nick's avatar
nick nick@frostsnap.com 5 months ago
Frostsnap's security model primarily focus on the ability for you, or an attacker, to visit T-of-N devices. The Frontier model does not have a secure element. However we do encrypt the secret stored on the device using a decryption key held in the phone's secure element. This means you need to unlock your phone to sign or access anything useful, so by extension, protecting the device secret behind the phone's secure element. Now you may be wondering about recovery, what if you lose the phone and its decryption key? If that happens you can take a new phone to visit T-of-N devices, reconstructing the decryption key! Now you're ready to go signing again!
↑ Parent

Replies (1)

nick's avatar
nick nick@frostsnap.com 5 months ago
Secure elements are really just secure PIN checkers that release decryption keys. When I was naive I thought the signing operations occur off the main MCU and in a secure enclave, but this is not the case with most hardware wallets. A successful PIN releases a decryption key which then passes onto the main chip to decrypt the secret key in memory.
1 replies ↓