trust our, the hot computer which could be obviously have malware and we want to trust the hardware first. So do you have any views around multisignature support?
Pascal Gauthier: Yeah, I mean, you said it in your introduction where we have the same answer than the one before. Multi signature is also part of the 2020 roadmap. It’s not something that we’ve let’s say that it’s not something that we’ve overlooked in 19, but but 19 has been a challenging year. We’re very busy working on so many things. And also we’ve scaled our engineering team a lot. I’ve got right now 40 engineers that I’m recruiting as we speak. And so this is the need of like new features and new coins. And so I know like, you guys are probably Bitcoin only, but but there are many other projects in the world right now that I, that are going on where we need to pay attention because we don’t want to become obsolete because we don’t support the latest tech.
Pascal Gauthier: So the need for tech support is so huge that sometime it’s very difficult to, to know, you know, from which angle and when, which program to take first. And we’ve achieved a lot in, in 19. I mean, Ledger Live didn’t really exist at the beginning of 19. We didn’t have the Nano X et cetera. So actually in 19 was w was a very important year for Ledger. And there are many things that were achieved. Some of the things were not done. So typically multisig is one, but R&D and Nicola, they’re working on this right now. And again that’s, we will do better at that in 2020 for sure.
Stephan Livera: Great. Yeah. And look, I think there is potentially a good benefit there for a lot of the hardware wallet manufacturers because then if they’re supporting multisignature it becomes easier for there to now be a need for users who were previously just doing single signature single hardware wallets. Well now they can use multisignature and then, they will need obviously multiple devices to help achieve that. So there’s potentially a, an angle there,
Pascal Gauthier: But there is that. But you know, to be honest, of course we here to do business and sales stuff. But, you know, I think multisig for me and having a better multisig approach I think is important because, you know, security is one thing. But governance is another thing that we bring and it’s typically, what we’re doing with our enterprise product and security and governance. So multisignature enforced on the hardware is actually something that we do, but more for the enterprise today. And so the need for governance, for the consumer is actually really big. And so it’s something that is really, that’s why it’s also top of mind for us in 2020 because users, you know, it’s great to have your private keys, it’s great to have them on Ledger, but you become the single point of failure, meaning that, you know, do to steal your coins, the only thing I have to do is to threaten you with a knife, always a gun.
Pascal Gauthier: You, type your PIN we do one transaction and I wipe out your crypto. And so this is a serious threat. And so, you know, when we think about security, we think about security overall, not just the hardware security. And then, you know, the personal security of the user is none of our concern. Actually It is. This is why when we designed the enterprise product, we design it specifically within mind, physical threats to the user. Because if you design an enterprise product, but the only thing that you can do to break the bank is just to kidnap the general manager of the bank, then your security product is not great. And so we know how to do that and we’ve done it for the enterprise world first and we’re bringing it to the consumers, but it is a problem and this is why we’re thinking about that. It’s more because of security rather than, you know, sending more hardware. And of course, if the consequences that we sell more hardware, we’ll take that too. But security is at the core of everything we do and that’s a security issue.
Stephan Livera: Yep, totally. Fair enough. Then one other question around arguably security as well is the discussion where individuals who would like to secure their Bitcoin in more secure ways try to find ways to air gap their keys away from the hot computer. And one some of the ways that people talk about this is using, say, micro SD cards or potentially QR codes as a way to, move that or shuttle the transaction back and forth between the computer and the hardware device where the private keys are living. Do you have any thoughts around the use of some of those air gapping methods and potentially also have any thoughts around PSBT partially signed Bitcoin transactions?
Pascal Gauthier: Well, these are advanced questions. So you know, Charles and Nicolas would be better better put on your show to discuss to these guys these issues. The, we’ve designed the product so we don’t really, you don’t really need to air gap it. It’s I think, when it comes to security there is always the question of trust and do you trust your security vendor and do you trust what Ledger says or not? But our product actually our product is the only certified product in the market. So we security you can say what you, what you do, you can actually give means for the users to verify that what you do, what you say and what you do is true. Which is the case for Ledger. And then you can go one step beyond that and have a security of your product security reviewed by an attack lab, which and that will give you a certification.
Pascal Gauthier: And this certification is a stamp to say, Hey, you know, the Ledger product actually does what it’s supposed to do. Or what you say is that it does. And actually if you take the Nano S and the Nano X these are the, to my knowledge, the only two hardware wallet products that got a certification to date. And I’m not talking about certification of the secure elements because of course the secure element is certified, but that’s by a vendor. I’m actually talking about the product itself, the Nano S and the Nano X the entire product has been certified by the ANSSI, which is a French attack lab. It’s a French public attack lab. It’s a very well known. It has an amazing reputation, and both of our products are certified and so therefore the products do what they say they do.
