Topic: Secure Element in Hardware Wallets - page 3. (Read 3075 times)
Hi all! Wanted to share a Twitter Spaces we at Foundation hosted a few weeks back about secure elements; we dove into some nuances. Check it out: https://twitter.com/FOUNDATIONdvcs/status/1617879545708961792
Update and more information about Trezor SatoshiLabs new TROPIC01 secure element.
According to post from Tropic Square CEO Evzen Englberth, design of chips is functional and I they can move to next phase of development.
TROPIC01 is manufactured by UMC in Taiwan, it will be 55nm chip packaged in Malaysia, and final chip will be 4x4mm with Ibex RISCV core.
RISCV means that the chip will be open source and auditable.
It's interesting that Trezor already started working on TROPIC02, complete SoC (System-on-Chip) that will have integrated TROPIC01 and the application processor cores.
https://www.linkedin.com/posts/evzen-englberth_riscv-riscv-riscv-activity-7027210506398507008-V0-j
According to post from Tropic Square CEO Evzen Englberth, design of chips is functional and I they can move to next phase of development.
TROPIC01 is manufactured by UMC in Taiwan, it will be 55nm chip packaged in Malaysia, and final chip will be 4x4mm with Ibex RISCV core.
RISCV means that the chip will be open source and auditable.
It's interesting that Trezor already started working on TROPIC02, complete SoC (System-on-Chip) that will have integrated TROPIC01 and the application processor cores.
https://www.linkedin.com/posts/evzen-englberth_riscv-riscv-riscv-activity-7027210506398507008-V0-j
I previously talked about security issues with some secure elements like ATECC508A that was used in older versions of ColdCard hardware wallets.
That was later been fixed with updated replacement chip model ATECC608A from the same manufacturer, but that was also reported to have some issues.
Manufacturer came up with new model ATECC608B, but some hardware wallets are still using old version ATECC608A including Passport, OneKey, Husky and Cypherock X1.
I am posting here sources that shows why exactly chip ATECC608A is not safe to be used in hardware wallets.
This was presented by Olivier Heriveaux from ledger team and it's called Defeating a Secure Element with Multiple Laser Fault Injections, and they are also working on breaking ATECC608B:
https://www.blackhat.com/us-21/briefings/schedule/index.html#defeating-a-secure-element-with-multiple-laser-fault-injections-23330
https://i.blackhat.com/USA21/Wednesday-Handouts/us-21-Defeating-A-Secure-Element-With-Multiple-Laser-Fault-Injections.pdf
Same team worked with Karim Abdellatif on breaking Firmware Encryption of ESP32 devices, and we see this was recently found usage in some DIY bitcoin signing devices and Jade hardware wallet, so it is worth mentioning.
https://www.blackhat.com/us-22/briefings/schedule/#unlimited-results-breaking-firmware-encryption-of-esp-v-26345
https://i.blackhat.com/USA-22/Wednesday/US-22-ABDELLATIF-Unlimited-Results-Breaking-Firmware-Encryption.pdf
Video Breaking Firmware Encryption of ESP32-V3:
https://www.youtube.com/watch?v=wfZHQocTsZo
That was later been fixed with updated replacement chip model ATECC608A from the same manufacturer, but that was also reported to have some issues.
Manufacturer came up with new model ATECC608B, but some hardware wallets are still using old version ATECC608A including Passport, OneKey, Husky and Cypherock X1.
I am posting here sources that shows why exactly chip ATECC608A is not safe to be used in hardware wallets.
This was presented by Olivier Heriveaux from ledger team and it's called Defeating a Secure Element with Multiple Laser Fault Injections, and they are also working on breaking ATECC608B:
https://www.blackhat.com/us-21/briefings/schedule/index.html#defeating-a-secure-element-with-multiple-laser-fault-injections-23330
https://i.blackhat.com/USA21/Wednesday-Handouts/us-21-Defeating-A-Secure-Element-With-Multiple-Laser-Fault-Injections.pdf
Same team worked with Karim Abdellatif on breaking Firmware Encryption of ESP32 devices, and we see this was recently found usage in some DIY bitcoin signing devices and Jade hardware wallet, so it is worth mentioning.
https://www.blackhat.com/us-22/briefings/schedule/#unlimited-results-breaking-firmware-encryption-of-esp-v-26345
https://i.blackhat.com/USA-22/Wednesday/US-22-ABDELLATIF-Unlimited-Results-Breaking-Firmware-Encryption.pdf
Video Breaking Firmware Encryption of ESP32-V3:
https://www.youtube.com/watch?v=wfZHQocTsZo
First list update for new 2023 year is coming for new hardware wallet called Hito, that is currently available for presale.
