SUPPORT
Need help?
If you have any questions, please read our questions and answers or contact us; our support team will be happy to assist you.
CUVEX DEVICE
TUTORIALS
DEVICE
Yes, you can encrypt even plain text not linked to crypto assets. With Cuvex you can encrypt any secret, private key or seed.
The Cuvex device is certified by CE, UL, and RoHS, meeting quality, safety, and environmental standards. It is resistant to damage from X-ray machines and can be safely transported on airplanes.
No, any Cuvex device purchased second-hand or from third parties, may be compromised.
It is vitally important that you never use a device that is not purchased directly on our website or official distributors.
As well as you must check that the factory seal and/or delivery packaging have not been tampered with.
If you have any doubt about factory sealing, do not use the device and return it.
Learn more about our sealing and packaging process here.
Reducing costs in this vital part of our device was not an option.
We have selected the best, from the best manufacturer that any electronics professional knows.
Cuvex mounts STM32U585, the highest quality version marketed by the manufacturer ST.
Designed specifically for military grade hardware encryption, it features its own encryption accelerator engine (AES, PKA, OTFDEC).
Our device does NOT store anything in its secure element, but we also decided to implement it in the hardware so that it does not perform any of its temporary tasks of encryption or decryption in a standard memory.
In addition, the device is already prepared for future evolutions where the functionalities demanded by the Blockchain industry can be implemented.
If you enter your password wrong a second time, the device enters a time-locked process in which it supports a new retry. Please make sure you enter your Passwords correctly.
The Cuvex device supports the creation of cryptograms through two methods:
a) You can select one of three types of Seed Phrases: BIP39, Monero, or SLIP39 (Shamir). The device will verify each word for these three types of seed phrases.
b) Alternatively, you can input plain text of up to 500 characters.
Option A: Seed Phrases
Using this option, the device supports up to 54 words from any of the three types of seed phrases. This means you could store multiple wallets in a single cryptogram, depending on the type of seed phrase and the number of words in each.
If you choose to do so, it’s essential to clearly identify the last word of one wallet’s seed phrase and the first word of the next.
For instance, if you have wallets with seed phrases consisting of 12 words each, you could store up to four wallets in a single cryptogram. However, always keep the above precautions in mind.
Option B: Plain Text
With this option, you can simply include any text you want, up to 500 characters. This is a free-text option, meaning it does not verify or assist in inputting standardized words.
You must carefully ensure that the text is accurate and thoroughly reviewed before encrypting it. Mistakes cannot be corrected after the encryption process.
We have not implemented a process to erase or format cards in any of the workflows within the Cuvex device or the Cuvex App.
This decision was made to avoid situations where a user might accidentally erase the wrong card, potentially causing significant issues.
The cost of a pack of new cards is minimal compared to the consequences of unintentionally erasing a card that contains an unbacked secret.
That said, if you choose to use other applications to erase cards, you must ensure that the formatting is done using the NDEF standard.
Failing to format the card with this standard will render it incompatible with the Cuvex device. You can learn more about the types of cards used with Cuvex here by visiting NFC TAG.
To begin using your Cuvex device, first visit our manual, and next download the Cuvex App, remove and keep the security seals from both the box and the device, and validate the shipment's traceability using the seal codes.
The AES 256 GCM encryption algorithm and hardware architecture guarantee the creation of a cryptogram of the highest quality.
The device does not store any information, all processes are performed without connection to any external device and without internet connection. Storage on an NFC card is already secure in itself, since only the stored cryptogram can be accessed, which is already encrypted before being stored on the card.
AES 256, is possibly the most secure encryption algorithm today. In some published studies, it is estimated that a current supercomputer could take more than 10,000 years to break an AES 256 cipher. This is the encryption algorithm used for military and government secrets.
Our code is public and anyone can audit what we say. Despite including the device, a secure hardware element where information is handled for each process, no data is ever stored in it. You only have to guarantee to remember your Passwords, if you forget this information, neither we nor anyone else can help you recover your secret.
For security, Cuvex does not erase or rewrite on cards that already have a cryptogram stored.
You can always decrypt a card and encrypt a new one, changing the mono or multi-signature access control, with new Passwords.
Yes, you can encrypt even plain text not linked to crypto assets.
With Cuvex you can encrypt any secret, private key or seed.
Uppercase, lowercase, numbers and symbols of a minimum of 12 characters are required.
To summarize, let me inform you that a password with a minimum configuration in MonoSignature mode requires 12 characters, with uppercase and lowercase letters, numbers, and symbols. This configuration generates a vast number of possibilities that, for a potential attacker, would take current computers approximately 14.9 billion years to test all possible combinations.
