At @Ledger, you might know that we have the @DonjonLedger, our dedicated team constantly conducting open security research.

We recently worked with Trezor, revealing that their Trezor Safe 3 was susceptible to physical supply chain attacks. Here's a thread on our findings:🧵 Our Ledger Donjon security research revealed that if a Trezor Safe3 device was stolen, an attacker could theoretically tamper with the device and modify the software running on it, endangering its user’s funds, even if this device uses a Secure Element.

For me, the biggest takeaway from the ByBit hack is this: Corporations and financial institutions must use enterprise-grade custody solutions

Storing $1.4B in a Safe{Wallet} free smart contract with a group of signers designed for retail users should be a relic of the past🧵 That said, I’ve been asked multiple times why Safe transactions aren’t Clear-Signed on Ledgers.
First, Clear Signing means displaying all relevant transaction details on the device, so the user fully understands what they’re signing. What you see is what you sign. When sending or receiving ETH, this works seamlessly across all Ledger devices.

Did Google Create a Quantum Computer That Breaks Blockchain Security?

TL;DR: No. While the research results are impressive, we're still far from breaking modern cryptography.

A thread. 🧵

blog.google/technology/res… In cryptography, there are three main families of algorithms:

- Hashes: One-way functions crucial for integrity. Blockchain security heavily depends on these.
- Encryption: Functions ensuring confidentiality. Most blockchains rarely use these.
- Signatures: Functions ensuring authentication and non-repudiation. These are critical for proving ownership of coins and validating blocks in PoS systems. These primitives rely on asymmetric cryptography, which is also used for encryption and key agreement.

If either hash functions or digital signatures were compromised, blockchain security, and much of our digital infrastructure, would collapse.

Have you heard about the wBTC drama?

(If you don’t like drama, just hodl your Bitcoin in your ledger, and you’ll be fine)
Everything unfolded in less than a month. Below are the key milestones of the story 👇 08-10: Makerdao kind of delisted WBTC - (closed all new WBTC debts) [1/n]forum.makerdao.com/t/wbtc-changes…

Ledger’s mission is, and will always be, to provide our users with the right tools to own their digital value securely.

We have decided to accelerate our open-sourcing roadmap to bring more verifiability to everything we do.

A thread 🧵 As you might know, your Ledger devices use a smartcard chip (a Secure Element), implementing tons of hardware countermeasures enabling resistance against high potential attackers even with physical access.

1/
I’ve read several misconceptions about how a wallet works. It seems some people thought there is some magic, let me explain how it works.

A thread 👇 2/ A hardware wallet is mostly used as a signing device.

Your private keys are central to everything, and hardware + firmware work hand in hand to protect it.

Let’s review some fundamental cryptography about all hardware wallets, not just Ledgers.

Ledger Recover is our upcoming and optional service for users who want a secure backup of their Secret Recovery Phrase. Do you want to learn more about the onboarding process and specificities?

A thread 🧵 Let’s first clarify something key: Ledger Recover is a service that you can choose if you want to use it. There is no auto opt-in with firmware updates.

Fun fact about Taproot:

Taproot is a #bitcoin upgrade which will occur at block #709632, ie. in Nov 2021

It brings several new innovations and features but one of them is especially interesting: Schnorr Signatures.

Let me tell you the brief history of asymetric cryptography 🧵 Asymmetric cryptography is a process that uses a pair of keys: public / private key.

Its most interesting application is *Digital signature*. It's a process where you can prove you know your private key without revealing it while anyone with your public key can verify your proof

On the threat model of @Ledger Nano and its ETH app when using DeFi.

Thread
[1/n] Ledger Nano devices threat model is quite simple and could be summarized as follows:

1. Confidentiality of keys
2. Secure use with user consent
3. Genuineness check
4. Users' privacy

[2/n]
donjon.ledger.com/threat-model/

Thread #PLATYPUS

PLATYPUS is a novel side-channel attack targeting Intel x86 CPU (including AES-NI, SGX).
> platypusattack.com

I'm not surprised that we discover new attacks on Intel CPU, while I'm very surprised this attack has just been discovered now.

(1/n) PLATYPUS is a Side Channel Attack allowing to _remotely_ extract secrets from Intel CPU incl. SGX enclave and AES-NI.
It uses the unprivileged access to RAPL (Running Average Power Limit) interface to get an internal measurement of the power consumption of the chip.

(2/n)

I've read several misconceptions about Common Criteria certifications. Typically:
- "Components producers pay for certification"
- "Certifications test only against a known set of predefined scenarios"
- "Certifications are not a replacement for independant review"

Thread👇 (2/n)
In a Common Criteria Certification process (for a circuit). There are 4 actors:
1. The sponsor (SP)
2. The chip manufacturer (CM)
3. The 3rd party evaluation lab (lab)
4. The Certification body (CB)