Pascal Gauthier: Meaning, you can connect them to your computer without the risk of losing your private keys. And so now the area of discussion for me, it’s a bit dogmatic discussion. The way I understand it is like, you know, maybe I don’t really trust, I never want it to be connected, so I want it to be offline, but actually I don’t think there’s a need for that. But I’m going to stop here because that’s probably a longer discussion that you should have with Nicolas and Charles at Ledger because then it becomes an expert discussion. And you know, I’m a CEO of a security company, so I understand what we do, but I’m not the expert. But on that question, that’s what I would say. And PSBT it’s something that that we support. You know, at Ledger, the market is moving fast in the market has many needs for features.
Pascal Gauthier: And so the problem that we have is, either we do everything ourselves and then it becomes slow. And already you’ve asked me several questions and on several things and it’s like, what do you do here? What do you do there, et cetera. And we will deliver in 20, but we haven’t delivered in ’19. That’s because there are so many things that we need to do. And so one of our approach is to keep the system open. And as you know, you can use with the Nano S, you can use Ledger Live, but you can also use Electrum or you know, other third party software. And sometimes those third party software offer features that Ledger doesn’t offer. So typically multisig you can use Electrum to do multisig with your Nano. And PSBT is the same. Actually you can we have a proxies through HWI. Actually there is a github.com/bitcoin-core/HWI. And so we support PSBT through a third party and we can do better in 2020, but this integration functions and you know for someone who would want that feature.
Stephan Livera: Yeah. Great. And yeah, thank you for that for giving us a comprehensive response on those and yeah, look for some further in depth discussion. Maybe I can get Nicola on and talk to him about some of those other points. Also, I was curious to ask about your thoughts around vendors and sort of retailing of the product. So is this, as I see it maybe correct me if my understanding is not right, that I think the Ledger approach is that it’s sort of like, because the device is certified, you’re more comfortable that it is resold by other suppliers are in other countries around the world. And perhaps that has also contributed to how Ledger the devices are now used or sold in 165 countries. Is that part of the thinking there with Ledger and the let’s call it the supply chain or the distribution model?
Pascal Gauthier: Yeah, completely. I mean, well you just said it so I’m just going to paraphrase what you say, but it’s, it is like that we can basically send our device to any vendor in the world and they can resale the device with that. The risk of, you know, putting like a malware on the device or doing anything that could in the end harm the user because you have the genuine check when you because you have multiple things that you have to do with your Ledger in order to make it work. And there are multiple ways of verifying that your Ledger is genuine. And so there are some attacks that are possible with other vendors that are not possible with Ledger because of the nature of how we build things and because of the secure element.
Pascal Gauthier: And so therefore it allows us to have a broad distribution policy, but also it allowed us in in 2017 to have manufacturers, manufacturer our products. Without being able to inject anything, in the product that could harm the user or not. Now, that being said, there are very simple attacks that are always possible. So typically, if I get my hands on the Ledger, I preset the Ledger, I write down the 24 words, and then I repackage everything and I send it to a user that is not that doesn’t really understand how it works. And that doesn’t read everything that we say. Because normally when you set up your Ledger, et cetera, we always say, you know, only you can write down your 24 words, like never show them to anyone.
Pascal Gauthier: But but we’ve seen in the past that, you know, people that don’t really pay attention to what we write or can be influenced to to either use a product that has already been set up with 24 words that are being sent to them and, or, you know, sometimes get a phishing attack where there is a website that is going to say, Hey, we are Ledger and, you know, give us your 24 words because we want to reset your device. Or like, you know, there are scam attacks like this, that that, that always happens. So, you know, the last line of defense is always the user that needs to pay a lot of attention. I think what’s very difficult in this market and what users need to understand is they need to pay attention. So Ledger is secure. But the process of setting up your Ledger is very important.
Pascal Gauthier: So you need to take the time, you need to be in a quiet room. You don’t do that in a, in a Starbucks coffee with like a 20,000 people around you. Like you need to be at home, you need to be in a secure environment. You need to pay attention to what you do. Because it is security and security of your own money is an important thing. So you should treat it as such and I think this is the shift that needs to happen because we come from a world where you have your Revolut app and so you have just a PIN code, that you do everything on, you know, it’s all easy, but your money is not yours. This is the old world in the new world where your keys are yours and the money is yours. I think it’s a fantastic power, but you know, as Spiderman says, great powers come with great responsibilities. And so therefore you need to be very careful about what you do.
Stephan Livera: Yeah, that’s definitely, that’s the big mindset shift that has to be driven as people come into Bitcoin and learn to, well, there’s no, there’s no bailouts in Bitcoin. You have to take your full personal responsibility when you do this. Pascal, let’s talk a little bit about Ledger Vault. So for those listeners who might be interested to understand more, can you just give an overview on that product?