In practical terms, a brute force attack on the AES 256 GCM cryptogram that safeguards the secret you have protected is impractical.
If you are using a multi-signature setup or have established a password longer than the standard 12 characters, the security level increases exponentially.
You can rest assured. With current global technology, the likelihood of a successful brute force attack is exceedingly low.
Please find specific technical details below.
Security Estimation for a 12-Character Password
This section provides an analysis of the security of a 12-character password composed of uppercase letters, lowercase letters, numbers, and symbols, explaining the total possible combinations and the estimated time required to break it through brute force.
1. Number of Possible Combinations
When you create a password using 12 characters where each character can be an uppercase letter, lowercase letter, number, or symbol, you’re generating combinations within a very large “space” of possibilities. Here’s a step-by-step breakdown:
-
Types of characters and their possible counts:
-
Lowercase letters: 26 (from 'a' to 'z').
-
Uppercase letters: 26 (from 'A' to 'Z').
-
Numbers: 10 (from '0' to '9').
-
Common symbols: Approximately 32 symbols available on most keyboards.
-
-
Total possible characters: We add all character types to determine how many options exist for each position in the password. Total: 26 + 26 + 10 + 32 = 94
-
Possible combinations for a 12-character password: For a password with 12 characters, where each position can be any of the 94 characters available, the number of possible combinations is calculated using exponents: Total combinations = 94^12
-
This means that for each of the 12 positions in the password, you have 94 options. By multiplying the options for each position, we get the total number of combinations.
-
Resulting number of combinations: 94^12 is approximately 4.7 x 10^23 combinations, or 470,000,000,000,000,000,000,000 possibilities.
This large number illustrates how difficult it would be to guess or attempt all possible combinations. With a 12-character password using this full range of characters, the number of combinations is so high that brute force attempts would require enormous amounts of time.
2. Estimated Time to Break the Password
To calculate the time required to break a password, we need to understand the processing speed of the attacking system, specifically how many combinations it can attempt per second.
-
Whenever Cuvex prompts you to bring your card close to the device, you can do it in one of the following 2 ways: 1. At the bottom part of the device. 2. Front part of the device.
Furthermore, the Cuvex device will activate a green LED when the NFC card is correctly positioned within the reader antenna’s range, helping you align it properly. If the green LED at the top of the screen does not light up when the card is brought close to the device, remove the card and try repositioning it in the reading area. You can also move the card slowly over the reading area to ensure it is detected.
8K cards designed to store N-of-Six multisignature cryptograms take slightly longer to be read by the Cuvex device.
The Cuvex device will ask you to approach the issuer card, the card you want to clone. The device will ask you to approach a blank receiver card and will clone on the new card an exact copy and with the same security of the issuing card.
It's that simple!
Cuvex Supports "N of N" and "N of 6" Multisignature Options.
In the multisignature encryption process, the Cuvex device will prompt you to specify the number of signers you want to establish and how many of them will be required to decrypt the cryptogram.
For example, you can designate up to six signers and configure the cryptogram to be decrypted with as few as one of them. You can create any combination, such as requiring all six passwords for decryption, only three, only two, four, or any other setup within the maximum of six signers.
When you configure fewer required participants for decryption than the total number of signers, such as "3 of 6", you will need to use 8K cards.
If you require all signers to decrypt (e.g., "6 of 6"), standard cards can be used.
To view the encrypted private key or seed phrase stored on an NFC card, you must input the number of passwords defined as mandatory for decryption.
It is not possible to specify which passwords are mandatory any of the entered passwords will suffice as long as the minimum required number is met.
There is no need for each signer to input their password in the same order they signed during the encryption process. The Cuvex device will validate and allow decryption regardless of the order in which the passwords are entered.
All entropy calculated by software demands your trust in that software.
If it is you who, completely independent of the software, generate the necessary 23 words by throwing heads or tails and all four dice, you will have no doubt about the quality of the seed that you have created yourself.
Although the seed generation softwares are assumed to be a high quality of entropy, none can equal to this completely unique manual process that you are going to create.
Our App will notify you that you have an update available by downloading the new version of Firmware to the secure hardware element of your smartphone.
Important, do not start the device update process until you download the new firmware version to your smartphone.
When you select “Update” from the Cuvex device menu, the device will completely erase the application firmware and activate its BlueTooth module, showing you a code on the screen that you must confirm by entering it in the Cuvex App. If you accept it, the firmware download will begin from the secure element of your smartphone, to the Cuvex device. When you complete the download, the device will cut off the BlueTooth connection, ensuring that your firmware update process is done offline with any third-party device or Internet.
Finally, the device and App Cuvex will confirm the update made and the new firmware version.
