Hardware Wallets – Are smart cards nothing more than unupdatable, inaccessible, and tamper-evident software?
That said, everything can be implemented on a (Turing-complete) CPU, so other than speeding up signing and decryption, how does it matter whether the secure element supports Bitcoin’s cryptographic primitives?
First, I think this is a bit of a misunderstanding. It is important to be able to perform ECC tasks efficiently, which is why a theoretical Secure Element (SE) with these capabilities must be efficient. But the point of them is not to compete with the efficiency of desktop processors, but to have verifiable, accurate, discrete processors that are efficient enough to get the job done on small devices.
Would a device with a regular CPU, whose software cannot be changed (without losing secrets) and can protect against physical attacks, already be a “dream hardware wallet” without supporting key export in any case?
I’m not sure smart cards fit this description perfectly. Smart cards store information and require physical interaction to reveal secrets, but as you suggest, they are not made for regular CPU processing.
I’m certainly not an expert on this topic, but from what I’ve researched, the reason smart cards (SCs) are less secure than SEs is because private key operations cannot be secured in SCs. Use only to store personal data. Using a SE with the secp256k1 feature (which ATM does not appear to have) it is possible to perform completely air-gapped signing on a potentially vulnerable or already exploited personal computer system or local computer network. There are personal tasks that do not involve secp256k1 that can be performed on SE, but with SC they must be performed on personal computer systems, which increases the attack surface.
For example, Ledger claims to use SE to generate private keys.
Secure element chips protect the ledger from attacks. Secure Elements are highly advanced chips that mitigate many types of attacks. These cutting-edge chips used in high-level security solutions differentiate Ledger as a top-of-the-line security solution for cryptocurrency assets. All our devices use Secure Element to significantly increase security. Ledger uses it to generate and store private keys for your crypto assets.
https://www.ledger.com/academy/security/the-secure-element-whistanding-security-attacks#secure-element-prepared-for-anything
In light of recent press releases, we do not recommend using ledgers, but this is an example of how SE can be used.
Blockstream Jade adopts a different security model that is not based on SE.
Instead of a secure element, Blockstream Jade uses a unique security model that protects against physical attacks and can act as a “virtual” to achieve similar (if not better) security from these potential threats, while remaining completely open source. Security element.
The blind oracle model used by Jade is completely open source and a truly blind model. It doesn’t know anything about your Jade wallet data and it doesn’t know your actual PIN. Users can use Blockstream’s blind oracles to protect their wallets, or they can run their own.
https://help.blockstream.com/hc/en-us/articles/13745404122265-Does-Blockstream-Jade-have-a-secure-element-
From what I can guess, SE may be useful for certain private tasks such as key generation, but it doesn’t completely close the attack surface. SC is a more open attack surface because it cannot perform private tasks and therefore delegates private tasks to any computer system it connects to. The open source blind oracle model can be an effective way to reduce the attack surface when using SC or hardware with a similar security model that Jade may fall into. However, since all SEs to date are closed source, implementing blind oracles to secure private key operations in SE-based wallets may not yet be a viable option.