Hit wallet is open source and information I have is that they are using one microchip with integrated secure storage, so it's different approach compared to all other hardware wallets.
They are using Nordic Semiconductor model nRF5340 first wireless SoC with two Arm Cortex M33 processor that has built in support for Bluewtooth and NFC.
We don't have confirmation for this because Hito hardware wallet was not officially released in public yet.
https://www.nordicsemi.com/products/nrf5340
https://hito.xyz/
Hit wallet is open source and information I have is that they are using one microchip with integrated secure storage, so it's different approach compared to all other hardware wallets.
They are using Nordic Semiconductor model nRF5340 first wireless SoC with two Arm Cortex M33 processor that has built in support for Bluewtooth and NFC.
We don't have confirmation for this because Hito hardware wallet was not officially released in public yet.
https://www.nordicsemi.com/products/nrf5340
https://hito.xyz/
The device does look amazing, though! 
I'd love to try it, but closed source and multi-coin aren't my thing..
It does look great and I wonder how much money they paid Apple designer Tony Fadell, probably a lot, but let's wait and see actual reviews from customers. I'd love to try it, but closed source and multi-coin aren't my thing..
As well as paying big money to get the device featured in music videos and similar. Oh well; I guess we can discuss on a dedicated thread (if you haven't already created it) in case there's more about this to talk about.
The device does look amazing, though! I'd love to try it, but closed source and multi-coin aren't my thing..
It does look great and I wonder how much money they paid Apple designer Tony Fadell, probably a lot, but let's wait and see actual reviews from customers. I'd love to try it, but closed source and multi-coin aren't my thing..I also said that I like they are the first hardware wallet using e-ink display, but device is to expensive for me, and under the hood it's almost the same thing as ledger nono S plus.
Maybe Trezor will make something similar with their new version R, and there is one similar open source wallet OneKey Touch:
https://onekey.so/products/onekey-touch-hardware-wallet/
New hardware wallet Ledger Stax is added to the list with secure element chip ST33K1M5, and it has EAL5+ certification.
This is newer model of STMicroelectronics chips that ledger is using in all of their devices, it is high speed MCU with 32-bit Arm Cortex-M35P CPU, and ledger is using this exact secure element in their S plus model, so nothing new to see here.
We still don't know what microcontroller model ledger is using in Stax, but I am sure it's something from STM32 family of chips.
It should also be mentioned that this secure element is totally closed source, and ledger have signed NDA with them.
The device does look amazing, though! This is newer model of STMicroelectronics chips that ledger is using in all of their devices, it is high speed MCU with 32-bit Arm Cortex-M35P CPU, and ledger is using this exact secure element in their S plus model, so nothing new to see here.
We still don't know what microcontroller model ledger is using in Stax, but I am sure it's something from STM32 family of chips.
It should also be mentioned that this secure element is totally closed source, and ledger have signed NDA with them.
I'd love to try it, but closed source and multi-coin aren't my thing..Big news coming from Tretor and Tropic Square, they finally received first TROPIC01 chip prototypes and they released first picture of them!
Something big is coming soon, while others (read ledger) are making same old junk in new shiny packaging
https://nitter.weiler.rocks/tropicsquare/status/1600469041432313857#m
Great news! This one might get a n0nce review. Something big is coming soon, while others (read ledger) are making same old junk in new shiny packaging
https://nitter.weiler.rocks/tropicsquare/status/1600469041432313857#m
One good thing after US semiconductor sanctions is that we are facing big push for open source RISC-V chip architecture, that is ironically first conceived in US, Berkeley, in 2010.
Chinese government and private sector (probably other countries under sanctions) are now all working together to avoid US sanctions, and they are indirectly helping production of open source chips.
RISC-V chips could soon be real competition for Intel and AMD chips, and we could see fully open source devices soon, both hardware and software, and this could be used for hardware wallets in future.
Trezor is working on new generation wallet with their new TROPIC01 chip, but they could face competition from China soon.
It'0s not directly related to hardware wallets, but you can read full article below:
https://asiatimes.com/2022/12/open-source-ic-architecture-taking-off-in-china/
Chinese government and private sector (probably other countries under sanctions) are now all working together to avoid US sanctions, and they are indirectly helping production of open source chips.
RISC-V chips could soon be real competition for Intel and AMD chips, and we could see fully open source devices soon, both hardware and software, and this could be used for hardware wallets in future.
Trezor is working on new generation wallet with their new TROPIC01 chip, but they could face competition from China soon.
