Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
Charles Guillemet Profile picture
Charles Guillemet
@P3b7_
CTO at @ledger. Busy securing the blockchain revolution. Cryptography, (Hw) Security, Tech, Blockchain. Previously built the Donjon (@DonjonLedger)
May 23, 2023 11 tweets 2 min read
Ledger’s mission is, and will always be, to provide our users with the right tools to own their digital value securely.

We have decided to accelerate our open-sourcing roadmap to bring more verifiability to everything we do.

A thread 🧵 Image As you might know, your Ledger devices use a smartcard chip (a Secure Element), implementing tons of hardware countermeasures enabling resistance against high potential attackers even with physical access.
May 18, 2023 29 tweets 5 min read
1/
 I’ve read several misconceptions about how a wallet works. It seems some people thought there is some magic, let me explain how it works.

A thread 👇 2/ A hardware wallet is mostly used as a signing device.

Your private keys are central to everything, and hardware + firmware work hand in hand to protect it.

Let’s review some fundamental cryptography about all hardware wallets, not just Ledgers.
May 16, 2023 17 tweets 3 min read
Ledger Recover is our upcoming and optional service for users who want a secure backup of their Secret Recovery Phrase. Do you want to learn more about the onboarding process and specificities?

A thread 🧵 Let’s first clarify something key: Ledger Recover is a service that you can choose if you want to use it. There is no auto opt-in with firmware updates.
Sep 17, 2021 9 tweets 4 min read
Fun fact about Taproot:

Taproot is a #bitcoin upgrade which will occur at block #709632, ie. in Nov 2021

It brings several new innovations and features but one of them is especially interesting: Schnorr Signatures.

Let me tell you the brief history of asymetric cryptography 🧵 Asymmetric cryptography is a process that uses a pair of keys: public / private key.

Its most interesting application is *Digital signature*. It's a process where you can prove you know your private key without revealing it while anyone with your public key can verify your proof
Dec 15, 2020 8 tweets 3 min read
On the threat model of @Ledger Nano and its ETH app when using DeFi.

Thread
[1/n] Image Ledger Nano devices threat model is quite simple and could be summarized as follows:

1. Confidentiality of keys
2. Secure use with user consent
3. Genuineness check
4. Users' privacy

[2/n]
donjon.ledger.com/threat-model/
Nov 12, 2020 10 tweets 4 min read
Thread #PLATYPUS

PLATYPUS is a novel side-channel attack targeting Intel x86 CPU (including AES-NI, SGX).
> platypusattack.com

I'm not surprised that we discover new attacks on Intel CPU, while I'm very surprised this attack has just been discovered now.

(1/n) PLATYPUS is a Side Channel Attack allowing to _remotely_ extract secrets from Intel CPU incl. SGX enclave and AES-NI.
It uses the unprivileged access to RAPL (Running Average Power Limit) interface to get an internal measurement of the power consumption of the chip.

(2/n)
May 29, 2020 10 tweets 3 min read
I've read several misconceptions about Common Criteria certifications. Typically:
- "Components producers pay for certification"
- "Certifications test only against a known set of predefined scenarios"
- "Certifications are not a replacement for independant review"

Thread👇 (2/n)
In a Common Criteria Certification process (for a circuit). There are 4 actors:
1. The sponsor (SP)
2. The chip manufacturer (CM)
3. The 3rd party evaluation lab (lab)
4. The Certification body (CB)