Welcome to SSP Wallet
SSP Wallet
Secure. Simple. Powerful.
Visit us at:
Download SSP Wallet:
Google Chrome Extension: SSP Wallet on Chrome Web Store
Download SSP Key:
Android: Download on Google Play
Why SSP Wallet?
SSP Wallet is not just another crypto wallet. It is a true two-factor authentication wallet designed with security and self-custody at its core. Here's how it works:
Two Devices, Two Keys:
Your SSP Wallet contains one private key.
Your SSP Key (on your mobile device) contains a second private key.
2-of-2 Multisignature:
Transactions are constructed and signed by the SSP Wallet and then signed again by SSP Key.
Enhanced Security:
Keys, seeds, and sensitive data are never shared between devices, making it impossible to compromise without access to both devices.
This design ensures that both devices are required to authorize any transaction, making the wallet incredibly secure and user-friendly.
Technical Details
Key Derivation
SSP Wallet adheres to the BIP48 derivation scheme for generating hierarchical deterministic keys supporting P2SH, P2SH-P2WSH, and P2WSH addresses.
Example derivation paths for popular chains:
Bitcoin:
m/48'/0'/0'/2'/0/0
Flux:
m/48'/19167'/0'/0'/0/0
Extended functionality includes support for additional chains and constructing multiple external addresses per chain as needed.
Synchronization Process
Initial Setup:
SSP Relay Server:
Simplifies the synchronization process by facilitating communication between SSP Wallet and SSP Key.
Synchronization starts when the SSP Key scans a Hardened Extended Public Key QR code from SSP Wallet.
A special identity path (
m/48'/0'/0'/2'/10/0
) reserved for SSP Wallet verifies unique wallet instances.
Public Key Exchange:
SSP Key sends its hardened extended public key (e.g.,
m/48'/0'/0'/2'
) to the SSP Relay Server along with a constructed 2-of-2 multisignature address.SSP Wallet validates the received address, ensuring integrity.
Validation and Confirmation:
Both SSP Wallet and SSP Key confirm matching derived addresses to finalize synchronization.
Transaction Signing:
Transactions are signed in two steps:
SSP Wallet constructs the transaction and signs it with its private key.
SSP Key receives the partially signed transaction via the relay server, signs it with its private key, and returns the fully signed transaction for broadcast.
Offline Functionality:
Transactions and synchronization can bypass the relay server through manual QR code scanning, maintaining security in environments with restricted connectivity.
Encryption and Storage Security
Sensitive Data:
Encryption Layers:
PBKDF2-based password derivation generates keys for AES-GCM encryption.
Secondary encryption uses device and browser fingerprints to restrict data access to the originating environment.
Local Data Management:
Serialized sensitive data (e.g., keys, seeds) is stored as JSON blobs with base64-encoded fields (
data
,iv
, andsalt
).This approach prevents brute-force attacks and unauthorized migration between devices.
Session Management:
Encrypted passwords are stored temporarily in session storage, ensuring convenience without compromising security.
No sensitive data is ever retained in unencrypted form, even within the application’s runtime memory.
Non-Sensitive Data:
Information such as transaction history and balance data is stored using LocalForge, prioritizing performance without compromising sensitive details.
Attack Mitigation Strategies
Anti-Phishing Measures:
The wallet and key validate each other's public keys and derived addresses during setup.
Server Security:
SSP Relay Server only facilitates communication and cannot access private keys or sensitive data.
Brute Force Protection:
Physical possession of both devices and knowledge of passwords are required to compromise the wallet.
Open Source Transparency
SSP Wallet is fully open source, ensuring transparency and community trust. Review and contribute to the project here: SSP Wallet GitHub Repository
Documentation
SSP Wallet has a comprehensive documentation available at with many guides, FAQs, API references and more: SSP Wallet Documentation
SSP Assets
Integrated Blockchains, Assets - Coins, Tokens in SSP Wallet are available at: SSP Assets. SSP Supports custom ERC20 token imports on Ethereum network.
Translation
SSP Wallet supports multiple languages! Help us make it accessible to everyone by contributing to translations at: Translate SSP Wallet, Translate SSP Key
Additional Repositories
SSP Key Repository: SSP Key GitHub Repository
SSP Relay Repository: SSP Relay GitHub Repository
Account Abstraction Repository: Account Abstraction GitHub Repository
Disclaimer
By using SSP Wallet, you agree to the terms outlined in the SSP Disclaimer.
Developer Information
Built With: React 18, TypeScript, Vite
Node Version: 20+
Run Development Mode:
yarn dev
Key Development Features:
Modular Codebase:
Separation of concerns for wallet UI, cryptographic operations, and relay server communication.
Strong Typing:
TypeScript ensures type safety and prevents runtime errors.
Test Coverage:
Unit tests of library ensures reliability of critical functions.
Join us in building a secure, simple, and powerful wallet for the crypto community!
🔒 Security Audits
Our security is a top priority. All critical components of the SSP ecosystem have undergone rigorous security audits by Halborn, ensuring the highest standards of protection.
SSP Wallet, SSP Key, and SSP Relay were thoroughly audited, with the final report completed in March 2025.
Shnorr Multisig Account Abstraction Smart Contracts and SDK underwent a comprehensive audit, finalized in February 2025.
📜 Audit Reports
📄 SSP Wallet, SSP Key, SSP Relay Audit
📄 Smart Contracts Audit
Halborn Public Report – Smart Contracts (Halborn)
📄 SDK Audit
Halborn Audit Report – SDK (GitHub)
Halborn Public Report – SDK (Halborn)
Last updated