var TRINITY_TTS_WP_CONFIG={“cleanText”:”Turn every smartphone into a Bitcoin hardware wallet using Secure Enclaves.u23f8This post was first published onu00a0Medium.u23f8We use the secure enclaves of iOS and Android devices to store Bitcoin private keys. The keys never leave the enclaves, providing same security as hardware wallets. This essentially turnsu00a0billionsu00a0of smartphones into secure Bitcoin hardware wallets. Users can authorize Bitcoin transactions using FaceID and TouchID.u23f8Secure Enclaveu23f8The Secure Enclaveu00a0is a special chip in Android, iPhone, iPad andu00a0Macsu00a0to secure your biometrical data like FaceID and TouchID. The key feature of the Secure Enclave is that a private key generated on itu00a0cannotu00a0leave the chip, providing maximum security as in hardware wallets such as Ledger and Trezor.u23f8Private key in it can be used to sign messages securely. Messages are sent into the Secure Enclave, signed, and then the signature is returned. The private key during signing reside in the chip and is not stored in memory and thus is inaccessible from software. Permission to sign a transaction can be granted using a biometric authentication such as FaceID and TouchID.u23f8Elliptic curveu00a0secp256r1u23f8The Secure Enclave supports a single elliptic curve,u00a0secp256r1, also known asu00a0prime256 and P-256. It is different from the elliptic curveu00a0secp256k1u00a0thatu2019s used for the popular blockchains such as Bitcoin and Ethereum.u23f8Both elliptic curves are of the formu00a0yu00b2 = xu00b3 + ax + b.u23f8In the secp256k1 curve, we haveu23f8a = 0u23f8 b = 7u23f8and in the secp256r1 case we haveu23f8a = FFFFFFFF 00000001 00000000 00000000 00000000 FFFFFFFF FFFFFFFF FFFFFFFCu23f8 b = 5AC635D8 AA3A93E7 B3EBBD55 769886BC 651D06B0 CC53B0F6 3BCE3C3E 27D2604Bu23f8Due to the lack of native support of secp256r1, all cryptocurrency wallet apps today are using software signing, instead of hardware signing. Software signing is susceptible to side-channel attacks that leak information about the private key.u23f8Implementing secp256r1 on Bitcoinu23f8Thanks to the expressiveness and scalability of Bitcoin smart contracts, we can implement secp256r1 efficiently, specifically ECDSA signature verification, at contract level. The signature is generated by the Secure Enclave, enjoying maximal security. We then verify the hardware signature in a smart contract. Note this does not require any breaking changes at the base layer, even though it uses a different curve.u23f8We modifiedu00a0the ECDSA verification implementationu00a0released before, switching from curve secp256k1 to secp256r1. It basically implements the standard ECDSA verification algorithm.u23f8 secp256r1u23f8Backupu23f8To be as secure as possible, the Secure Enclave disallow export keys, making it impossible to backup keys (different from hardware wallets with mnemonic words). If a smartphone is lost and damaged, the private key and the funds it controls are lost.u23f8One solution is to create a 1 of 2 (or N) multisig wallet. One key can be generated offline and safely stored as in a cold wallet. The second key is generated inside the Secure Enclave. In case of phone loss or damage, the user can safely use their offline backup key to move the funds out of the wallet.u23f8Pleaseu00a0contact usu00a0if you are interested in building the first ever hardware-signing Bitcoin wallet. Some other types of hardware security modules (HSM), which hardware wallets belong to, likeu00a0Smart Cardu00a0also support elliptic curves, so they also act as Bitcoin wallets as well.u23f8Watch: Small Payments, Big Fun: Micropayments for Casual Gamesu23f8″,”headlineText”:”Turn every smartphone into a Bitcoin hardware wallet using Secure Enclaves”,”articleText”:”This post was first published onu00a0Medium.u23f8We use the secure enclaves of iOS and Android devices to store Bitcoin private keys. The keys never leave the enclaves, providing same security as hardware wallets. This essentially turnsu00a0billionsu00a0of smartphones into secure Bitcoin hardware wallets. Users can authorize Bitcoin transactions using FaceID and TouchID.u23f8Secure Enclaveu23f8The Secure Enclaveu00a0is a special chip in Android, iPhone, iPad andu00a0Macsu00a0to secure your biometrical data like FaceID and TouchID. The key feature of the Secure Enclave is that a private key generated on itu00a0cannotu00a0leave the chip, providing maximum security as in hardware wallets such as Ledger and Trezor.u23f8Private key in it can be used to sign messages securely. Messages are sent into the Secure Enclave, signed, and then the signature is returned. The private key during signing reside in the chip and is not stored in memory and thus is inaccessible from software. Permission to sign a transaction can be granted using a biometric authentication such as FaceID and TouchID.u23f8Elliptic curveu00a0secp256r1u23f8The Secure Enclave supports a single elliptic curve,u00a0secp256r1, also known asu00a0prime256 and P-256. It is different from the elliptic curveu00a0secp256k1u00a0thatu2019s used for the popular blockchains such as Bitcoin and Ethereum.u23f8Both elliptic curves are of the formu00a0yu00b2 = xu00b3 + ax + b.u23f8In the secp256k1 curve, we haveu23f8a = 0u23f8 b = 7u23f8and in the secp256r1 case we haveu23f8a = FFFFFFFF 00000001 00000000 00000000 00000000 FFFFFFFF FFFFFFFF FFFFFFFCu23f8 b = 5AC635D8 AA3A93E7 B3EBBD55 769886BC 651D06B0 