Paper 2019/401

Side-Channel assessment of Open Source Hardware Wallets

Manuel San Pedro, Victor Servant, and Charles Guillemet

Abstract

Side-channel attacks rely on the fact that the physical behavior of a device depends on the data it manipulates. We show in this paper how to use this class of attacks to break the security of some cryptocurrencies hardware wallets when the attacker is given physical access to them. We mounted two profiled side-channel attacks: the first one extracts the user PIN used through the verification function, and the second one extracts the private signing key from the ECDSA scalar multiplication using a single signature. The results of our study were responsibly disclosed to the manufacturer who patched the PIN vulnerability through a firmware upgrade.

Metadata
Available format(s)
PDF
Category
Implementation
Publication info
Preprint.
Contact author(s)
manuel sanpedro @ ledger fr
History
2019-04-22: received
Short URL
https://ia.cr/2019/401
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2019/401,
      author = {Manuel San Pedro and Victor Servant and Charles Guillemet},
      title = {Side-Channel assessment of Open Source Hardware Wallets},
      howpublished = {Cryptology {ePrint} Archive, Paper 2019/401},
      year = {2019},
      url = {https://eprint.iacr.org/2019/401}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.