Secure Element in Hardware Wallets

[dkbit98]

Quick update, all Passport units shipping from two weeks ago (and ongoing) now use the Microchip 608b secure element.

Thanks for keeping us up to date with this change.
I updated this information in my table, but it should be noted that most people still use old ATECC608A version.

Research published in that paper claims that ATECC608B  can still be defeated with the laser beam. What would you say about this?

Oh no, it looks like we are going to see new version ATECC608C version coming out soon (this is just my speculation).
But seriously now, all secure elements have flaws and I think all other secure element chips are more closed and it's much harder to find security flaws in them because of signed NDA crap 
I never heard of anyone having success with exploiting even older ATECC608A chips in hardware wallets, but it's always better to upgrade if possible.

[1714669044]

1714669044

[1714669044]

1714669044

[1714669044]

1714669044

[zherbert]

Research published in that paper claims that ATECC608B  can still be defeated with the laser beam. What would you say about this?

Oh no, it looks like we are going to see new version ATECC608C version coming out soon (this is just my speculation).
But seriously now, all secure elements have flaws and I think all other secure element chips are more closed and it's much harder to find security flaws in them because of signed NDA crap 
I never heard of anyone having success with exploiting even older ATECC608A chips in hardware wallets, but it's always better to upgrade if possible.

Thank you for sharing this. NVK came after us pretty hard about using the 608a while they were shipping with the 608b, even going as far as pulling our investors and employees aside at conferences to tell them that we are shipping insecure "pwned" hardware.

I've always been very consistent in stating that no chip is perfectly secure, and that the 608b will likely be vulnerable to similar laser-based attacks (eg https://stacker.news/items/85239).

I think the most important thing is to not put all your eggs in one basket – don't rely 100% on a single chip for secure key storage and don't blindly trust an MCU or secure element.

Additionally, these laser based attacks require destroying the hardware wallet and the secure element chip itself, and they require higher-end lab equipment to perform. If you're someone who might be targeted because you're storing large amounts (hundreds of thousands or millions of dollars) of Bitcoin, consider using a passphrase and/or multisig.

[ranochigo]

Oh no, it looks like we are going to see new version ATECC608C version coming out soon (this is just my speculation).
But seriously now, all secure elements have flaws and I think all other secure element chips are more closed and it's much harder to find security flaws in them because of signed NDA crap  
I never heard of anyone having success with exploiting even older ATECC608A chips in hardware wallets, but it's always better to upgrade if possible.

They have: https://i.blackhat.com/USA21/Wednesday-Handouts/us-21-Defeating-A-Secure-Element-With-Multiple-Laser-Fault-Injections.pdf.

ATECC608B is still vulnerable in the same fashion. However, it is very difficult to execute and requires specialized equipment and skills with little to no room for error.

Thank you for sharing this. NVK came after us pretty hard about using the 608a while they were shipping with the 608b, even going as far as pulling our investors and employees aside at conferences to tell them that we are shipping insecure "pwned" hardware.

Interesting. They had an article on how the laser fault injection is not practical and not likely to be exploited and dismissed their reports. Talk about twisting narratives.

[Pmalek]

Looking at the information in your table, I can see that you mentioned that Trezor plans to introduce a secure element during 2022. We are now in mid 2023 and it hasn't yet been released. Maybe you can make a quick update to that line and place a different date or use different wording?
When we are on the subject of Trezor's work on the new SE, as someone who follows that closer than me, is there anything new to report on that? Have they released new release dates or reports on their progress?

[dkbit98]

Looking at the information in your table, I can see that you mentioned that Trezor plans to introduce a secure element during 2022. We are now in mid 2023 and it hasn't yet been released. Maybe you can make a quick update to that line and place a different date or use different wording?

Updated to 2023/24.
I am not a fortune teller, and my predictions are based on Trezor posted articles, blogs, and tweets, and I don't know exact release date.

When we are on the subject of Trezor's work on the new SE, as someone who follows that closer than me, is there anything new to report on that? Have they released new release dates or reports on their progress?

