Topic: Secure Element in Hardware Wallets (Read 3075 times)

Likely source: https://raw.githubusercontent.com/EAWF/BTC-Toolbox/3938785f186c76598989cc0aa017ad351483d3b1/Images/KeyDerivationTechnicalOverview.png

A hardware wallet likely only needs to store the "random" Entropy Source and derivation path used at minimum from which all other stuff can be derived. It likely stores more like the Master Secret Key and Master Chain Code to avoid all computation steps again and again which wouldn't make much sense.

The recovery words (Recovery Phrase in above diagram) are likely not stored as they can easily and rather quickly be computed from the Entropy Source.

The optional mnemonic passphrase (your 13th or 25th optional passphrase in addition to the recovery words) shouldn't be stored on the device as it is only needed to derive the Master Secret Key and Master Chain Code from the BIP32 Root Key Derivation. If the optional mnemonic passphrase is empty ie. not used, the derivation steps still use as default 'mnemonic' as optional passphrase as an input to the 2048 rounds of PBKDF2 mill.

I'm pretty sure this Master Secret Key and Master Chain Code are stored and secured by a hardware wallet. If Ledger crap e.g. has a dedicated unlock pin for a wallet with optional mnemonic passphrase then, that unlock PIN secures that unique Master Secret Key and Master Chain Code of a derivation with that optional mnemonic  passphrase. This adds some convenience but hides security of a complex optional mnemonic passphrase in addition to the security of the Entropy Source behind a short PIN (security-wise not such a big issue as you have very limited number of tries to enter such a unlock PIN). I would still recommend to have an unlock PIN at least eight digits long or using more complexity.

Don't take my words for granted as I haven't read a lot of the firmware source code of open source hardware wallets. I'm just interpreting what I would do if I were a developer. Do not choose a hardware wallet with closed source firmware, thus Ledger should be out of competition for various reasons.

Try to get behind the security model of other hardware wallet competitors and how they cope with attack vectors and securing the important secrets of your wallet.


To understand HD wallets better, I recommend working through pages at https://learnmeabitcoin.com/technical/keys/hd-wallets/.

Hi everyone.

can't understand what exactly is stored on the device, judging from what I read on them.

What do I really want to know - what is stored on the device?
- The entropy
- Seed phrase (mnemonic)
- Master seed (bip39 seed)

It sounds reasonable to store master seed (bip39 seed) - it's not human readable, you can derive keys from it, it can be restored via mnemonic, yet it can't be used to generate addresses for some coins (doge coin for examlple) or use the passphrase (another question i have).
But as far as I understand, Trezor keeps the seed phrase in it.
So the question remains... Specifically I'm interested in how it's implemented in keystone, trezor, ledger and onekey.

Another question - passphrase.
To use it after the wallet is created - you need the seed phrase to be present on the device, right? otherwise how would you use it as a 13 / 25 words?

I'd appreciate the help a lot! struggling with the choice and understanding right now

Yeah it should be like that, Trezor website also added that information recently, thank you for noticing it.
I added EAL6+ certification for Trezor 3 Safe, and if you are free to report anything else that is missing or incorrect in this list.
Hardware wallets are changing stuff al the time, so there could be some information that is outdated.

It probably should. According to the chip specifications here, it shows the certification type as EAL6+. More precisely, "CC EAL6+ high for HW." That description is for model SLS32AIA.

@dkbit98
You might probably find the missing certification types for some of the chips by googling the model followed by 'EAL', then just search and see if it says EAL5, EAL6, or something else.

Very helpful post!
Should Trezor safe 3 with Infineon OPTIGA Trust M be EAL6+? The table shows it's N/A.

This list is now cleaned up and updated with new information.
I removed few devices that are not available anymore, and I identified secure element for Imkey hardware wallet as they released this inpublic.
Imkey Pro is using SLE 78CLUFX5000PH chip made by Infineon and it has CC EAL6 certification.


https://imkey.im/

Other hardware wallet manufacturers (Trezor, SecuX, HyperMate, Hashwallet, Keevo, Jubiterwallet) are using secure elements made by Infineon, but this exact model SLE 78CLUFX5000PH is used only for Imkey Pro.
If you notice any mistakes or if you have additional information about secure elements please post it here.

I made a small update in the list and changed Jade wallet secure element from NO to Virtual.
Reason for this is because this is different approach from all other hardware wallets that don't have any physical secure element by default, and as far as I know nobody uses anything similar like Jade.
This approach is not the same like regular secure elements available in market today, but it manages to keep everything reasonably safe and fully open source.