Cuvex has selected the best NFC card manufacturers, demanding top-notch quality standards. Your cryptogram will be stored on the chip of the cards, so it must be of first quality and withstand as many read cycles as possible. It makes no sense to save by purchasing cheaper or poorer quality cards.
In any case, NFC cards or tags must be compatible with those used by Cuvex, learn more about NFC TAG.
We recommend that you access our NFC Cards catalogue, where you can even request your 100% personalized card.
Traceability Seals
The traceability seals are two identifiers included with your Cuvex device. You should receive your package shrink-wrapped and sealed with a numbered security seal. We recommend not breaking this seal until you validate it.
Upon opening the package, you will find an additional seal on the device itself, covering the USB-C port. This second seal will display a different code than the one on the external seal.
When you first use the Cuvex smartphone app, please go to the menu>security>validate traceability. If you didn’t complete this step during the initial setup, don’t worry you can access this process later.
These seals are designed to ensure that your device’s package has not been tampered with during transit. Once removed, the seals leave the word "VOID" imprinted on the surface, providing visible evidence of tampering.
Additionally, the codes from both seals can be entered into the Cuvex app to confirm that they were generated by us during manufacturing.
Security of the Bluetooth Module
We understand your concerns about the inclusion of Bluetooth and why you might feel it’s safer without it. However, in practice, the Bluetooth-enabled firmware update process on the current Cuvex device is possibly more secure due to the AirGap it establishes.
Allow me to provide a brief and concise explanation.
How the Cuvex Bluetooth Firmware Update Process Works
The Cuvex device operates with two firmware components:
-
-
Bootloader:
-
The Bootloader’s sole function is to securely listen for Bluetooth communications and receive the operational firmware for the device.
-
-
-
With the Cuvex device, it is possible to encrypt a single cryptogram containing seed phrases of up to 54 words or plain text secrets of up to 500 characters.
Encryption can be performed in single-signature mode or multisignature mode with up to six distinct signers/passwords. In multisignature mode, you can configure only a portion of the signers as mandatory for decryption. For instance, you can set it so that 3 out of 6 signers are required to decrypt.
Passwords must be at least 12 characters long, using a combination of uppercase letters, lowercase letters, numbers, and symbols. This configuration creates an astronomical number of possibilities, making it computationally infeasible for a potential attacker to brute force current computers would require approximately 14.9 billion years to test all possible combinations.
Any card containing a Cuvex cryptogram can be decrypted using any Cuvex device, provided you have the passwords used during the encryption process. If you lose access to these passwords, neither we nor anyone else will be able to assist in decrypting your secret.
The AES-256-GCM algorithm, implemented via hardware, is a military-grade encryption standard widely used across public and private industries.
APP CUVEX
A Watch Only Wallet (WOW) is an application that exclusively manages the public key of your wallet. This means it is limited to performing operations such as balance verification, generating receiving addresses, and managing Coin Control functionality.
A WOW, on its own, cannot sign transactions to send funds to any address.
A PSBT (Partially Signed Bitcoin Transaction) Hardware Wallet is a physical device capable of signing PSBT transactions.
Typically, Watch Only Wallet (WOW) applications prepare the data required to construct a PSBT transaction and then send it to a hardware device equipped with the capability to sign such transactions.
PSBT hardware wallets usually store the private keys needed for signing these transactions. This process is commonly referred to as AirGap, as there is a physical separation between each component involved in the process.
However, only the Cuvex device implements a Double AirGap PSBT procedure, providing an additional layer of security.
What Makes the Cuvex Double AirGap Process Unique?
Unlike traditional PSBT hardware wallets, the Cuvex device does not store any private keys, making it doubly secure. To sign a transaction using the Cuvex device, the following steps are required:
-
Create the PSBT transaction: Use the Cuvex App to prepare the transaction and record it onto a blank NFC card.
-
First AirGap: Read the NFC card containing the unsigned transaction with the Cuvex device. Verify the transaction on the device.
-
Second AirGap: If the user confirms the transaction, decrypt the private keys stored on a separate encrypted NFC card using the same Cuvex device.
Key Advantages of the Cuvex Approach This unique process allows a single Cuvex device to be shared among multiple users, such as members of a family, enabling each person to sign transactions from different wallets using the same device. This unparalleled functionality makes the Cuvex device a standout solution in the blockchain and cryptocurrency sector.
-
Coin Control refers to a set of procedures that allow you to associate specific metadata with your transactions.
This information is stored locally in your Watch Only Wallet (WOW) and is managed exclusively by you. It is not shared or stored elsewhere, ensuring full privacy.