I didn't see any official news but I think they are working on new device with new secure element, last thing I saw is them receiving new chips from manufacturers.

[NotATether]

The image in the OP is probken, @dkbit98 maybe you should switch it to Talkimg.

	☵	Name	☵	Open Source	☵	Secure Element	☵	SE Model + Microcontroller	☵	Evaluation Assurance Level	☵
	▮	D'CENT	▮	NO	▮	YES	▮	NXP P60	▮	EAL5+	▮
	▮	Safepal S1	▮	NO	▮	YES	▮	Unknown chip	▮	EAL5+	▮
	▮	CoolWallet S	▮	NO (soon Y)	▮	YES	▮	NXP P5CD081	▮	EAL5+	▮
	▮	CoolWallet Pro	▮	NO (soon Y)	▮	YES	▮	NXP J3R110	▮	EAL6+	▮
	▮	Jubiterwallet	▮	NO	▮	YES	▮	Infineon ?	▮	EAL6+	▮
	▮	Kasse HK-1000	▮	NO	▮	YES	▮	ST31H320 A03	▮	EAL5+	▮
	▮	Keevo	▮	NO	▮	YES	▮	Infineon Optiga Trust-P	▮	EAL5+	▮
	▮	Secux	▮	NO	▮	YES	▮	Infineon CC ?	▮	EAL5+	▮
	▮	Ngrave	▮	N/A	▮	YES	▮	unknown built-in SE + STM32MP157C	▮	EAL7+	▮
	▮	Tangem	▮	NO	▮	YES	▮	Samsung SecureCore microchip ?	▮	EAL6+	▮
	▮	ImKey	▮	NO	▮	YES	▮	Military-grade CC security chip ?	▮	EAL6+	▮
	▮	Wookong	▮	NO	▮	YES	▮	Unknown chip	▮	EAL4+	▮
	▮	Hashwallet	▮	N/A	▮	YES	▮	Infineon SLE78	▮	EAL6+	▮
	▮	Opolo	▮	NO	▮	YES	▮	NXP ? + ARM Cortex M4	▮	EAL6+	▮
	▮	OneKey Classic	▮	YES	▮	YES	▮	HSC32I1	▮	EAL6+*/EAL 4+	▮
	▮	OneKey Mini	▮	YES	▮	YES	▮	ATECC608A	▮	outdated chip	▮
	▮	OneKey Touch	▮	YES	▮	YES	▮	ATECC608A	▮	outdated chip	▮
	▮	HyperMate	▮	YES	▮	YES	▮	Infineon ?	▮	EAL6+	▮
	▮	CoboVault	▮	YES	▮	YES	▮	probably MAX36010-BSN-T	▮	EAL5+	▮
	▮	KeyStone	▮	YES	▮	YES	▮	ARM Cortex-M0	▮	EAL5+	▮
	▮	KeyStone3 (Pro)	▮	YES	▮	YES	▮	ATECC608B + Maxim DS28S60 (+ Maxim MAX32520)	▮	EAL?	▮
	▮	KeyPal	▮	N/A	▮	YES	▮	NXP MCU + ?	▮	N/A	▮
	▮	Satochip/Satodime	▮	YES	▮	YES	▮	NXP J3H145 and NXP J3R110	▮	EAL6+	▮
	▮	Husky HDW20	▮	NO	▮	YES	▮	ATECC608A	▮	outdated chip	▮
	▮	Prokey	▮	YES	▮	NO	▮	N/A + STM32F205VG	▮	N/A	▮
	▮	Cypherock X1	▮	YES	▮	YES	▮	ATECC608A+NXP JCOP3 and ARM Cortex-M	▮	EAL5+ outdated chip 608A	▮
	▮	Hito	▮	YES	▮	YES	▮	nRF5340	▮	N/A	▮

Am I the only one here who's bothered by the fact that there's only one EAL7 on this whole list, and that most of the mainstream hardware wallets either don't have an SE, or low quality one (hence why I chopped out the first few entries)?

