In typical HW wallet implementation the crypto microcontroller, that handles private key and signing is connected directly to the external communication interface.bitcoin hardware wallet
Thus it is prone to attacks from it’s input-output pins and dedicated interfaces (uart, usb, etc.).
If a remote attacker was able to change the code on the microcontroller flash, only a single successful attack is needed.
Afterwards the infected microcontroller can leak private keys, attack any device it is connected to (see recent usb vulnerability) and more without the user knowing it.
There are many companies specializing in reverse engineering and backdoor access to microcontrollers.
Some wallets use smartcard devices with proprietary hardware and software to gain protection by obscurity.
The problem with this approach is that there could be undocumented flaws in the hardware and/or software of the device, ready for exploit by a determined party.
These devices were designed by humans and can not be tested by a community for security.
HW firewall on FPGA enables complete decoupling between the communication messages wallet-external application and the wallet crypto code.
There is no software or ability to change the FPGA code when running. So the code for the internal MCU can be upgraded and multiple external non-secure interfaces can be used without breaching the security.
FPGA chip sits in-between and makes sure only “legal” data goes through. Any suspicious data is stopped before it reaches the crypto microcontroller.
Moreover, microcontroller vulnerabilities are rendered unusable without the ability to inject malicious data on the microcontroller pins.
Q2: How can the end user trust the bitstream we provide with the FPGA?
Bitstream is stored in the dedicated flash memory, that is connected only to the crypto microcontroller and special configuration pins on FPGA.
Bitstream is loaded automatically from the flash memory to the FPGA on power-on.
Our consumer product has a physical protection, so that an attempt to connect directly to the on-board chips will result in physical damage to the product.
Our development kit enables reprogramming FPGA by a JTAG interface.
Additionally, FPGA flash can be reprogrammed by the crypto MCU safely from SD card.
The user can always compile firewall open source code on a trusted PC and load it by the SD card.
We will provide detailed how-to guide for all options, so that the user will not have to trust us.
Q3: How can the user trust the bitstream in our product without compiling the source code?
User can request from the crypto microcontroller to read the bitstream from the configuration flash, calculate hash and display it on the embedded screen.
User can write down the hash and compare it to the previous results or to the published value on our site.
We will publish the settings for the FPGA code generator tool in order to enable advanced users to recompile the bitstream and check our hash.
Q4: How can I trust FPGA code generator tool to create exact implementation of the high-level code?
FPGA code is a description of the actual silicon connections of the application circuit with final number of circuit states and final number of inputs and outputs. These connections are constant and defined by the bitstream. The developer can verify circuit behaviour by injecting all possible inputs combinations and recording all outputs. Our source code is a human readable reference for the circuit behaviour.