It'0s not directly related to hardware wallets, but you can read full article below:
https://asiatimes.com/2022/12/open-source-ic-architecture-taking-off-in-china/
New hardware wallet Ledger Stax is added to the list with secure element chip ST33K1M5, and it has EAL5+ certification.
This is newer model of STMicroelectronics chips that ledger is using in all of their devices, it is high speed MCU with 32-bit Arm Cortex-M35P CPU, and ledger is using this exact secure element in their S plus model, so nothing new to see here.
We still don't know what microcontroller model ledger is using in Stax, but I am sure it's something from STM32 family of chips.
It should also be mentioned that this secure element is totally closed source, and ledger have signed NDA with them.
EDIT:
Big news coming from Tretor and Tropic Square, they finally received first TROPIC01 chip prototypes and they released first picture of them!
Something big is coming soon, while others (read ledger) are making same old junk in new shiny packaging
https://nitter.weiler.rocks/tropicsquare/status/1600469041432313857#m
This is newer model of STMicroelectronics chips that ledger is using in all of their devices, it is high speed MCU with 32-bit Arm Cortex-M35P CPU, and ledger is using this exact secure element in their S plus model, so nothing new to see here.
We still don't know what microcontroller model ledger is using in Stax, but I am sure it's something from STM32 family of chips.
It should also be mentioned that this secure element is totally closed source, and ledger have signed NDA with them.
EDIT:
Big news coming from Tretor and Tropic Square, they finally received first TROPIC01 chip prototypes and they released first picture of them!
Something big is coming soon, while others (read ledger) are making same old junk in new shiny packaging
https://nitter.weiler.rocks/tropicsquare/status/1600469041432313857#m
Cypherock X1 hardware wallet is added to the list with full transparent information about secure elements and microntrollers.
This device is certified with EAL5+ certification, and it using one secure element for main device ATECC608A, and second secure element NXP JCOP3 is used in cards you receive in package with device.
Cypherock is using same outdated secure element like some other hardware wallets like ColdCard Mk3, Passport, OneKey Mini and Husky HDW20.
It's currently harder to find new chip version ATECC608B, but they should make replacement as soon as possible.
This device is certified with EAL5+ certification, and it using one secure element for main device ATECC608A, and second secure element NXP JCOP3 is used in cards you receive in package with device.
Cypherock is using same outdated secure element like some other hardware wallets like ColdCard Mk3, Passport, OneKey Mini and Husky HDW20.
It's currently harder to find new chip version ATECC608B, but they should make replacement as soon as possible.
Adding some more information I found about upcoming Trezor prototype chip, and I didn't see this posted before or I missed it somehow.
Prototypes and the mass production of truly open integrated circuit chips are going to be made by UMC, a leading manufacturer of semiconductors from Taiwan.
UMC was already mentioned as the manufacturer of the chips in some earlier announcements. I remember the name either from sources you shared or maybe the Czech blog post that was posted on the forum a couple of weeks ago. Prototypes and the mass production of truly open integrated circuit chips are going to be made by UMC, a leading manufacturer of semiconductors from Taiwan.
UMC headquarter is in Hsinchu, Taiwan, but good thing they are located in different locations in mainland China, as well as in Japan and Singapore.
UMC already operates out of two locations in China and if the US and China come to an agreement, maybe their Taiwanese headquarters will be called China in a few weeks or months as well.
Adding some more information I found about upcoming Trezor prototype chip, and I didn't see this posted before or I missed it somehow.
Prototypes and the mass production of truly open integrated circuit chips are going to be made by UMC, a leading manufacturer of semiconductors from Taiwan.
UMC headquarter is in Hsinchu, Taiwan, but good thing they are located in different locations in mainland China, as well as in Japan and Singapore.
https://bitcoinmagazine.com/business/tropic-square-launches-open-source-chip-prototype-for-bitcoin-hardware
Prototypes and the mass production of truly open integrated circuit chips are going to be made by UMC, a leading manufacturer of semiconductors from Taiwan.
UMC headquarter is in Hsinchu, Taiwan, but good thing they are located in different locations in mainland China, as well as in Japan and Singapore.
https://bitcoinmagazine.com/business/tropic-square-launches-open-source-chip-prototype-for-bitcoin-hardware
Quote
Tropic Square is preparing the so-called Secure Element (SE) chip, which is supposed to be largely open. Among other things, this will enable its auditability. It is supposed to verify, among other things, that the chip is manufactured exactly according to the design, and therefore that there has been no modification or addition of an implant in the supply chain (generally referred to as a supply chain attack).
