Hardware Issues Could Corrupt Bitcoin Private Keys

Gemini's chief security officer, Cem Payali, published details of a vulnerability in a company blog on Friday that involved SafeNet-branded hardware security modules, or 'HSMs'.

These specialized tamper-proof devices are used by everyone from governments to banks and payment companies to protect their cryptographic keys. They have been hailed as the “next step” in bitcoin security.

While testing SafeNet’s Luna G5 product, which will be used for cold storage of future transactions, Paya found a design flaw in the software: although the public and private keys are tightly bound to the device, Paya found that they can still be arbitrarily extracted. Clients using any of Safenet’s three HSMs will put their bitcoin private keys at risk, he said, adding:

“Bitcoin is a payment technology that uses cryptographic functions to store your money: a signature generated by an ECDSA private key, which is your money. If you lose your private key, you can’t spend your money. It’s very easy to understand.”

According to SafeNet, which released a patch last Thursday, the company called the vulnerability "critical".

Chris Dunn, vice president of technology and encryption management at Gemalto, which acquired SafeNet in January, told CoinDesk that SafeNet has not had a stellar record so far. He added that this is partly due to the specialized nature of the hardware — which only trusted customers have access to.

"HSM vulnerabilities are rare and it is difficult for users to exploit the given hardware they deploy with their HSMs. HSMs also contain some usage and access control policies to prevent this type of vulnerability from occurring."

Typically, HSMs are kept in hidden locations, known only to personnel, and some models can even be programmed to self-destruct if attacked.

Bitcoin and HSMs

Although the company protects 750 million private encryption keys, few users have downloaded and used these devices to protect their bitcoins. So far, these devices have only been downloaded 25,000 times.

“We have some current bitcoin users, however this is a new use case for our HSMs,” Dunn said.

The equipment is relatively niche and expensive for the bitcoin industry, but is more widely used for traditional security standards, with companies like Gemini and API developer CEM using these tools to solve their offline (cold) storage problems.

“We’re better at some things (on bitcoin) than Visa, MasterCard and American Express, but they’re pretty good at keeping the private keys, and how do they do that? They use HSMs,” Gemini COO Ken Miller told CoinDesk.

SafeNe Luna SA - HSM server connected via Ethernet

His company spent eight months working with Thales, a maker of military-grade HSMs, to create a team to solve the hardware protection problem.

“We’ve seen a lot of big names get into bitcoin,” Miller said, adding that if enough people get involved, CEM would consider starting a service to resell its custom machines.

In contrast, Payaly said Gemini has not encountered any significant compatibility issues when using SafeNet to provide bitcoin key storage. “Their HSMs are not only powered by ECDSA, but also have a specific bitcoin curve, and there have been no issues,” he said, adding:

“While I don’t know the issues that Cem has encountered, I can say that each of his products has a unique set of strengths and weaknesses. Until recently, we were still evaluating whether some components could support Bitcoin services, and there were also OS/software issues that needed to be resolved.”

What measures will be taken in the future

Due to its scarcity, Paya said a patch is currently being worked on for this vulnerability, but it does not affect Gemini's plans to use HSMs as its backend security solution, or especially the hardware aspect of Safenet.

"This vulnerability should serve as a wake-up call to add some defensive measures, such as using dedicated HSMs to manage keys," he said.

However, he added, “HSMs remain best practice for managing cryptographic keys.”

Gemini’s COO agreed. While the company doesn’t have a silver bullet for protecting Bitcoin and preventing attacks, he said, it needs to be based on a company with multiple layers of security — including HSM hardware.

“No hardware or software solution is as good as another, so the key is to keep those solutions under rigorous management and review over time.”