Implementation Details

This page outlines the specific implementation details for the Open Source Secure Element (OSSE) project, focusing on the technical aspects of the hardware wallet development.

Hardware Implementation

Secure Element Design

The secure element will be implemented using the OpenTitan framework, which provides:

  • A fully open-source design for secure microcontrollers
  • Cryptographic acceleration for common algorithms
  • Secure boot capabilities
  • Memory protection and isolation features
  • Tamper resistance mechanisms

The initial implementation will use the ChipWhisperer CW340 FPGA board to prototype the secure element functionality before moving to a custom hardware design.

Physical Components

The hardware wallet will include:

  • Main Processor: RISC-V based processor (Ibex core from OpenTitan)
  • Secure Storage: For encrypted key storage
  • Display: OLED or LCD display for showing transaction details
  • Input Buttons: For user interaction and transaction approval
  • USB Interface: For connectivity with host devices
  • Power Management: For efficient battery usage and power protection

Software Implementation

Firmware Architecture

The firmware will be structured in layers:

  1. Hardware Abstraction Layer: Interfaces directly with the hardware
  2. Cryptographic Services: Implements cryptographic operations
  3. Wallet Core: Manages keys and transactions
  4. User Interface: Handles display and user input
  5. Communication Protocol: Manages external communications

Key Management

The wallet will implement secure key management:

  • Key Generation: Using hardware random number generation
  • Key Derivation: Following BIP-32/BIP-39/BIP-44 standards
  • Key Storage: Encrypted storage with hardware protection
  • Key Usage: Secure signing operations without exposing private keys

Transaction Signing

The wallet will support:

  • EIP-712 Structured Data Signing: For clear transaction representation
  • Transaction Parsing: To display human-readable transaction details
  • Approval Mechanism: Requiring explicit user confirmation
  • Multiple Signature Schemes: Supporting various cryptographic algorithms

Security Implementation

Hardware Security Measures

  • Side-Channel Attack Protection: Implementing countermeasures against power analysis and electromagnetic analysis
  • Physical Tamper Resistance: Designing the hardware to resist physical tampering
  • Secure Element Isolation: Ensuring the secure element is isolated from other components

Software Security Measures

  • Secure Boot Chain: Verifying firmware integrity at startup
  • Memory Protection: Preventing unauthorized access to sensitive memory regions
  • Input Validation: Thoroughly validating all inputs to prevent attacks
  • Secure Update Mechanism: Allowing secure firmware updates while preventing downgrade attacks

Supply Chain Documentation

The project will implement a blockchain-based supply chain documentation system:

  • Component Tracking: Recording the origin and manufacturing details of critical components
  • Assembly Verification: Documenting the assembly process
  • Tamper Evidence: Providing evidence of any tampering attempts
  • Ownership Transfer: Tracking the chain of custody from manufacturing to end-user

Insurability Features

To enable insurance for the non-custodial wallet, the implementation will include:

  • Address Whitelisting/Blacklisting: Allowing users to restrict transactions to approved addresses
  • Transaction Limits: Setting limits on transaction amounts
  • Multi-Signature Support: Requiring multiple approvals for high-value transactions
  • Social Recovery: Implementing secure recovery mechanisms for lost devices
  • Audit Logging: Maintaining secure logs of wallet activities for insurance claims

These implementation details will evolve as the project progresses, with updates and refinements based on testing, security audits, and community feedback.

Back to top

Copyright © 2023 Etherisc GmbH. Distributed under an open source license.