Pascal Gauthier: Sure. I mean, Ledger Vault is a product that we’ve designed because people were using the the, the Nanos and the consumer product and, but those people were actually not people that were like hedge funds or, you know companies and they were like, okay, but we have governance needs and you know, we, we didn’t multi sig. We need different features that, you know, the Ledger Nano and Ledger Live experience is not offering. And, we have enterprise needs, so can you, can you help it? So this is, this is what we’ve designed for them. So the Ledger Vault is a result of that. And it’s basically a product that has been designed for the enterprise or for financial institutions that basically allows to secure the private keys and put governance on top of those private keys. So if you have $100 million in Bitcoin, like the question is who’s got access, we can do what? And so there is a complex set of business features that has been developed on top of the interface where you can sort of divide administrators of the funds from operators of the funds. It’s a complex governance system that has been designed for complex environments for the financial institutions.
Stephan Livera: Right. And so the way that a user would interact with Ledger vault then is there I presume you can set certain policies on which users can authorize transactions up to this amount or how many users is that? Is that basically the model there with Ledger vault?
Pascal Gauthier: Yeah, completely. So you say, you know, for certain, for these accounts and or certain types of transactions, like you know, if you want to send more than $5 million to an address that is not to an address that you need three out of four approval or two out of four approval. You know, imagine every business rule that you could have, in a financial institution. Basically those business rules have been implemented into, into Ledger vault and you can sort of hard code them into the hardware. And so what’s interesting there is the hardware normally signs the transaction, the secure hardware signs the transaction, but also enforces the business rules. Because sometimes you would have vendors that say sign the transaction, but actually business rules happen outside of the security. And so therefore the HSMs, the hardware security models, which is what we use here for hardware security as being given an instruction from sort of outside the security scheme. And so they’re given an instruction to sign something. So they sign it, they sign it securely. But they don’t know that what they received was actually wrong or fraudulent, et cetera. So with us, it’s been designed, so everything run within the hardware and the secure hardware and every rule is enforced by the secure hardware.
Stephan Livera: Right. And in that model is the, is it like a self hosted by each business or is it something that’s more hosted by Ledger, if that makes sense?
Pascal Gauthier: No, that makes complete sense. So right now it’s a SaaS product, so sort of the service. So a HSMs are hosted by Ledger and what’s the user have is, is an interface, the Ledger Vault interface that is somewhat similar to Ledger Live. And they have also authenticators so they have a hardware what product in their hands to actually validate transactions. But it HSMs are hosted by Ledger.
Stephan Livera: It sounds to me like that product is more like a, pull product, if you will. Like companies came to Ledger and saying, Hey, we want this. I was curious just to think, because there might also be that barrier of trying to, have businesses think about, Oh, this is like a new world for us. Like, we don’t understand this. How do we get across the line in terms of actually holding some of these, holding Bitcoin as well. Was that a difficult sort of conversation or were those difficult conversations for you to have?
Pascal Gauthier: But you know, it’s a, you know, the enterprise side is funny because it’s a bit like the consumer side. So the consumer newbie that doesn’t really get it goes on Coinbase, you know, that’s a great service. It doesn’t really fulfill the premise of Bitcoin. But hey, I just want to buy one Bitcoin and I go on Coinbase and it’s easy and it’s done. And so I would say that you know, same, some financial institutions just want, they don’t want the hassle of holding the coin. They don’t want the private keys. They don’t want all of that. They just want exposure to an asset class. And so therefore they are happy to go with a custodian. So they buy the coin, but they trust a custodian with it. And that’s okay because none of our clients that use the Ledger technology are custodians.
Pascal Gauthier: So you know, some, if we talk to someone and they say no, but I don’t want to hold my private keys, I just want to give my money to someone and we refer them to some of our partners that are custodians and have been designed for and have a product and have a service that is designed for this. Yeah, I have to say also that in the financial institution world a custodian don’t just hold the money. Actually custodian gives you also many other services that sometimes you need as a hedge fund, et cetera. And so our technology of course, solves some of the issues about like security, etc. But like we don’t, we’re not a custodian ourselves. We’re only a technology player. So is there a certain services that if you don’t have them, you have to use a third party anyways. But some of the players actually are holding their keys.
Pascal Gauthier: I mean, if you think about the big players in the industry, they have a security infrastructure. They’re holding their keys. They, they do a lot of things right now, but this financial institution world is very interesting because it’s moving with regulation. And so whether exchanges typically will still be allowed to keep the coins with them in the future and act as a defacto custodian. That’s, that’s a big question right now. It’s probably not going to be going to be the case. It’s not the case in the regular financial world. So it probably won’t be the case in the Bitcoin and cryptocurrency world. But but all of this is forming whatever happened. We are a technology backbone we’re a technology player and we only provide technology. So whether we provide technology to, you know custodians that then take the deposit of the coins for third parties or that we provide technology to any hedge fund, bank, et cetera, that wants to have their own coins and, their own private keys we will provide the tech.
