Advanced Use Cases for OSSE

IMPORTANT DISCLAIMER: The Open Source Secure Element (OSSE) project is currently in the planning phase. No working software or hardware is available at this time. The information provided in this documentation is preliminary and subject to significant changes as the project develops.

While the Open Source Secure Element (OSSE) is primarily designed as a foundation for hardware wallets, its open architecture and security features enable a wide range of applications beyond cryptocurrency storage. This page explores some of these potential use cases.

Complete Knowledge Proofs

The OSSE can serve as a secure platform for implementing “complete knowledge proofs” as described in the research paper by V. Buterin, K. Babel et al..

What are Complete Knowledge Proofs?

The paper cited above introduces the concept of Complete Knowledge (CK), addressing scenarios where a prover must demonstrate unencumbered access to a secret, such as a private key. Traditional proofs of knowledge confirm that a prover possesses a secret but don’t guarantee the prover’s unrestricted ability to use it. This distinction is crucial because mechanisms like Trusted Execution Environments (TEEs) or Secure Multi-Party Computation (MPC) can encumber a secret, allowing its use only under certain conditions or approvals.​

Why is this important in many blockchain applications?

Proving Complete Knowledge of a Private Key:

In blockchain systems, ownership and control over assets are authenticated through private keys. To prove complete knowledge of a private key, a prover must demonstrate not only possession but also the capability to use the key without restrictions. Kelkar et al. propose practical schemes utilizing special-purpose hardware, such as TEEs and off-the-shelf mining ASICs, to achieve this. These schemes ensure that the prover can perform any cryptographic operation with the private key, thereby proving unencumbered access.​

Importance in Blockchain Security:

In blockchain ecosystems, the security model hinges on the assumption that only the legitimate owner has access to their private key, ensuring sole control over the associated assets. If a private key is encumbered—meaning its use is restricted or conditional—this foundational security assumption is undermined. For instance, an encumbered key could be misused to enforce unwanted transactions or could be sold, leading to unauthorized control over assets. Therefore, proving complete knowledge of a private key is essential to maintain the integrity and trustworthiness of blockchain transactions.​

Mitigating Risks with Secure Elements:

  • Secure elements are tamper-resistant hardware components designed to securely store cryptographic keys and execute sensitive operations. By storing private keys within a secure element, the risk of encumbrance is mitigated.

  • Physical Security: Secure elements are resistant to physical tampering and side-channel attacks, ensuring that private keys cannot be extracted or misused by unauthorized entities. ​

  • Controlled Execution Environment: They provide a controlled environment where cryptographic operations can be executed securely, preventing unauthorized applications or users from imposing restrictions on key usage.​

  • By integrating secure elements, blockchain systems can ensure that private keys remain unencumbered, preserving the core security assumptions and preventing potential vulnerabilities associated with key encumbrance.​

Implementation with OSSE

The OSSE provides several features that make it ideal for implementing CKPs:

  1. Secure Execution Environment: The isolated secure element ensures that sensitive computations remain protected from external observation.

  2. Hardware-backed Cryptography: The cryptographic accelerators enable efficient implementation of the complex operations required for CKPs.

  3. Attestation Capabilities: The OSSE can provide hardware attestation to verify the integrity of the execution environment.

  4. Tamper Resistance: Physical security features protect against side-channel attacks that could compromise the proof system.

Potential Applications

  • Secure Auditing: Proving complete knowledge of a dataset without revealing sensitive details.
  • Regulatory Compliance: Demonstrating compliance with regulations without exposing private information.
  • Secure Multi-party Computation: Ensuring all parties have complete knowledge of required inputs.

Secure Authentication Systems

The OSSE can serve as a foundation for advanced authentication systems:

  • FIDO2/WebAuthn: Implementation of passwordless authentication standards.
  • Multi-factor Authentication: Hardware-backed security tokens.
  • Biometric Template Protection: Secure storage and processing of biometric templates.

Secure IoT Applications

The OSSE’s small form factor and security features make it suitable for IoT security:

  • Device Identity: Providing strong device identity and authentication.
  • Secure Firmware Updates: Verifying and securely applying firmware updates.
  • Secure Telemetry: Ensuring data integrity and confidentiality for IoT sensors.

Secure Enclaves for AI/ML

The OSSE can provide secure execution environments for sensitive AI/ML operations:

  • Model Protection: Securing proprietary machine learning models.
  • Private Inference: Performing inference on sensitive data without exposing the data.
  • Federated Learning: Secure aggregation of model updates.

Decentralized Identity Solutions

Beyond cryptocurrency wallets, the OSSE can support broader decentralized identity applications:

  • Self-sovereign Identity: Secure storage and management of decentralized identifiers (DIDs).
  • Verifiable Credentials: Secure issuance and presentation of verifiable credentials.
  • Selective Disclosure: Privacy-preserving disclosure of identity attributes.

Secure Supply Chain Tracking

The OSSE can enhance supply chain security:

  • Product Authentication: Verifying the authenticity of products.
  • Secure Tracking: Tamper-evident logging of supply chain events.
  • Counterfeit Prevention: Cryptographic proof of product origin.

Future Research Directions

The open nature of the OSSE platform encourages exploration of novel security applications:

  • Post-quantum Cryptography: Implementing and testing post-quantum algorithms.
  • Threshold Cryptography: Distributing trust across multiple secure elements.
  • Formal Verification: Developing formally verified security protocols.

We welcome contributions and ideas for additional use cases that leverage the OSSE’s capabilities. Please refer to our contribution guidelines if you’re interested in collaborating on these or other applications.

Back to top

Copyright © 2023 Etherisc GmbH. Distributed under an open source license.