Security & Risk Mitigation
Key Generation
Due to the sensitive nature of private keys, we take key generation very seriously. We mitigate risk in various ways, following strict security protocols and well defined handling parameters.
The Key Maker
The Keymaker has direct responsibility for the generation and safety of the public & private keys.
The primary key makers are:
1) Daniele Barbagallo, based in Switzerland.
2) Adam J. Pinder, based in the United Kingdom
Both key markers are registered as directors of Polymerbit Ltd. With every Polymerbit note, the actual producer is known and publicly listed in the product description.
Privacy
Public keys can be used to trace cryptocurrency transactions.
Apart from certain series where we offer pre-loaded notes; Polymerbit does not actively store any of the public keys.
The only record is on the physical note, and on some pictures made for marketing purposes.
Unless directly requested by the client, we never record which serial numbers were sent to whom. Addresses are GDPR protected and discretion is considered paramount.
It is the opinion of the directors that what you do with your Polymerbits is your business.
Important Factors
While the public key can show transactions; the private key is what poses the greatest risk. With a copy of this key, it's possible to remove funds. There are cases of private keys being wiped after production, which is the unauthorised removal of funds. This leads to distrust of most key makers.
We freely admit that the most secure storage method for your cryptocurrency are keys you made yourself offline. However, for practicality reasons, this is not always feasible.
Polymerbit takes the responsibility to create keys, following strict protocols to reduce the risk of theft.
Polymerbit has been producing keys since 2017 and is a trusted member of the Bitcointalk community. Daniel and Adam (the key makers) are publicly known.
Prior to 2022 keys were also produced securely in an air gapped fashion, but we were required to physically destroy storage devices (USB keys) after each run. Which was not eco-friendly, and also forced us to factor this in as a production cost. Optimisation of our software stack in 2022 helped to us improve and streamline production. This allowed us to become more efficient and reduce our carbon footprint.
Systems
All systems used for key generation are air gapped. The directors are legally required to handle all hardware with careful consideration as to the use and eventual disposal. None of the sensitive devices used by Polymerbit can be sold, even in case of bankruptcy.
Software Mitigation
Since 2022, the key generation process was streamlined considerably, the new software was written for Polymerbit using open source key gen code, and produces PDF-ready files with the key generation parameters set. This data is written to RAM, where it is wiped after every print.
Printing Process
The printer is connected directly to the system (via USB), so there is no risk of “left over” data on any media (such as USB stick etc). After each run, we scramble the Printer memory with random data, to overwrite any hypothetical “left over” data. The system remains air gapped.
General Protocols