Cryptology ePrint Archive: Report 2019/401

Side-Channel assessment of Open Source Hardware Wallets

Manuel San Pedro and Victor Servant and Charles Guillemet

Abstract: Side-channel attacks rely on the fact that the physical behavior of a device depends on the data it manipulates. We show in this paper how to use this class of attacks to break the security of some cryptocurrencies hardware wallets when the attacker is given physical access to them. We mounted two profiled side-channel attacks: the first one extracts the user PIN used through the verification function, and the second one extracts the private signing key from the ECDSA scalar multiplication using a single signature. The results of our study were responsibly disclosed to the manufacturer who patched the PIN vulnerability through a firmware upgrade.

Category / Keywords: implementation /

Date: received 16 Apr 2019

Contact author: manuel sanpedro at ledger fr

Available format(s): PDF | BibTeX Citation

Version: 20190422:183649 (All versions of this report)

Short URL: ia.cr/2019/401


[ Cryptology ePrint archive ]