Stephan Livera: Gotcha. Yeah, that’s really fascinating to think about where the, where it all goes in terms of the structure as Bitcoin grows up, so to speak. Do you have any thoughts on what you think happens as Bitcoin grows up?
Pascal Gauthier: I think Bitcoin is growing up right now. I mean, if you see what, if you see what’s happening because people look at the price and the market cap and I’ve seen so many tweets recently to say, Oh, you know, give me faith that Bitcoin’s going to work because right now it was a price dipping. I feel it’s a problem actually. I don’t feel it’s a problem for people that are sort of losing hope or faith because of price evolution. I would say there’s so much that is being built in ’19 and so much is being built right now and into 2020. Especially financial institutions. I mean, big financial institutions are moving into the game, but we have to be realistic. The infrastructure that is needed for an asset class to emerge is not completely there yet.
Pascal Gauthier: I mean, in terms of security, it’s not completely there. In terms of features its not completely there, et cetera, et cetera. But 2020 will be a big year because there will be many announcements now that will come from very large financial institutions that are moving into Bitcoin. They’re not moving into because they’re moving into other form of tokenization of assets like STOs, et cetera. And that’s, and that’s all good and that’s another wave. But and that’s a wave that will be beneficial to the industry, but I’m talking about, but I’m really talking about Bitcoin, you know, financial institutions are moving into Bitcoin. ’19 was an infrastructure play. I mean, we know the names like Fidelity and Bakkt and CME, et cetera. You know, these are big guys and they’ve all announced and they’re all doing something in ’19 and then announced they’ll do bigger in ’20. So, you know, the price right now is irrelevant. The market cap right now is irrelevant because at some point it will shoot through the roof. And you know, those, the pieces that were installed in ’19 will thrive in ’20 and ’21 and this is the beginning of a big asset class I think.
Stephan Livera: Yeah. That’s fantastic. Pascal, do you have any parting thoughts or advice for the listeners out there in terms of securing their Bitcoins or anything you think they should think about?
Pascal Gauthier: Well, number one, I would like to say that in terms of R & D for us in ’20, we have a big focus on, on Bitcoin. And so, you know, if you want to talk about this with with Nicola Bacca or chief innovation officer, I think it will be a next logical step of the discussion was with Ledger because, you know, Bitcoin is the dominant coin is the biggest community. And so therefore, you know, for us, our plans in 2020, we have Bitcoin like top of mind, and many things that we want to do there. When we touched base on several topics here already with you, but but I think you know, Nicolas would actually do the job. So but yeah, that’s that. And I think we, the message for us and what we’re going to do is we’re going to keep on building and I think it’s very important that companies keep on building great products that we keep on interacting with our users.
Pascal Gauthier: We probably will want to interact more with users in 2020, whether they are advanced or newbies, et cetera, just to better understand how to design our products. And you know, and what’s good for the markets. And the general message is not your keys, not your coins. Do your own security, but be very mindful when you do your security. And you know, Ledger is here to help. As a target for the company in 2020, the number one target is love our customers. So we’ll try to do better than what we’ve done in ’19. Always try to improve. We have a great customer success team. We we have a great innovation team, so we’ll just try to improve our game do better and serve our communities better.
Stephan Livera: Yeah, look, thank you very much Pascal. And like I said, I grilled you a bit on some of these points, but I do believe Ledger is a leading company. I have some Ledger products, I use Ledger products as well. So thanks for that. And for a lot of the work that you and your team, very, very sharp and very security focused minded team, so think, there’s good work being done there. But yeah, certainly as we mentioned, there’s always room for improvement. But we’ll be looking forward to that and I’ll obviously be happy to host some other members from your team on the show and we can have some, in depth conversation with them. But for now I think we’ll leave it with that. But look, just before we let you go, can you just let the listeners know where to find you and where they can find Ledger?
Pascal Gauthier: Well, I mean, they can find me, my email, pascal@Ledger.com or fr. Anyone can send me an email happy, you know, happy to reply if it’s relevant and if I don’t have time or not relevant, then I’m sorry. I don’t, I don’t reply because I’m receiving too many messages already, but if you want to shoot me anything Pascal@Ledger.fr. I’m usually based in Paris, actually. The R&D team engineering team is based in Paris, but I travel often to the US, New York or San Francisco and to Hong Kong where we’re based, Hong Kong and Singapore for Asia. So hit me up and happy to meet with people.
Stephan Livera: Fantastic. Well, thank you very much for joining me.
Pascal Gauthier: Pleasure. Thank you for having me.