Source: https://www.lupa.cz/aktuality/cesky-cip-tropic-square-jde-do-vyroby-vyrabet-se-bude-na-tchaj-wanu/?utm_source=rss&utm_medium=text&utm_campaign=rss Whenever Trezor's new device with TROPIC01 comes to market, I hope it won't be as expensive as their Trezor T is currently.
I doubt it's going to be cheaper, and with global inflation slowly turning into hyperinflation I would say this is almost impossible.I expect prices for most hardware wallets and other electronic devices to go up in near future, especially with shortage of everything.
Co-founder of Trezor replied to a question
Hmmm... I expected device release in 2023, but time flies.
I think they could create some pre-order campaign in 2023 with special discount prices to collect more money/coins from people.
Would I pre-order this device? - Maybe, depending on price and specification I would consider purchasing it, but it's need to offer something really unique.
Co-founder of Trezor replied to a question:
From his Czech speaking twitter account.
https://twitter.com/Lupacz/status/1552555325026443265?cxt=HHwWgoC9pfS15IsrAAAA
https://twitter.com/slushcz/status/1552909830691643393
Quote
@Petr Flídr
Je nějaký odhad, kdy by mohl být první trezor s tímto čipem?
@slushcz
Realisticky 2024, hardware is hard :-).
Je nějaký odhad, kdy by mohl být první trezor s tímto čipem?
@slushcz
Realisticky 2024, hardware is hard :-).
Quote
@Petr Flídr
Any guess when the first trezor with this chip might be?
@slushcz
Realistically 2024, hardware is hard :-).
Any guess when the first trezor with this chip might be?
@slushcz
Realistically 2024, hardware is hard :-).
From his Czech speaking twitter account.
https://twitter.com/Lupacz/status/1552555325026443265?cxt=HHwWgoC9pfS15IsrAAAA
https://twitter.com/slushcz/status/1552909830691643393
Whenever Trezor's new device with TROPIC01 comes to market, I hope it won't be as expensive as their Trezor T is currently.
Am I correct in assuming that they altered their previous plans and chose to go with the "100%" open-source route or there are still some parts of it that don't fall into that category?
This is the first official announcement in which I see the mention of the term "transparent" secure element. In the past, they called it either open-source or "as open source as possible" which was evident from their early announcements. The latest info dkbit98 shared mentions they are against "closed products". So the idea is still to create a different type of component from the traditional closed-source chips, but probably not a fully open-source SE. "As open-source as possible" should still be the most correct definition based on what we have seen up till now. Am I correct in assuming that they altered their previous plans and chose to go with the "100%" open-source route or there are still some parts of it that don't fall into that category?
To be fair they claimed before that new secure element will be open source as much as possible, but let's wait and see what transparent exactly means.So far Trezor proved they won't use any insecure or closed source chips with secret NDAs, and they could do it many times, but they don't make compromises like others.
The first product to showcase that secure element it's probably going to be their upcoming "Trezor Model R [confirmed by Rusnak]", but there's still no roadmap [AFAIK].
- I counted "26 open issues for this specific model" on the first two pages alone, so I doubt it could show up prior to the completion of this SE.
Oh that's nice, first time I see this information about TrezoRRR... - I counted "26 open issues for this specific model" on the first two pages alone, so I doubt it could show up prior to the completion of this SE.
but sadly prusnak said it's wont be available any time soon (that was back in May). 
they are saying that first prototypes of their new transparent secure element is currently in production and they should receive them in the end of October 2022!
Am I correct in assuming that they altered their previous plans and chose to go with the "100%" open-source route or there are still some parts of it that don't fall into that category?Third, which products will use it and when will those be available? (Might take even longer, but I'd expect a new Trezor device to show up first.)
The first product to showcase that secure element it's probably going to be their upcoming "Trezor Model R [confirmed by Rusnak]", but there's still no roadmap [AFAIK].- I counted "26 open issues for this specific model" on the first two pages alone, so I doubt it could show up prior to the completion of this SE.
From the tl;dr all the info on the TROPIC01 is it pin and / or instruction compatible with other secure elements to any degree?
For the wallets that are almost done now or will be done by the end of the year they are going to be using whatever you can get today.
I am not sure if it's going to be compatible with other secure elements, but it's going to be more secure and transparent, so that means no more hidden NDA's.For the wallets that are almost done now or will be done by the end of the year they are going to be using whatever you can get today.
Current market is hungry for secure elements of any kind and I am sure they are going to have very good sales if they manage to pull this of in time, and use current global chip shortage.
Behind the scenes Trezor is 100% already working on new hardware wallet device that is going to be compatible with this secure element, that is the only way they can compete with ledger.
I will always choose open source hardware wallet with transparent secure element, instead of black box NDA closed source marketing propaganda devices.
Jump to: