Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Hardware wallets
Merits 5 from 4 users
Topic OP
Bitcoin Threat Model - State Actors and HW Security - Chip Supply Chain Attacks
by
BobbysTransactions
on 09/10/2024, 08:47:53 UTC
⭐ Merited by Pmalek (2) ,ABCbits (1) ,Cricktor (1) ,JayJuanGee (1)
Hello.

Should the Bitcoin threat model include plausible attacks by state actors?  In my opinion, if Bitcoin is to be a genuine rival to the existing monetary system, it should.

How would a state actor attack Bitcoin? There are many possibilities, but I think that a full-frontal assault would be highly unlikely. Overt offensive measures by state actors would be open to public scrutiny, detected quickly, and more easily mitigated via countermeasures. A more subtle and cunning approach, in secret, with aims to subvert rather than fully destroy would have a higher chance of success. The most obvious strategy is to target the least decentralised aspect of the Bitcoin security chain: the hardware wallets. Based on the post below, it’s clear that less than a dozen manufacturers make the chips required to generate private keys, store private keys, and sign transactions, that are used in commercially available HW wallets.

https://bitcointalk.org/index.php?topic=5304483.0

Manufacturers Represented:
1.   Infineon (OPTIGA Trust M, SLE 78, SLE 97, SLE78, etc.)
2.   NXP (P60, P5CD081, J3R110, J3H145, etc.)
3.   STMicroelectronics (ST31H320, ST33J2M0, ST33K1M5C, etc.)
4.   Maxim Integrated (DS28C36B, DS28S60)
5.   Microchip Technology (ATECC608A, ATECC608B)
6.   Samsung (SecureCore microchip)
7.   THD (THD89)
8.   TMC (appears as THD89, possibly another brand from the same category)
9.   HSC (HSC32I1)
10.   ARM (often associated with Cortex series, used alongside NXP and Maxim chips)

Ten or so manufacturers represents a highly centralised chain link in the Bitcoin monetary system.

An orbital issue is the notion of open source in regard to microprocessor chips. To me, talk about “open source” firmware for use with secure elements (or any chip for that matter) is meaningless and nonsensical; the hardware itself is not open source and covert hardware backdoors can be implemented by a few select employees at a chip foundry. What is the point of open source firmware if there is no way of verifying what functions are built into the chip during the processes of photolithography, etching, and deposition?

It’s interesting to me that in his video linked below, aantonop basically says “trust the experts” and that “if a chip was found to have a backdoor then this would be detected quickly”. I find these statements problematic; the secret intelligence services are more than capable of keeping secrets secret when they want to. It seems very naïve to assume that the hardware of a few secure element manufacturers has not been compromised because there is no public knowledge of any successful infiltration.
https://www.youtube.com/watch?v=cONG2ZNjJ0c&t=157s

How can we defend against these threats? Air gapped wallets are certainly an improvement to those that directly connect via USB, but my understanding is that without subliminal-free channels for signing transactions, we can’t say that supply chain attacks by a state actors, via chips used within air-gapped wallets, is highly unlikely.

https://bitslog.com/2014/06/09/deterministic-signatures-subliminal-channels-and-hardware-wallets/

Thoughts?