An anonymous source revealed, through a publication on GitHub, several confidential data about the new ATECC608A chip that is used within Coldcard's physical wallets.
Through a publication On GitHub, an anonymous source released confidential information about the chip implemented within the hardware wallets cold card, one of the latest versions of physical wallets for Bitcoin Company MK3. In the publication, the author indicates that previously MK3 published complete data sheets and updates for its products, but unfortunately since the chip ATECC608A the company refused to continue publishing information about its products. Likewise, the author points out that the previous chip, known as ATECC508A, will be discontinued and replaced by the ATECC608A, about which we do not know or have any information.
For this reason, the anonymous source decided to reveal the complete data sheet, named Microchip CryptoAuthentication Device, which shows detailed information about the ATECC608A chip, so that current and future users of wallets that implement this integrated circuit can learn everything about it. The data sheet shows everything from general information about the chip to the different interfaces, description of the commands, compatibility and information on the security mechanisms for storing and protecting user keys.
It may interest you: Security: Several exchanges present vulnerabilities that put user funds at risk
All about the ATECC608A chip
El Valid identity document revealed indicates that ATECC608A is a high security microchip specially designed for storage devices of cryptocurrencies, . ATECC608A combines cutting-edge technologies for the secure storage of private keys, while integrating accelerators with various authentication and encryption protocols. These protocols control access to various areas of the device's memory, which can be restricted and locked to prevent unwanted changes to keys, data or other stored files.
For its part, the ATECC608A chip also integrates a set of flexible commands that allow the use of the microchip in a wide range of applications, such as the authentication of nodes or system components, the creation and management of session keys for multiple protocols, the adaptation of communication keys, encryption or decryption of messages or data, generation of protected keys for software download, among others. Likewise, ATECC608A includes an EEPROM array that can be used to store up to 16 keys, in addition to certificates, miscellaneous reading or writing, read-only data, consumption records and general security settings.
Likewise, the ATECC608A chip implements a complete solution based on asymmetric cryptography of public and private key and integrates the elliptic curve digital signature algorithm ECDSA and multiple derivatives of function algorithms hash Secure Hash Algorithm (SHA), including SHA-256; This is in order to allow verification of a digital signature by third parties without compromising the security of the device or the stored funds.
In general, it is a device designed to securely and reliably store multiple private keys generated by a user along with the public keys associated with them, without the private keys leaving the device at any time while it is in use.
Coldcard speaks out against the leak of confidential information
Although the information published by the anonymous source is classified as confidential by the company and its developers, company officials point out that the leak of the information document on ATECC608A allows users to know information that until now was only available to researchers from cybersecurity.
On his Twitter account, the Director of Coinkite, Rodolfo Novak, pointed out that the leak is not a problem for the company in charge of developing Coldcard hardware wallets. Likewise, in response to a comment that indicates that the leak could have been carried out by someone with access to the manufacturer, Novak highlighted that it is now open source accessible to everyone; Although Novak also pointed out that due to the confidentiality agreement signed with the company, he cannot publicly reveal information about the chip or give further details about what happened.
Continue reading: Researcher discovers security vulnerability in Ledger that allows Bitcoin spending with fully valid signatures