Key Features and Use Cases
-
Tagging Transaction Details: When generating a new receiving address in your wallet, Coin Control enables you to tag relevant information, such as the sender (person or entity) who is transferring Bitcoin to you. This allows you to track the receiving address you provided and monitor future payments.
-
Additional Metadata: You can also label the initial amount received, the purpose of the transaction, or any other details. This ensures you can always trace the origin of any payment and decide whether or not the original sender can monitor the future use of those received Bitcoins on the Bitcoin blockchain.
-
Privacy Alerts: Wallets with Coin Control can generate alerts to help you avoid common privacy pitfalls, such as:
-
Reusing addresses.
-
Overpaying transaction fees.
-
Creating transactions without change outputs.
-
Rounding errors and other situations that may compromise your financial privacy.
-
These alerts aim to enhance your Bitcoin privacy and help you manage your funds securely.
Privacy Implications of Coin Control
One of the most critical aspects of Bitcoin privacy is understanding that when you receive Satoshis in your wallet, you share the receiving address with the sender. This means the sender can monitor how you spend those Bitcoins in the future.
Additionally, when you send Bitcoin to a third party without using Coin Control, you may unknowingly reveal significant information about your total holdings. Many wallets reuse addresses or store all available funds in a single address.
A Real-World Example
Let’s say your wallet has $100,000 in Bitcoin in one address. Without effective Coin Control, when you send $100 to a third party, the transaction will:
-
Transfer the full $100,000 to the blockchain.
-
Deduct $100 for the payment.
-
Return $99,900 to a newly generated change address.
The recipient of your $100 payment can see the change address on the blockchain and deduce the total value of your wallet, which poses significant privacy and security risks.
By leveraging Coin Control, you can mitigate these risks, ensuring greater privacy and control over your Bitcoin transactions.
-
Absolutely nothing!
The Cuvex App is one of the few applications that adheres to a strict zero-knowledge policy. This means that no user data is collected or stored on Cuvex servers.
Unlike most apps on the market, Cuvex does not require users to create a profile. You are not asked to provide an email, password, OTP verification, or undergo any KYC process.
All information entered into the app is stored securely in your smartphone’s secure element. Furthermore, this information is not personal and serves solely as internal management data for the user, with no intrinsic value.
As such, if you lose your smartphone, there is no need to worry about the information stored in the Cuvex App.
Restoring Your "Profile" on a New Smartphone
To restore your app setup on a new smartphone, simply download the Cuvex App from the official app store.
Since there is no login option, your data cannot be recovered from Cuvex servers. Instead, you’ll need to re-link your Cuvex cards as you did with your previous smartphone.
The app will prompt you to create a PIN. This process is conducted entirely on your smartphone, with no data being transmitted over the internet or shared with anyone else. The PIN is stored in your smartphone’s secure element and is known only to you.
Once you access the main menu of the app, you’ll need to re-link your Cuvex cards:
-
Choose the design of your card or take a photo of your personalized card.
-
Start the card linking process. This will activate your smartphone’s NFC, and simply bringing your card close will allow the app to read basic administrative information such as the card alias, firmware version, and hardware version used to create the cryptogram.
It’s important to note that the app does not store or read the cryptogram itself. It only accesses non-encrypted card information needed for administrative purposes.
This information is securely stored in your smartphone’s secure element and can be managed entirely offline.
If the linked card contains information for a wallet created with the Cuvex device using the Dice and Coin method, and you have a backup file of your labels, you can import that file to restore all label information and the wallet’s privacy settings.
In Summary
The Cuvex App ensures your information remains private and accessible only to you. It does not share data with anyone else.
You can restore your "profile" on any new app installation by re-linking your Cuvex cards and, if applicable, importing the backup files of your labels associated with your UTXOs.
-
TRANSCEND
No. Under no circumstances does Cuvex ever have access to your recovery seed phrase. It is fully encrypted offline using the Cuvex device, creating a military-grade AES 256 GCM cryptogram. This cryptogram is then stored on Cuvex NFC cards, which only you have in your possession.
No. Under no circumstances does Cuvex ever have access to the Password that grants your heirs access to your inheritance. This Password is encrypted in the Cuvex App, and the smartphone is required to go offline during the encryption process, generating an AES 256 GCM cryptogram before anything is sent to Cuvex servers. Furthermore, that cryptogram is then encrypted a second time using Shamir’s Secret Sharing by splitting it into no fewer than 50 fragments. Finally, each fragment is encrypted a third time using the public keys of each decentralized Encryptor Node of the Transcend Network.
In short, the Password your heirs can download and decrypt at the time you choose can only be deciphered by them using their Clone card.