It is quite a shame, as HW manufacturers' reputation is built on trust, and I don't see how you're supposed to gather a lot of trust if you only have one hardware wallet released in the last 5 or so years.

[ranochigo]

Am I the only one here who's bothered by the fact that there's only one EAL7 on this whole list, and that most of the mainstream hardware wallets either don't have an SE, or low quality one (hence why I chopped out the first few entries)?

It is quite a shame, as HW manufacturers' reputation is built on trust, and I don't see how you're supposed to gather a lot of trust if you only have one hardware wallet released in the last 5 or so years.

The certification is quite expensive and time consuming. IIRC, EAL4 already costs >$200k (possibly a lot higher) and a year. Going any further than that, it would probably cost more and takes longer. From the business standpoint, it isn't very practical.

I would prefer if HW manufacturers don't release a new HW wallet that often; most are secure enough and it isn't IPhone where obsolesce is a big concern.

[dkbit98]

The image in the OP is probken, @dkbit98 maybe you should switch it to Talkimg.

I know, but I was a bit lazy to replace this and all my other images after imgur incident, even if I know there is nice tool to do everything much faster.
Anyway, image is replace now, but it's nothing special just random chip that is not really important for the context.

Am I the only one here who's bothered by the fact that there's only one EAL7 on this whole list, and that most of the mainstream hardware wallets either don't have an SE, or low quality one (hence why I chopped out the first few entries)?

I don't really care about EAL numbers so much since nobody can verify this for closed source secure elements.
Hardware wallet can have highest possible EAL rating and it can still be total crap.

It is quite a shame, as HW manufacturers' reputation is built on trust, and I don't see how you're supposed to gather a lot of trust if you only have one hardware wallet released in the last 5 or so years.

I can create my own trust rating but it means nothing, similar like difference between EAL7, EAL6 or EAL5.

The certification is quite expensive and time consuming. IIRC, EAL4 already costs >$200k (possibly a lot higher) and a year. Going any further than that, it would probably cost more and takes longer. From the business standpoint, it isn't very practical.

Sounds like a scam to me, all this money just to get some ''certificate'' of security, and there is no guarantee someone wont exploit it, only guarantee is signed NDA aka silence.

[dkbit98]

Interesting news coming up in world of secure elements in hardware wallets.
Trezor was announced for some time they are working in their own secure element, but this product is not production ready yet, so they came up with second best solution.

With new Trezor Safe 3 hardware wallet they introduced open source secure element Infineon OPTIGA Trust M!

 

Infenion is German based chip manufacturer and company was created back in 1999, so they have 24 long history in making microchips and security products.
For me it's important to say that company is based in Europe so it should be easier and faster for Trezor to buy all secure elements they need.

Infineon OPTIGA Trust M has open source code that can be verified on github and it has MIT license:
https://github.com/Infineon/optiga-trust-m

As stated on their website, use cases for this secure elements are  mutual authentication, secured communication, secured updates, key provisioning, life-cycle management, data store protection, power management,platform integrity protection, secured zero-touch provisioning.
Official website is showing more information and details about this product, and it is confirmed to be CC EAL6+ certified security controller :
https://www.infineon.com/cms/en/product/security-smart-card-solutions/optiga-embedded-security-solutions/optiga-trust/optiga-trust-m-sls32aia/

Some other hardware wallet manufacturers previously used secure elements made by Infineon, but none of them used this exact model Infineon OPTIGA Trust M, but please correct me if I am wrong.
Jubiterwallet, HyperMate and Secux all use unknown Infineon chips, Keevo wallet used Infineon Optiga Trust-P, Hashwallet uses Infineon SLE78.

Overall I am happy with changes that Trezor made, and I am still waiting to see their own secure element, but sadly this will have to wait until 2025 or 2026 

[satscraper]

~

Do you anticipate that a secure element from a company that has never been involved in chip development( I mean  SatoshiLabs) could outperform OPTIGA Trust M developed by Infineon, a company with nearly a quarter-century history in this business?

