Prague-based hardware manufacturer Trezor has built into its Trezor Safe wallet seven mechanisms that allow it to future adapt to the risks of quantum computing. This was revealed at an event held by the company on October 21st.
As reported by CriptoNoticias, the company’s latest wallet, the Trezor Safe 7 wallet, is the first Bitcoin and cryptocurrency wallet. Incorporates open source secure element chipcalled Tropic01.
Trezor Safe 7 also includes support for quantum-resistant cryptographic algorithms via firmware update. No physical changes required to the device after leaving the factory. In this way, teams can incorporate post-quantum standards as quantum threats evolve or become a concern. Q-day.
The Trezor Safe 7 wallet includes hardware designed to support future post-quantum updates from the factory. This means that if quantum computing advances significantly in the coming years, the Trezor Safe 7 will be able to run firmware that supports quantum computing.
Trezor, a cryptocurrency wallet company.
Reinforced on 3 levels
Specifically, the company has focused on strengthening the device boot chain, which consists of three consecutive levels: Board loader, bootloader, firmware.
Each of these levels of hardware wallets uses standards selected by the National Institute of Standards and Technology (NIST), one of the leading authorities on post-quantum cryptography, to ensure resilience that reduces the threat of these devices against future attacks.
According to Trezor, this happens thanks to the board loader, a small program that finds and downloads the wallet’s operating system, which is recorded at the factory and cannot be changed. This serves as the first line of validation when checking the integrity of the bootloader. A bootloader is another program that effectively initializes the operating system after initial programmatic authentication.
Hardware at both levels They use a hybrid method It combines SLH-DSA-128, part of the SPHINCS+ family and standardized by NIST in 2024, with ECDSA on the secp256r1 curve.
In other words, this system combines two digital signature methods: a classical method (ECDSA) and a post-quantum method. The latter is recorded in the board loader, so the quantum security implemented in the Trezor Safe 7 wallet cannot be changed and is passed from the first layer to the other layers. Since these are hashing methods, Trezor would have chosen the algorithm part of the SPHINCS+ family. “It’s well understood, backed by decades of research, and has never been compromised.”commented the company.
Unlike bootloaders and firmware, which can be updated at any time, board loaders cannot be modified once the code is written at the factory. Board loaders need to remain secure for decades, so we designed them to validate post-quantum firmware updates and support post-quantum reliability checks when needed.
Trezor, a cryptocurrency wallet company.
The board loader is the first and most important authentication system for post-quantum cryptography on devices, but Trezor argues that this security extends further. “Each Trezor Safe 7 includes a Post-Quantum Device Certificate to prove its reliability in a post-quantum future,” the company said. Algorithm standardized by NIST called ML-DSA-44is built into one of the three redundant chips (in addition to Optiga Trust M and the new Tropic01) that make up the new wallet.
“By distributing the certificates across three independent chips, we ensured that even if one layer was compromised, the authenticity checks remained strong,” Trezor concluded.