Skip to Content

Technology and security

PicWe Wallet’s “universal hardware wallet” story is backed by a modern stack:
device-bound keys × mainstream auth protocols × smart accounts × audit-minded operations.

1. Keys never leave hardware: platform secure modules

Signing keys are generated and used inside the device’s hardware security boundary — not exposed to the general OS:

  • Apple Secure Enclave: isolated secure coprocessor; keys are not exportable in normal operation;
  • Android TEE / StrongBox: hardware-backed keystore with attestation where available;
  • TPM 2.0 (Windows / many Linux setups): platform root of trust for key protection and signing;
  • Secure Element (SE): smart cards, security keys, and hardened USB devices;
  • FIDO2 / CTAP2 keys: physical confirmation with hardware P-256 signing.

Keys are born in silicon; signatures are produced in silicon.
Applications cannot read the private key — they can only request signatures.
That is what “hardware wallet” has always meant technically; PicWe Wallet extends it to general-purpose devices that already ship these capabilities.

2. Modern authentication: Passkey, WebAuthn, FIDO2

End-user confirmation rides on protocols the wider internet already relies on:

  • WebAuthn: W3C standard, native in major browsers and OSes;
  • FIDO2 / CTAP2: cross-platform security-key and platform authenticator model;
  • Passkeys: synchronized / multi-device credential UX built on WebAuthn;
  • P-256 (secp256r1): widely available in hardware, aligned with Passkey / FIDO2 ecosystems.

These stacks are battle-tested in banking, enterprise SSO, and high-assurance consumer flows.
PicWe Wallet connects the same trust layer to on-chain accounts — the same class of infrastructure you use to protect high-value logins.

3. On-chain verification: smart accounts and native P-256 checks

The account layer is built on current smart-account standards:

  • ERC-4337 (account abstraction): programmable accounts without consensus changes; Bundler and Paymaster ecosystems;
  • EIP-7212 / RIP-7212: EVM precompiles for secp256r1 (P-256) verification, making hardware-backed signatures cheap to validate on-chain;
  • Multi-signer policy: multiple hardware terminals driving one account with explicit rules;
  • Session scopes and delegation: constrained, revocable permissions for apps where policy allows.

Classic wallets: one key ≈ one account.
PicWe Wallet: one account ≈ a managed set of hardware signers + explicit policy — the shape you need for mass-market products.

4. Audit-first engineering and operations

Cutting-edge cryptography only matters if it ships responsibly. PicWe Wallet emphasizes:

  • Pre-mainnet audits for core contracts and critical upgrade paths;
  • Layered isolation between account logic, signature verification, and fee / relay paths;
  • Proven building blocks over bespoke crypto where standards exist;
  • Governed upgrades and phased rollouts instead of abrupt breaking changes for live accounts;
  • Operational monitoring across signing, bundling, paymaster, and relay surfaces;
  • Coordinated disclosure and bounty programs for sustained review.

For partners, the point is simple: security is meant to be reviewable, repeatable, and operable — not a slogan.

5. Why this architecture works now

Dedicated hardware wallets dominated an era when consumer devices lacked consistent hardware trust anchors and when on-chain verification of P-256 signatures was impractical.

Today, three things line up for the first time:

  • Consumer platforms ship credible hardware-backed signing;
  • Passkey / WebAuthn / FIDO2 are mainstream infrastructure;
  • ERC-4337 plus native P-256 verification makes those signatures first-class on-chain.

PicWe Wallet’s contribution is not a single new chip or a lone new protocol.
It is end-to-end integration: the same trust primitives enterprises already bet on, wired into a universal hardware-wallet product that can ship, audit, and scale.

Last updated on
Usage & RecoveryDeveloper Guide