Side Channel Attack

A side-channel attack is a type of attack that targets the physical implementation of a cryptographic system, such as a hardware wallet, rather than the underlying mathematical algorithms. The attack works by exploiting information that is leaked by the device through side-channels (SCA), such as power consumption, electromagnetic radiation, or timing information.

Side-channel attacks can be used to extract sensitive information, such as cryptographic keys or other secret data, from the device, even if the device itself is otherwise secure. These attacks are often difficult to detect and can be performed with relatively simple equipment, such as power analysis tools or oscilloscopes.

There are multiple layers of protection that Cypherock employs when it comes to protecting against side-channel attacks:

  1. Wallet PIN verification is SCA protected as it is done inside the X1 card environment which is EAL 6+ certified. There is no PIN verification on the device.

  2. X1 Vault stores only 1/5 Shamir's secret share, which is optionally encrypted with the wallet PIN if the user has set a PIN.

  3. X1 Card data (including wallet's Shamir's secret share) from the X1 card is always padded with random IV generated on the card itself, and is encrypted by the pairing key, therefore, adversaries cannot reverse engineer any communication between the X1 Vault and the X1 card.

  4. The private key is regenerated on the device only when a transaction is being done. The private key is wiped out from the local buffers as soon as it is no longer needed that is immediately once the transactions are signed. They are in temporary memory for a very brief period of time.

  5. Time-invariant implementation of memory comparison software logic in the X1 Vault bootloader prevents any SCA vulnerabilities during the firmware boot.

Last updated