The Lattice1 enables management of cryptoassets with a simple secure interface. With a dedicated secure enclave, anti-tamper features, and secure screen, you are always in control of your keys. Pair your Lattice1 with any supported app to access your wallet from anywhere. Looking up balances, sending transactions, and switching between primary and SafeCard wallets are all a breeze with your online Lattice1 hardware wallet. Your new Lattice1 comes bundled with one SafeCard to get you started. Don't sacrifice security or usability - with the Lattice1, you can have both.
Got GRID tokens? Redeem 75 GRID for $100 off a Lattice1!
The Lattice1 ships with US 2-prong (type A) power supply. Customers outside the US will need to purchase separate plug adaptor.
Features and Components
- Multipoint Capacitive Touch Panel: Secure 5 inch capacitive touch panel with multipoint capability. A large easy to use interface for the Lattice1.
- 5" TFT Display: A 5" TFT with 480x800 resolution, which is fully protected by the Lattice1 security mesh.
- Card Slot: The card slot allows the Lattice1 to interface with multiple SafeCards providing users with essentially a limitless number of accounts.
- CLDS Tamper Detection Mesh: All sensitive areas of the Lattice1 are enclosed in a wire mesh which is monitored continuously for continuity from the moment of provisioning to EOL. The wire mesh is composed of multiple circuits with 6mil (2x the thickness of a human hair) width and spacing. The Laser Direct Structured (LDS) part is made by drawing the traces in three dimensions using a laser followed by an electroless plating process of Cu-Ni-Ag. If a circuit is ever broken by a hacker trying to tamper with the electronics the Lattice1 will detect the intrusion and securely destroy sensitive information. Users could then recover their funds using SafeCard backups.
- Internal Secure Enclave: The Lattice1 has one of the same chips used in the SafeCards permanently installed in the device. This provides the ability for the user to create one or more accounts using the PUF in the Lattice1 without the need for SafeCard (although they are recommended for backups).
- Secure Computing Environment: The secure computing environment is a hardened microcontroller that has purposefully constrained limited accessability. The secure computing environment stores permissions and pairings in a secure encrypted environment. The SCE receives signing requests and will check those requests against account rules determined by the pairings and permissions before building a message to be signed by the appropriate secure enclave.
- Secure Mailbox: The secure compute environment (SCE) is only connected to the outside world via a multiplexed FRAM. The attack surface on the SCE is extremely small due to the electrical isolation and limited memory capacity of the FRAM. This makes the SCE immune to code injection and memory overflow attacks.
- Integrated PCB Security Mesh: The electric security mesh is extended through several of the internal layers of the printed circuit boards fully surrounding all sensitive signals and electronic components.
- Compressed Elastomer Intrusion Detection: Conductive elastomers connect the electric mesh in the printed circuit boards to the mesh on the LDS part fully enclosing the system. The elastomers also serve as switches which will trigger the anti-tamper circuit if the Lattice1 is ever disassembled.
- Logic Power Isolation: The voltage rails which are used to power the logic circuitry are fully contained within the security mesh preventing probing from the outside world. This coupled with an SCE which is hardened against power analysis attacks makes these type of attacks virtually impossible.
- General Compute SOM: The Onion system-on-module (SOM) or general computing environment provides a connected interface for the SCE to receive signing requests. The Onion also runs a distribution of Linux which is hardened against hacking but is always assumed to be insecure. The general compute environment (GCE) provides the ability of the Lattice1 to serve native distributed applications.
- Read-Only Partition: The Lattice1 uses a read only partition with overlayFS. This means that it is impossible for malicious software to compromise the ROM partition and the Lattice1 can always be reset to a factory state.
- Extensible Storage and Swap Memory: Flash storage and swap memory can be expanded on the SOM. This allows more resource-intensive applications to run on the device itself.
- Security Battery: A primary cell lithium battery powers the secure microcontroller tamper monitoring feature. It monitors the tamper mesh continuously from provisioning to EOL. Note that any damage to the battery or depletion thereof will result in the Lattice1 device becoming permanently unusable. Please see the Terms of Sale for further information.
- 64GB Internal Storage: Provides flexibility for anticipated future functionality and native third party applications running directly on the device.
- WiFi Antenna: Provides internet connectivity to the general computing environment.
- Zigbee Antenna: Allows the Lattice1 to connect to other IoT and smart devices such as a smart electricity meter or thermostat.
- Ethernet Jack: Lattice1 can be connected to the Internet with a wired connection.
All important operations (building transactions, drawing screens, etc) happen in the Lattice1's secure computing environment, which runs Lattice firmware, a bare-metal system written in C. Currently this codebase is closed-source, but a history of changes to firmware can be found here.