Following Trezor’s post detailing the latest firmware update’s security improvements, we can now present the side-channel analysis evaluation performed on the Trezor One. This was done at the Ledger Donjon and has been responsibly disclosed . The conclusion of our analysis being that it is possible to mount two profiled side-channel attacks on the device leading to
- the retrieval of the PIN code of a stolen device.
- the retrieval of significant portions of the scalar used during an elliptic curve point multiplication (which leads to a private key recovery).
In this post we describe our study for the PIN retrieval.