Yes. You may access your Transcend contract at any time to edit the life-verification intervals, the additional Coverage period, the contract duration, or to link new cards as the primary cards for managing the inheritance. You can also, if you wish, cancel the Cuvex crypto inheritance service entirely.
All you need is the primary card you used during setup, or any of the secondary cards linked to you as the inheritance issuer.
Whenever you create a Transcend contract, you must designate several cards as the contract’s primary inheritance cards. Because Cuvex does not ask for any personal information, the only way to interact with your inheritance contract is by using the metadata on those primary cards. You can link as many cards as you deem necessary when you create your contract, or later by editing your inheritance contract and linking additional cards as primary.
We recommend linking at least two primary cards to manage your inheritance contract properly.
If all of your heirs lose their inheritance cards, they will lose access to both the recovery seed phrase encrypted on those cards and the second Password that you have not yet provided them. It is critical that your heirs have enough copies to ensure sufficient redundancy. If you only provided one inheritance card to each heir, they can create as many Clones of that card as they feel necessary to guarantee future access. As long as at least one heir retains a copy, they all can access both the recovery seed phrase and the second Password that the Transcend system will deliver to them. Thus, a total loss of the inheritance is highly unlikely.
If your heirs lose the other Password that you gave them privately (the one not encrypted with Transcend), there is no way to decrypt your Wallet’s recovery seed phrase. The AES 256 GCM cryptogram generated by the Cuvex device could take a supercomputer more than 10,000 years to break using current technology.
It is of utmost importance that your heirs safeguard the Password you provide along with a copy of their Cuvex card. This Password alone cannot decrypt the inheritance card, but it is crucial to combine it with the second Password they will eventually retrieve from Transcend. They should memorize it and store it wherever they keep their sensitive passwords, following standard best practices.
The Transcend system is designed such that no data stored within it is of any use to an attacker. All information is encrypted offline before being sent to Transcend Nodes. Once received, it is fragmented using Shamir’s Secret Sharing, and each fragment is then re-encrypted by decentralized encryptors.
Put simply, no information managed by the Transcend system can reveal the Password that you have protected and intend to provide to your heirs. Only your heirs, after the life-verification period and the coverage period have elapsed, can retrieve the missing Password and access their inheritance.
Transcend’s systems are designed so that the entire decentralized network of encryptors stores a backup of all inheritance contracts. Each backup held by every Node in the Transcend network is fragmented and re-encrypted by the other Nodes. As a result, no single Node can decrypt anything by itself, but any Node can facilitate a complete recovery of the system.
Put simply, Transcend’s security lies in its decentralized encryption and redundancy. Completely disabling the network and consequently all inheritance contracts would require compromising 85% of the Nodes worldwide.
In practice, the Clone cards held by your heirs cannot be decrypted by an attacker who steals or copies them, so there is no immediate danger.
The real problem would occur if someone steals or copies your heirs’ inheritance card and obtains the initial Password you gave them. With those two pieces of data, once the life-verification period expires, this attacker could recover the remaining Password needed to access the Wallet.
That is why your heirs must properly safeguard their inheritance, following these recommendations:
-
Do not reveal to anyone that they are recipients of a crypto inheritance through Transcend.
-
Memorize and securely store the first Password they received.
-
Keep as many Clones of their recipient card as they see fit in different secure locations, ideally protected in Faraday pouches.
-
STORE
We ship to more than 160 countries. In the purchase process you will be able to select within the admitted countries.
Usually, between 3 and 10 business days, depending on your destination country.
The price you pay with your order to Cuvex does not include customs taxes.
The transport agency will contact you if it is necessary to pay these taxes from your country of receipt.
By default, and in order not to request any unnecessary personal information, Cuvex delivers a payment receipt. If you need a nominative invoice, you just have to contact us, send us the payment receipt and the data of the natural or legal person who requires the nominative invoice, including full name or company name, address, email and tax identification number.
The official warranty period is 24 months for Cuvex Device.
Any factory faults of the device will be covered.
Cuvex will not repair your device, we will deliver you a completely new one
Unfortunately, we cannot cover any accidental break, bump, wet, moisture, handling or mistreatment suffered by the Cuvex device. Soon you will be able to contract an accident insurance with us.
Unfortunately, we cannot cover any accidental break, bump, wet, moisture, handling or mistreatment suffered by the Cuvex device. Soon you will be able to contract an accident insurance with us.
30 days returns, as long as the factory packaging has not been opened.
You have a replacement guarantee.
Against any manufacturing problem, your Cuvex Device, Faraday Case, and Cuvex NFC Cards, is guaranteed for 24 months.
Please read the store's terms and conditions carefully.