Meet Zondax: Securing interchain users’ assets since 2018
As developers working in the interchain, the Zondax team is dedicated to improving the ecosystem in various ways. We have focused on three main areas: hardware wallet support, cryptography, and integrating Rosetta into the Cosmos SDK.
Since 2018, the Zondax team has been tirelessly dedicated to developing and maintaining the “Cosmos Ledger App,” — the app that users’ install on their Ledger device when they activate support for interchain assets. Supported by the Interchain Foundation, Zondax engages in continuous collaboration with Cosmos SDK developers, Ledger and interchain-native wallets like Keplr. These partnerships guarantee that the Ledger app can recognize and process all the new message and transaction types introduced by the SDK, thus providing users with a seamless and secure experience.
One of our notable recent achievements is Sign Mode Textual, a new sign mode that enhances the security of hardware device transactions. Previously, Cosmos SDK relied on a sign mode called Amino Json Mode, but it had limitations that needed to be addressed. Our team worked on the Ledger app side to introduce Sign Mode Textual while ensuring backward compatibility with other sign modes like Amino.
This new sign mode represents the transaction in a text format, which is then sent to a secure ledger for users to review and sign. It can be displayed sequentially on small devices like Ledger, allowing for a complete view. This improvement enables more secure and efficient transaction signing with hardware devices, overcoming the limitations of the previous sign mode.
We have also been actively involved in implementing Rosetta into the Cosmos SDK. This involves developing a standardized API that facilitates integration between blockchain networks, exchanges, and wallets. Our team has dedicated significant effort to testing and enhancing this integration, making it easier for Cosmos appchains to connect with other financial systems.
Zondax’s journey in securing the interchain ecosystem takes an exciting turn with the recent addition of Polkadot and its parachains. The team at Zondax is thrilled about the opportunities this expansion brings.
Building on our experience and familiarity with Polkadot and substrate technology through their work on the Polkadot Hybrid Host Node, Zondax is well-positioned to contribute to the growth and development of the interchain.
As interoperability among different blockchains becomes increasingly prevalent, robust and user-friendly hardware wallet support becomes vital. Zondax’s dedication to advancing the security infrastructure of the interchain ecosystem ensures that users can confidently navigate this interconnected landscape.
Cryptography is another area of focus for us. We have upgraded our implementation to improve security and retrocompatibility. For instance, we migrated from bcrypt to AEAD for enhanced security. We also switched from symmetric encryption with Salsa20 to chacha20poly, a more secure and efficient method aligned with modern cryptographic requirements.
During our work, we identified an issue with the secp256k1 algorithm implementation in the Cosmos SDK. It was not implemented in constant time, which raised concerns. We have temporarily put this matter on hold, awaiting a resolution in the GO implementation. So far, we have not found any audited code that meets the implementation requirements, and the cost/benefit ratio is not favorable.
Zondax has made significant contributions to the Cosmos appchains for over half a decade, focusing on improving user-friendliness and security. Our work on Sign Mode Textual, Rosetta integration, and cryptography-related topics has positioned us as a key contributor to the Interchain ecosystem.
We remain committed to advancing Cosmos appchain architecture as an innovative and secure blockchain platform, and we are thrilled to be at the forefront of its ongoing development.