Charles Guillemet Profile picture
CTO at @ledger. Busy securing the blockchain revolution. Cryptography, (Hw) Security, Tech, Blockchain. Previously built the Donjon (@DonjonLedger)
Mar 12 10 tweets 3 min read
At @Ledger, you might know that we have the @DonjonLedger, our dedicated team constantly conducting open security research.

We recently worked with Trezor, revealing that their Trezor Safe 3 was susceptible to physical supply chain attacks. Here's a thread on our findings:🧵 Image Our Ledger Donjon security research revealed that if a Trezor Safe3 device was stolen, an attacker could theoretically tamper with the device and modify the software running on it, endangering its user’s funds, even if this device uses a Secure Element.
Feb 25 9 tweets 3 min read
For me, the biggest takeaway from the ByBit hack is this: Corporations and financial institutions must use enterprise-grade custody solutions

Storing $1.4B in a Safe{Wallet} free smart contract with a group of signers designed for retail users should be a relic of the past🧵 That said, I’ve been asked multiple times why Safe transactions aren’t Clear-Signed on Ledgers.
First, Clear Signing means displaying all relevant transaction details on the device, so the user fully understands what they’re signing. What you see is what you sign. When sending or receiving ETH, this works seamlessly across all Ledger devices.
Dec 10, 2024 10 tweets 5 min read
Did Google Create a Quantum Computer That Breaks Blockchain Security?

TL;DR: No. While the research results are impressive, we're still far from breaking modern cryptography.

A thread. 🧵

blog.google/technology/res… In cryptography, there are three main families of algorithms:

- Hashes: One-way functions crucial for integrity. Blockchain security heavily depends on these.
- Encryption: Functions ensuring confidentiality. Most blockchains rarely use these.
- Signatures: Functions ensuring authentication and non-repudiation. These are critical for proving ownership of coins and validating blocks in PoS systems. These primitives rely on asymmetric cryptography, which is also used for encryption and key agreement.

If either hash functions or digital signatures were compromised, blockchain security, and much of our digital infrastructure, would collapse.
Sep 12, 2024 9 tweets 2 min read
Have you heard about the wBTC drama?

(If you don’t like drama, just hodl your Bitcoin in your ledger, and you’ll be fine)
Everything unfolded in less than a month. Below are the key milestones of the story 👇 08-10: Makerdao kind of delisted WBTC - (closed all new WBTC debts) [1/n]forum.makerdao.com/t/wbtc-changes…
May 23, 2023 11 tweets 2 min read
Ledger’s mission is, and will always be, to provide our users with the right tools to own their digital value securely.

We have decided to accelerate our open-sourcing roadmap to bring more verifiability to everything we do.

A thread 🧵 Image As you might know, your Ledger devices use a smartcard chip (a Secure Element), implementing tons of hardware countermeasures enabling resistance against high potential attackers even with physical access.
May 18, 2023 29 tweets 5 min read
1/
I’ve read several misconceptions about how a wallet works. It seems some people thought there is some magic, let me explain how it works.

A thread 👇 2/ A hardware wallet is mostly used as a signing device.

Your private keys are central to everything, and hardware + firmware work hand in hand to protect it.

Let’s review some fundamental cryptography about all hardware wallets, not just Ledgers.
May 16, 2023 17 tweets 3 min read
Ledger Recover is our upcoming and optional service for users who want a secure backup of their Secret Recovery Phrase. Do you want to learn more about the onboarding process and specificities?

A thread 🧵 Let’s first clarify something key: Ledger Recover is a service that you can choose if you want to use it. There is no auto opt-in with firmware updates.
Sep 17, 2021 9 tweets 4 min read
Fun fact about Taproot:

Taproot is a #bitcoin upgrade which will occur at block #709632, ie. in Nov 2021

It brings several new innovations and features but one of them is especially interesting: Schnorr Signatures.

Let me tell you the brief history of asymetric cryptography 🧵 Asymmetric cryptography is a process that uses a pair of keys: public / private key.

Its most interesting application is *Digital signature*. It's a process where you can prove you know your private key without revealing it while anyone with your public key can verify your proof
Dec 15, 2020 8 tweets 3 min read
On the threat model of @Ledger Nano and its ETH app when using DeFi.

Thread
[1/n] Image Ledger Nano devices threat model is quite simple and could be summarized as follows:

1. Confidentiality of keys
2. Secure use with user consent
3. Genuineness check
4. Users' privacy

[2/n]
donjon.ledger.com/threat-model/
Nov 12, 2020 10 tweets 4 min read
Thread #PLATYPUS

PLATYPUS is a novel side-channel attack targeting Intel x86 CPU (including AES-NI, SGX).
> platypusattack.com

I'm not surprised that we discover new attacks on Intel CPU, while I'm very surprised this attack has just been discovered now.

(1/n) PLATYPUS is a Side Channel Attack allowing to _remotely_ extract secrets from Intel CPU incl. SGX enclave and AES-NI.
It uses the unprivileged access to RAPL (Running Average Power Limit) interface to get an internal measurement of the power consumption of the chip.

(2/n)
May 29, 2020 10 tweets 3 min read
I've read several misconceptions about Common Criteria certifications. Typically:
- "Components producers pay for certification"
- "Certifications test only against a known set of predefined scenarios"
- "Certifications are not a replacement for independant review"

Thread👇 (2/n)
In a Common Criteria Certification process (for a circuit). There are 4 actors:
1. The sponsor (SP)
2. The chip manufacturer (CM)
3. The 3rd party evaluation lab (lab)
4. The Certification body (CB)