From the anonymity, a person released confidential information about the chip used for the MK3, the latest version of the purse hardware of Bitcoin (BTC), Coldcard.
Before filtering, these data were only provided by Microchip Technology to those who sign a confidentiality agreement. “I have signed a confidentiality agreement, so that it is not necessary that you do it”, makes it clear to the reader.
The 118 pages of information filtered on the chip ATECC608A been uploaded to Github. The person responsible for the publication explained that, until the previous version of the chip, the ATECC508A, all the sheets were published on the official Website of Microchip.
The informant mentioned the possibility that the manufacture of the ATECC508A in the future to be discontinued due to that not recommended for new designs. If this were to occur, anticipates that the new chip “undocumented” would replace the full and this, to him it is a problem.
This user, which closes its publication in Github with a quote from the fundamentalist of open source, Richard Stallman, believes that the dissemination of such information on the chip is necessary to solve the problem.
The reaction of Coldcard
Rodolfo Novak, ceo of Coinkite, the developer of Coldcard, far from regretting what happened, he highlighted the fact that now all users can see information that was only available to security researchers. He also explained that, being himself under confidentiality agreement, can’t comment publicly on the content of the leaked information.
Even so, Novak did not give greater importance to the subject. “It makes no difference to Coldcard,” he said. He said that he did not see a difference in that the information is open or closed, because any security researcher or laboratory should be able to request the technical data sheet.
Finally, he noted that the confidentiality agreement would not prevent the researchers, in a responsible way, can inform about the errors of the chip to the manufacturers of purses hardware of Bitcoin.
The Web site Coldcard, in their faq section, describes the ATECC608A as “a device of fixed-function for the storage of private keys”. Clarifies that “it is not a general purpose CPU” and that, therefore, neither Coinkite or Microchip Technology can change its operation without altering the hardware of the chip itself.
In the words of Miguel Vidal, co-founder of FLOS Systems, the ATECC608A “is a secure element that is used in the security industry”. Adds Vidal that “there are no exploits, or is isolated from the microprocessor main, possesses countermeasures against brute-force and it is protected against what is known as side-channel attacks”, which are those based on information that is obtained through the violation physics of a system.
The latter eliminates a vulnerability in the version MK2. As reported by Breaking News, the failure of existing security allowed to steal BTC, but for this it was necessary to have a team of USD 200,000 and have physical access to the device.