In my opinion, it would likely require a few years of extensive field testing before Tropic Square, their long-awaited product, gains the trust of the cryptocommunity.

[dkbit98]

Do you anticipate that a secure element from a company that has never been involved in chip development( I mean  SatoshiLabs) could outperform OPTIGA Trust M developed by Infineon, a company with nearly a quarter-century history in this business?

I am not a prophet to know the future.
Satoshi Labs exists for TEN long years, and they are specifically dedicated to hardware wallets and Bitcoin development, so YES I think they can outperform it for use case of cryptocurrency devices.
They will control everything about new Tropic Square chips with direct partnership with manufacturer, so it should work better for hardware wallets.

[satscraper]

Not for the purpose to  dissuade you from your opinion but to tell you that not all is unambivalent in the project engineering involved into design of Tropic Square   I will cite Zach Herbert, the founder of Foundationdevices, known for their Passport HW, on this matter:

[rondolfo]

Ledger has just changed its website stating that LNS PLUS models are EAL6+ certified

[dkbit98]

Ledger has just changed its website stating that LNS PLUS models are EAL6+ certified

This is only for Ledger Nano S Plus and for Ledger Stax, but it means nothing to you or me.
If they changed EAL certification that usually means they made some changes with secure elements, but I didn't see any news about that.

[rondolfo]

We are from KriptoBR Official Reseller of Ledger, Trezor, SecuX and BitBox in Brazil.

We received the email from Ledger notifying us, that's why I informed them here, I asked if the chip had been changed and no, they confirmed that there hadn't been, it was just the update.

They even changed the website where EAL6+ already appears

[dkbit98]

We are from KriptoBR Official Reseller of Ledger, Trezor, SecuX and BitBox in Brazil.

We received the email from Ledger notifying us, that's why I informed them here, I asked if the chip had been changed and no, they confirmed that there hadn't been, it was just the update.

So basically nothing really changed in their hardware, but they decided to change and increase EAL certification just because they can do it and for them it sounds better like this
I will update information in table, but like I said before, nobody cares about this, especially not for ledger wallets, they already destroyed any leftover reputation they had.

[dkbit98]

I made a small update in the list and changed Jade wallet secure element from NO to Virtual.
Reason for this is because this is different approach from all other hardware wallets that don't have any physical secure element by default, and as far as I know nobody uses anything similar like Jade.
This approach is not the same like regular secure elements available in market today, but it manages to keep everything reasonably safe and fully open source.

You can find more information about Jade Virtual secure element and watch few minutes long video explanation on their website:
https://help.blockstream.com/hc/en-us/articles/13745404122265-Does-Blockstream-Jade-have-a-secure-element-

[dkbit98]

This list is now cleaned up and updated with new information.
I removed few devices that are not available anymore, and I identified secure element for Imkey hardware wallet as they released this inpublic.
Imkey Pro is using SLE 78CLUFX5000PH chip made by Infineon and it has CC EAL6 certification.


https://imkey.im/

Other hardware wallet manufacturers (Trezor, SecuX, HyperMate, Hashwallet, Keevo, Jubiterwallet) are using secure elements made by Infineon, but this exact model SLE 78CLUFX5000PH is used only for Imkey Pro.
If you notice any mistakes or if you have additional information about secure elements please post it here.

[apustaja]

Very helpful post!
Should Trezor safe 3 with Infineon OPTIGA Trust M be EAL6+? The table shows it's N/A.

[Pmalek]

Should Trezor safe 3 with Infineon OPTIGA Trust M be EAL6+? The table shows it's N/A.

It probably should. According to the chip specifications here, it shows the certification type as EAL6+. More precisely, "CC EAL6+ high for HW." That description is for model SLS32AIA.

@dkbit98
You might probably find the missing certification types for some of the chips by googling the model followed by 'EAL', then just search and see if it says EAL5, EAL6, or something else.