The Secure Element and Hardware Wallets: Explained

By Kirsty Moreland

Hardware wallets are designed to keep your private keys away from online hacks while also providing countermeasures for physical tampering. For this, the hardware used is absolutely vital. At Ledger, we only use the most cutting-edge chips for securing your crypto assets: Secure Elements – Common Criteria Certified Smartcard Chips. 

When choosing hardware wallets, an often overlooked part is the actual hardware of the devices. The chips used in hardware wallet devices are the actual physical part which stores the access to all your crypto assets: your recovery phrase (also known as mnemonic phrase). To put it simply: if anyone gains access to this information, it’s game over.

Computer Chips in Hardware Wallets: Explained

It’s key that the chips used to protect this vital piece of information from anyone wishing to take it is extremely secure. However, not all chip types provide the same level of resistance against attacks. You wouldn’t want a chip used in a vacuum cleaner or microwave to be protecting the access to your valuable cryptocurrencies, right? To explain, they’re simply not designed to be secure.

Ledger devices only use the most advanced secure chips called the Secure Element to safeguard your crypto assets. This is opposed to other hardware wallet manufacturers that have opted for other chip types. But what is the difference between hardware wallet chips and why does it matter?

Types of Computer Chips in Hardware Wallets

Microcontroller unit (MCU)

A generic Microcontroller unit, or MCU in short, is found in lots of different, non-secure devices. Examples of this would be its usage in microwaves or TV remotes. While these chips provide a lot of flexibility for its operations, the hardware is simply not as resistant to physical attacks as other options. Especially when considering the potentially catastrophic outcomes with cryptocurrencies, it is absolutely vital that you protect your private keys. MCU chips, for example, tend to be vulnerable to voltage and clock glitching – an inexpensive and easy to perform attack method.

While indeed using a passphrase for your hardware wallet using a MCU chip can mitigate this, it does mean that you are dependent on this advanced feature. Furthermore, you must ensure using a strong passphrase as otherwise, a hacker may be able to guess it. But making it too complicated may also cause you trouble.

Examples of hardware wallets using an MCU chip to store your recovery phrase: Trezor, Keepkey.

Safe Memory

A significant step up from MCU chips are Safe Memory chips. These types of chips provide several countermeasures against physical attacks. There is, however, a major difference between these chips and a Secure Element.

Unlike actual Secure Elements, Safe Memory chips claim their advantages without any given proof. These chips don’t have certification. To explain, a safe memory chip has not been evaluated by a Security lab. This means its security might not stand up to its claims.

While claiming to be equal, these chips are not Secure Elements. Put simply, they are uncertified. To be truly secure, a third party must test if that chip is as strong as they claim. As a result, these chips are not suitable for secure solutions such as bank cards and passports.

Safe memory chips are also a bit less flexible. Safe Memory chips can perform scalar multiplication on a single elliptic curve. Without getting too technical, this doesn’t work for signing Bitcoin transactions. To mitigate this for hardware wallets, these devices use a dual chip system, with a MCU to help it for faster processing. Concerningly, hardware wallets using Safe Memory chips send the private key out of its Safe Memory chip to the MCU when processing transactions. This means it becomes much more vulnerable to side-channel attacks and it increases the attack surface.

Examples of hardware wallets that use a Safe Memory chip: ColdCard, Bitbox.

Secure Elements (SE)

The secure element is a computer chip that stores information securely. It’s the chip used in bank cards and passports and, importantly, the chip that protects your private key on a Ledger device.

Secure Elements rank among the most secure solutions for storing critical data. These chips protect the most high-end data storage solutions such as passports and credit cards. The key aim for these chips is to store data in a way that is inaccessible to malicious parties. Thus, secure element chips in Ledger devices are resistant to several physical hacks. For example, they can withstand; fault injections, attacks performed with a high-precision laser, electromagnetic injection, voltage and clock glitching and more. Even the most sophisticated attacks are no trouble for the Secure Element. Simply, it provides you with optimal security for your crypto assets and granting you peace of mind.

Unlike Safe Memory chips, Secure Element chips are certified, having undergone intensive testing by a third-party security lab. Firstly, Ledger’s Secure Element chips got their seal of approval. But also, Ledger’s hardware wallet’s system is tested and certified – a first in the market. Finally, Ledger devices themselves are certified hardware wallets, meaning they offer top-notch security.

While Ledger is using a dual chip system with an MCU as well, the important part is that your private keys remain inside the Secure Element. To process a transaction, the secure element lets you use the private key without allowing it to leave the chip. Equally the device’s firmware and all cryptographic operations reside within the chip too.

Ledger is the only hardware wallet that uses these types of chips and to understand how they protect your crypto, make sure to check out the article on how the Secure Element protects your Ledger.

Keep learning! If you enjoy getting to grips with crypto and blockchain, check out our School of Block video 3 Ways to Earn Passive Income from Crypto