Utimaco HSM protects digital wallets and cryptocurrencies

Utimaco partners with ThothTrust to protect digital wallets and their cryptocurrency assets with Utimaco HSMs and the CryptoScript Software Development Kit (SDK).

The Customizable Secure Cryptography (CSC) product offers different security levels and customization options to create a secure environment corresponding to the customer’s requirements.

In the case of digital wallets, a Wallet Security Module (WSM) ensures cryptocurrency asset security based on a Utimaco HSM as its hardware root of trust.

The Utimaco HSM equipped with the WSM module generates secure digital wallets, which can store up to 255 pieces of 256-bit ECDSA key pairs for cryptocurrency and token transactions.

These keys sign cryptocurrency transactions including Bitcoin, Ethereum and other Bitcoin, ERC20 compatible tokens as well as tokens that rely on 256-bit ECDSA cryptographic signatures. Signing happens without leaving the confines of the Utimaco HSM, preventing leakage of transaction keys.

Authentication to the WSM-backed wallets relies on public key challenge-response using ECDSA signatures via an ECC key pair created by the endpoint device and secured using the endpoint’s secure keystore. This keystore usually requires a password or biometric authentication from the user to access the device key pair for authorizing the user’s requested actions (i.e. creating digital signatures for cryptocurrency transactions or managing the wallet).

Users may also securely provision new devices for flexibility and accessing their digital wallets and cryptocurrency funds from multiple authorized endpoints. If a user loses all authorized devices, the WSM module features a wallet restoration functionality. This process requires the user to enter a 12-digit PIN code and supply the wallet ID to restore access to the wallet and its cryptocurrency transaction keys.

At the same time, a limited number of possible PIN entry retries prevents brute-force attacks against the WSM-backed wallets and results in a lockout period when the number of PIN entries exceeds the threshold. The lockout period is backed by the HSM’s secure clock.

“In an era where digital security is highly complex and dynamic, Utimaco provides robust security standards and a highly adaptable platform that can implement complex and holistic security solutions. Its CryptoScript capability provides a secure environment for executing sensitive business logic to the standards of the FIPS-140 security certification,” says Gerald Tay, Director at ThothTrust.

Apart from securing cryptocurrency assets, the WSM is also capable of being modified for use in traditional mobile payment scenarios, e.g. in the context of tokenized payment applications by adapting the specific codes and scripts.

“ThothTrust and their customers can rely on Utimaco’s longstanding expertise and security standards in the field of hardware security,” says Malte Pollmann, CEO of Utimaco.

“Optimized for encryption and crypto applications, the Utimaco HSM minimizes the risk of cryptocurrency assets being stolen from the digital wallets.”

Security is of importance when it comes to digital wallets, as the financial losses in case of a security breach reach several million dollars. A recent breach with a loss of over $20 million is likely due to lost control of authentication keys, which the use of an HSM could have prevented.