CC53B0F6 3BCE3C3E 27D2604Bu23f8Due to the lack of native support of secp256r1, all cryptocurrency wallet apps today are using software signing, instead of hardware signing. Software signing is susceptible to side-channel attacks that leak information about the private key.u23f8Implementing secp256r1 on Bitcoinu23f8Thanks to the expressiveness and scalability of Bitcoin smart contracts, we can implement secp256r1 efficiently, specifically ECDSA signature verification, at contract level. The signature is generated by the Secure Enclave, enjoying maximal security. We then verify the hardware signature in a smart contract. Note this does not require any breaking changes at the base layer, even though it uses a different curve.u23f8We modifiedu00a0the ECDSA verification implementationu00a0released before, switching from curve secp256k1 to secp256r1. It basically implements the standard ECDSA verification algorithm.u23f8 secp256r1u23f8Backupu23f8To be as secure as possible, the Secure Enclave disallow export keys, making it impossible to backup keys (different from hardware wallets with mnemonic words). If a smartphone is lost and damaged, the private key and the funds it controls are lost.u23f8One solution is to create a 1 of 2 (or N) multisig wallet. One key can be generated offline and safely stored as in a cold wallet. The second key is generated inside the Secure Enclave. In case of phone loss or damage, the user can safely use their offline backup key to move the funds out of the wallet.u23f8Pleaseu00a0contact usu00a0if you are interested in building the first ever hardware-signing Bitcoin wallet. Some other types of hardware security modules (HSM), which hardware wallets belong to, likeu00a0Smart Cardu00a0also support elliptic curves, so they also act as Bitcoin wallets as well.u23f8Watch: Small Payments, Big Fun: Micropayments for Casual Gamesu23f8″,”metadata”:{“author”:”Xiaohui Liu”},”pluginVersion”:”5.6.6″}; |
This post was first published on Medium.
We use the secure enclaves of iOS and Android devices to store Bitcoin private keys. The keys never leave the enclaves, providing same security as hardware wallets. This essentially turns billions of smartphones into secure Bitcoin hardware wallets. Users can authorize Bitcoin transactions using FaceID and TouchID.
Secure Enclave
The Secure Enclave is a special chip in Android, iPhone, iPad and Macs to secure your biometrical data like FaceID and TouchID. The key feature of the Secure Enclave is that a private key generated on it cannot leave the chip, providing maximum security as in hardware wallets such as Ledger and Trezor.
Private key in it can be used to sign messages securely. Messages are sent into the Secure Enclave, signed, and then the signature is returned. The private key during signing reside in the chip and is not stored in memory and thus is inaccessible from software. Permission to sign a transaction can be granted using a biometric authentication such as FaceID and TouchID.
Elliptic curve secp256r1
The Secure Enclave supports a single elliptic curve, secp256r1, also known as prime256 and P-256. It is different from the elliptic curve secp256k1 that’s used for the popular blockchains such as Bitcoin and Ethereum.
Both elliptic curves are of the form y² = x³ + ax + b.
In the secp256k1 curve, we have
a = 0
b = 7
and in the secp256r1 case we have
a = FFFFFFFF 00000001 00000000 00000000 00000000 FFFFFFFF FFFFFFFF FFFFFFFC
b = 5AC635D8 AA3A93E7 B3EBBD55 769886BC 651D06B0 CC53B0F6 3BCE3C3E 27D2604B
Due to the lack of native support of secp256r1, all cryptocurrency wallet apps today are using software signing, instead of hardware signing. Software signing is susceptible to side-channel attacks that leak information about the private key.
Implementing secp256r1 on Bitcoin
Thanks to the expressiveness and scalability of Bitcoin smart contracts, we can implement secp256r1 efficiently, specifically ECDSA signature verification, at contract level. The signature is generated by the Secure Enclave, enjoying maximal security. We then verify the hardware signature in a smart contract. Note this does not require any breaking changes at the base layer, even though it uses a different curve.
We modified the ECDSA verification implementation released before, switching from curve secp256k1 to secp256r1. It basically implements the standard ECDSA verification algorithm.
secp256r1
Backup
To be as secure as possible, the Secure Enclave disallow export keys, making it impossible to backup keys (different from hardware wallets with mnemonic words). If a smartphone is lost and damaged, the private key and the funds it controls are lost.
One solution is to create a 1 of 2 (or N) multisig wallet. One key can be generated offline and safely stored as in a cold wallet. The second key is generated inside the Secure Enclave. In case of phone loss or damage, the user can safely use their offline backup key to move the funds out of the wallet.
Please contact us if you are interested in building the first ever hardware-signing Bitcoin wallet. Some other types of hardware security modules (HSM), which hardware wallets belong to, like Smart Card also support elliptic curves, so they also act as Bitcoin wallets as well.
Watch: Small Payments, Big Fun: Micropayments for Casual Games
New to blockchain? Check out ’s Blockchain for Beginners section, the ultimate resource guide to learn more about blockchain technology.