Nonce Control & Physical Handover
Standard hardware wallets are designed for personal custody. They are not designed to be handed over to another person. If you give a Ledger or Trezor to someone else, you could have retained a copy of the seed phrase, or you could have pre-signed a transaction to sweep the funds later.
To solve this and enable bearer instruments (like the Swap Card or Tokentags holding NFTs), Tokentagged implements a patented Nonce Control Mechanism.
The Pre-Signing Problem
In Ethereum (and all EVM chains), every transaction requires a Nonce (a sequential counter).
- Transaction 1 uses Nonce
0. - Transaction 2 uses Nonce
1. - ...and so on.
The Attack Vector:
A malicious owner could create a transaction with Nonce 10 that empties the wallet, sign it with the card, but not broadcast it to the blockchain yet. They then hand the physical card to a buyer. The buyer checks the blockchain: "Balance is full, Nonce is 9." The buyer accepts the card.
Later, the previous owner broadcasts the pre-signed Transaction 10, stealing the funds.
The Solution: Stateful Hardware
The Tokentagged secure element does not just sign blindly; it maintains an internal state of the highest nonce ever signed (Nonce_Chip).
1. On-Chip Logic (Enforcement)
When a transaction is requested, the chip performs the following checks internally:
- Parse & Hash: The chip receives the raw transaction, parses it, and calculates the Keccak256 hash on-board. This ensures the chip "knows" exactly what Nonce is being signed.
- Compare: It checks the Transaction Nonce (
Nonce_Tx) against its internal storage (Nonce_Chip). - Update: If signed successfully, the chip updates its internal storage:
Nonce_Chip = Nonce_Tx.
2. Verification Logic (Handover Check)
Before accepting a Swap Card or a Tokentag carrying an NFT, the recipient performs a check via the Web App (NFC scan).
Safe State:
Nonce_Chip==Nonce_Blockchain
Nonce_Chip: The counter stored on the card (last signed action).Nonce_Blockchain: The current counter of the address on the network.
If Nonce_Chip > Nonce_Blockchain, it means transactions have been signed but not yet executed. The card is potentially compromised (pre-signed).
Verification Flow
The following diagram illustrates how a user verifies if a Swap Card is safe to accept physically.
While Nonce Control guarantees that no transactions are hidden (pre-signed), a safe handover requires a holistic audit. The Tokentagged Web App performs a 4-step validation before displaying the "Safe" status:
- Hardware Authenticity: Verifies the Root & Card Attestation signatures to ensure the chip is genuine and issued by Tokentagged.
- Wallet Integrity: Validates the Wallet Signature to prove that the chip physically holds the Private Key for the displayed Ethereum address.
- Nonce Sync: Compares internal vs. blockchain state to detect pre-signed transactions (Nonce Control).
- Allowance Check: Scans for risky permissions (
approve/setApprovalForAll) to ensure no third party can drain funds after the handover.
Enabled Use Cases
This mechanism turns the private key carrier into a trustless bearer instrument.
1. The Crypto Swap-Card
- Function: Functions like physical cash.
- Scenario: Alice loads 0.1 ETH onto the card. She hands the card to Bob. Bob taps the card, sees "Status: Safe", and accepts it. Alice cannot steal the funds back because she cannot have pre-signed a stealing transaction without the chip recording it.
2. Tokentags as NFT Holders (RWA)
- Function: The physical object holds its own digital certificate.
- Scenario: A physical artwork has a Tokentag. The NFT representing the artwork is held in the wallet of the tag itself (not in the artist's wallet).
- Handover: When the artwork is sold, the physical tag is handed over. The new owner taps it, verifies the Nonce state, and knows they now exclusively control the NFT. No wallet transfer required at the moment of sale.