You can find more information about Jade Virtual secure element and watch few minutes long video explanation on their website:
https://help.blockstream.com/hc/en-us/articles/13745404122265-Does-Blockstream-Jade-have-a-secure-element-

So basically nothing really changed in their hardware, but they decided to change and increase EAL certification just because they can do it and for them it sounds better like this
I will update information in table, but like I said before, nobody cares about this, especially not for ledger wallets, they already destroyed any leftover reputation they had.

We are from KriptoBR Official Reseller of Ledger, Trezor, SecuX and BitBox in Brazil.

We received the email from Ledger notifying us, that's why I informed them here, I asked if the chip had been changed and no, they confirmed that there hadn't been, it was just the update.

They even changed the website where EAL6+ already appears

This is only for Ledger Nano S Plus and for Ledger Stax, but it means nothing to you or me.
If they changed EAL certification that usually means they made some changes with secure elements, but I didn't see any news about that.

Ledger has just changed its website stating that LNS PLUS models are EAL6+ certified

Not for the purpose to  dissuade you from your opinion but to tell you that not all is unambivalent in the project engineering involved into design of Tropic Square   I will cite Zach Herbert, the founder of Foundationdevices, known for their Passport HW, on this matter:

I am not a prophet to know the future.
Satoshi Labs exists for TEN long years, and they are specifically dedicated to hardware wallets and Bitcoin development, so YES I think they can outperform it for use case of cryptocurrency devices.
They will control everything about new Tropic Square chips with direct partnership with manufacturer, so it should work better for hardware wallets.

Do you anticipate that a secure element from a company that has never been involved in chip development( I mean  SatoshiLabs) could outperform OPTIGA Trust M developed by Infineon, a company with nearly a quarter-century history in this business?

In my opinion, it would likely require a few years of extensive field testing before Tropic Square, their long-awaited product, gains the trust of the cryptocommunity.

Interesting news coming up in world of secure elements in hardware wallets.
Trezor was announced for some time they are working in their own secure element, but this product is not production ready yet, so they came up with second best solution.

With new Trezor Safe 3 hardware wallet they introduced open source secure element Infineon OPTIGA Trust M!

 

Infenion is German based chip manufacturer and company was created back in 1999, so they have 24 long history in making microchips and security products.
For me it's important to say that company is based in Europe so it should be easier and faster for Trezor to buy all secure elements they need.

Infineon OPTIGA Trust M has open source code that can be verified on github and it has MIT license:
https://github.com/Infineon/optiga-trust-m

As stated on their website, use cases for this secure elements are  mutual authentication, secured communication, secured updates, key provisioning, life-cycle management, data store protection, power management,platform integrity protection, secured zero-touch provisioning.
Official website is showing more information and details about this product, and it is confirmed to be CC EAL6+ certified security controller :
https://www.infineon.com/cms/en/product/security-smart-card-solutions/optiga-embedded-security-solutions/optiga-trust/optiga-trust-m-sls32aia/

Some other hardware wallet manufacturers previously used secure elements made by Infineon, but none of them used this exact model Infineon OPTIGA Trust M, but please correct me if I am wrong.
Jubiterwallet, HyperMate and Secux all use unknown Infineon chips, Keevo wallet used Infineon Optiga Trust-P, Hashwallet uses Infineon SLE78.

Overall I am happy with changes that Trezor made, and I am still waiting to see their own secure element, but sadly this will have to wait until 2025 or 2026 

I know, but I was a bit lazy to replace this and all my other images after imgur incident, even if I know there is nice tool to do everything much faster.
Anyway, image is replace now, but it's nothing special just random chip that is not really important for the context.

I don't really care about EAL numbers so much since nobody can verify this for closed source secure elements.
Hardware wallet can have highest possible EAL rating and it can still be total crap.

I can create my own trust rating but it means nothing, similar like difference between EAL7, EAL6 or EAL5.

Sounds like a scam to me, all this money just to get some ''certificate'' of security, and there is no guarantee someone wont exploit it, only guarantee is signed NDA aka silence.

The certification is quite expensive and time consuming. IIRC, EAL4 already costs >$200k (possibly a lot higher) and a year. Going any further than that, it would probably cost more and takes longer. From the business standpoint, it isn't very practical.

I would prefer if HW manufacturers don't release a new HW wallet that often; most are secure enough and it isn't IPhone where obsolesce is a big concern.

Updated to 2023/24.
I am not a fortune teller, and my predictions are based on Trezor posted articles, blogs, and tweets, and I don't know exact release date.

I didn't see any official news but I think they are working on new device with new secure element, last thing I saw is them receiving new chips from manufacturers.

Looking at the information in your table, I can see that you mentioned that Trezor plans to introduce a secure element during 2022. We are now in mid 2023 and it hasn't yet been released. Maybe you can make a quick update to that line and place a different date or use different wording?
When we are on the subject of Trezor's work on the new SE, as someone who follows that closer than me, is there anything new to report on that? Have they released new release dates or reports on their progress?