Risks & Challenges

While the Open Source Secure Element (OSSE) project has a well-defined roadmap and leverages proven technologies like the OpenTitan framework, several risks and challenges could arise during implementation and in achieving the desired impacts. Below are the critical risks and mitigation strategies:

1. Technical Challenges

Risk: The OpenTitan framework, while robust, may present unforeseen technical difficulties in adapting its silicon root of trust (RoT) features to the unique requirements of a hardware wallet. Porting wallet firmware to the RISC-V architecture and integrating advanced features like EIP-712 may require additional time and resources.

Mitigation:

  • Collaborate closely with (Redacted*), leveraging their expertise in cryptographic hardware design to address technical challenges.
  • Adopt an iterative development approach to identify and resolve issues early in the development cycle.

2. Hardware Component Availability

Risk: Delays in the availability of OpenTitan-based chipsets or other critical hardware components could impact project timelines.

Mitigation:

  • Use the CW340 Luna FPGA board as an interim platform to prototype key functionalities while waiting for production-grade chipsets.
  • Explore alternative components to maintain progress if significant delays occur.

3. Supply Chain Documentation Complexity

Risk: Implementing a blockchain-based system for supply chain transparency could prove challenging, particularly in integrating data from multiple manufacturers and verifying its accuracy.

Mitigation:

  • Partner with experienced supply chain and blockchain professionals to design a scalable and reliable system.
  • Conduct pilot tests with selected components to refine the process before full-scale implementation.

4. Security Risks

Risk: Hardware and firmware may be exposed to novel attack vectors during or after development, compromising the wallet’s security.

Mitigation:

  • Conduct thorough security testing and independent audits of both hardware and software.
  • Build defenses against known attack vectors, such as side-channel attacks, and continuously monitor for emerging threats.

5. Community Adoption and Collaboration

Risk: Limited community engagement or reluctance from related projects (e.g., Firefly wallet) to collaborate could hinder ecosystem integration and reduce impact.

Mitigation:

  • Actively engage with the Ethereum developer community and other open-source projects, sharing progress and soliciting feedback throughout development.
  • Offer incentives, such as early access to tools and documentation, to encourage collaboration.

6. Market and Insurance Challenges

Risk: Insuring non-custodial wallets is a relatively new concept, and unexpected regulatory or operational hurdles could arise. The market demand for the wallet may not materialize as anticipated, affecting adoption rates.

Mitigation:

  • Work closely with ver.de AG to design an insurance model that complies with regulations and meets user needs.
  • Conduct user research to ensure the wallet’s design and features align with market demand, adjusting the project scope if necessary.

7. Financial and Resource Constraints

Risk: Unforeseen expenses or delays could exceed the allocated budget or strain available resources.

Mitigation:

  • Implement rigorous project management and cost control measures.
  • Explore additional funding sources or partnerships if needed to maintain momentum.

Conclusion

While these risks are significant, they are manageable through proactive planning, strong partnerships, and iterative development. By addressing these challenges effectively, the project will achieve its goal of delivering a secure, insurable, and transparent hardware wallet to the Ethereum ecosystem.

*) The name of the leading german security research facility will be revealed when the project is funded.

Back to top

Copyright © 2023 Etherisc GmbH. Distributed under an open source license.