Safe Signing

Zypher Hardware

Zypher is an air-gapped EVM signer using optocouplers for physically one-directional data flow. Open-source from silicon to firmware.

Overview Why hardware isolation Architecture Optocouplers Firmware The Rust filter Signing flow vs. Existing wallets Verify it yourself

Overview

Zypher is an air-gapped EVM transaction signer. It uses optocouplers (6N137 high-speed logic isolators) to enforce physically one-directional data flow between an agent-facing MCU and a signing MCU.

The core principle: light goes one direction through a diode. No firmware exploit, no side-channel attack, no supply chain compromise can reverse a photon. The isolation is enforced by physics, not software.

Don't trust software. Trust physics.
Open-source. Auditable from silicon to firmware. EVM-compatible — any chain, any contract, any calldata.

Why hardware isolation

Every existing hardware wallet has a software trust boundary:

Ledger/Trezor: USB connection = bidirectional data channel. Firmware has physical access to keys.
Keystone: QR codes are better (no electrical connection), but the device still runs complex firmware with key access.
Safe (multisig): No hardware isolation at all — signers use browser wallets.

Zypher eliminates the software trust boundary. The signing MCU is physically incapable of sending data anywhere except through a one-way optocoupler output. Even if the agent-side MCU is fully compromised, it cannot extract keys from the signing side — the photon flows in one direction only.

Architecture

Two RP2040 microcontrollers. Three 6N137 optocouplers. Two 3.5" IPS displays (320×480). One Rust ASCII filter.

Optocouplers: 6N137

The 6N137 is a high-speed optocoupler with a built-in photodetector and Schmitt trigger output. Inside: an LED emits light, a photodiode on the other side detects it. The two sides share no electrical connection.

Three channels:

DATA IN → — calldata bytes flow from agent MCU to signing MCU. One direction only.
CLOCK → — synchronization clock. Agent controls timing.
SIG OUT ← — signed transaction bytes flow back. Reversed direction — signing MCU drives this LED.

Each channel is physically one-directional. The LED can only emit; the photodetector can only receive. There is no way to reverse the data flow without physically rewiring the circuit.

Firmware

Each RP2040 runs approximately 150 lines of C firmware. The agent MCU handles:

USB serial communication with the host computer
Calldata decoding and human-readable display
Forwarding raw bytes through the DATA optocoupler
Receiving signed bytes from the SIG OUT optocoupler
Post-sign verification: comparing signed TX with original calldata byte-by-byte

The signing MCU handles:

Receiving calldata bytes through the optocoupler
Decoding and displaying the transaction on its own screen
Waiting for physical button press (user confirmation)
Signing with the private key held in RAM
Outputting the signature through the SIG OUT optocoupler

The Rust ASCII filter

The only trusted code in the entire Zypher architecture. 32 lines of Rust. It filters all data passing through the optocouplers to printable ASCII only (bytes 0x20–0x7E).

// Zypher ASCII filter — the ONLY trusted code path
// If a byte is not printable ASCII, it is dropped.

fn filter_ascii(input: &[u8]) -> Vec<u8> {
    input
        .iter()
        .copied()
        .filter(|&b| b >= 0x20 && b <= 0x7E)
        .collect()
}

// No parsing. No state machine. No escape sequences.
// If you can't print it, it doesn't pass.

This filter runs on both MCUs. Its purpose: ensure that no binary exploit payload can pass through the display as invisible bytes. Everything the MCU processes must be human-readable.

Signing flow

Agent host sends unsigned calldata to Zypher via USB serial.
Agent MCU decodes the calldata and displays it on Display 1.
Agent MCU forwards raw bytes through the DATA optocoupler.
Signing MCU receives bytes, decodes independently, displays on Display 2.
You compare both displays. If they match, press the physical SIGN button.
Signing MCU signs the transaction with the private key.
Signature passes back through the SIG OUT optocoupler.
Agent MCU receives signature, verifies it matches original calldata byte-by-byte.
Agent host broadcasts the signed transaction.

Comparison with existing wallets

Feature	Ledger/Trezor	Keystone	Safe (multisig)	Zypher
Connection	USB/BT	QR (air-gap)	Browser wallet	Optocoupler (physics)
Key isolation	Secure element	Secure element	None (hot wallet)	Separate MCU, no electrical path
Firmware attack surface	Complex (BT stack, USB, apps)	Medium (QR decode)	Full browser	~150 lines C + 32 lines Rust
Open source	Partial	Partial	Yes (contracts)	Full (hardware + firmware)
Data exfiltration	Possible via USB/BT	Possible via QR	Trivial	Physically impossible
Dual display verification	No	No	No	Yes — independent MCU per display

Verify it yourself

Zypher is designed so that a person with zero electronics background can verify every component:

Read the Rust filter — 32 lines. If you can read English, you can read this code.
Check the optocouplers — 6N137 datasheets are public. Verify the LED → photodetector direction.
Inspect the PCB — two zones, no shared traces. Visible to the naked eye.
Audit the firmware — ~150 lines of C per MCU. No network stack, no Bluetooth, no USB host.
Compare displays — both show the same transaction. If they differ, don't sign.

From silicon to firmware.
Every component is off-the-shelf. Every line of code is open-source. The security model is physics, not trust.