By Lucien Bourdon, Bitcoin Analyst at Trezor
A hardware wallet is a standard tool for securing cryptocurrency, and most rely on a dedicated chip known as a Secure Element; the same type used in credit cards and passports.
But here’s what matters most: how a wallet uses this chip. This choice defines what you are ultimately asked to trust, and it splits the industry into two fundamentally different philosophies.
A standard Secure Element operates on a principle of secrecy. Manufacturers shield their chip’s inner workings with non-disclosure agreements (NDAs).
This makes independent security review impossible. Users and makers alike must take the manufacturer’s word for it. Researchers and hardware wallet makers cannot freely test or publicly discuss what they find. Even if a critical flaw is discovered, the NDA can legally prevent its disclosure, leaving users in the dark.
We learned this the hard way. Years ago, Trezor evaluated a leading Secure Element under NDA for a prototype. Our testing revealed issues we couldn’t publicly discuss, as the NDA prevented transparency.
That experience clarified our path. We decided we didn’t want your private keys dependent on closed, unauditable hardware. Instead of searching for a chip to trust completely, we built an architecture where the Secure Element never holds your keys. Even when we later developed our own fully auditable Secure Element (TROPIC01), we kept this design. We don’t ask you to trust us. We don’t even trust ourselves. The architecture is trustless by default.
This is where hardware wallet designs diverge. All use a Secure Element for protection, but where your private keys are stored changes everything.
Here, your private keys live inside the Secure Element. It generates, stores, and uses them in a closed, certified environment.
- The Logic: Contain all sensitive operations in a tamper-proof box.
- What You Trust: The chip maker’s reputation, their secret internal code, and the hope their certifications match your real-world threats.
- The Reality: You get strong physical protection but must accept that the most critical processes are invisible and unauditable.
Here, your private keys are encrypted on the main processor. Without the decryption key, this encrypted data is completely worthless to an attacker. The Secure Element holds only that decryption key, protected by your PIN. It never sees your actual private keys.
Your keys are protected by unbreakable encryption; the same cryptographic strength that secures Bitcoin and other crypto networks. The entire system runs on open-source firmware anyone can audit.
- The Logic: Strong and verifiable encryption beats hidden secrets. With auditable code, you can prove how your keys are protected. With closed hardware, you can only believe the claims.
- What You Trust: Cryptography and public code. The Secure Element only handles access control like PIN verification.
- The Reality: Complete transparency. The chip provides hardware protection without becoming an unverifiable single point of trust.
Trezor is built on the second design model. Your private keys remain encrypted outside the Secure Element, protected by encryption and an operating system anyone can audit.
This aligns with our founding principle: true security requires transparency, not obscurity. You shouldn’t have to trust us; you should be able to verify how your wallet works.
This commitment to verification guides our entire approach. We believe you should have hardware security without compromise, which is why we advocate for and develop open security tools where every layer of protection can be examined.
A Secure Element is not a guarantee of security by itself. It is a component whose value depends entirely on how it is implemented.
The decisive choice is whether your private keys depend on code or hardware you cannot audit.
_________________________________________________________________________
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。
