Why “Dumb Hardware is a Smart Choice in a World of Mistrust
In an era defined by rising geopolitical tensions, trade wars, and active conflicts, the integrity of our global technology supply chains is no longer a guarantee. For anyone relying on hardware for security, a critical question emerges: can you trust the chip you're holding? When manufacturers can be pressured or coerced by state actors, the risk of hardware supply chain attacks becomes a real threat. This is especially true for security-critical devices like hardware wallets, where a compromised chip can mean a total loss of assets.
The solution, paradoxically, might not be more complex hardware, but simpler, "dumber" technology. PhysiKey is about building systems that are truly trustless, even in the face of potentially adversarial manufacturing. Here’s how PhysiKey uses simple components like NFC tags to provide a robust, air-gapped storage solution, free from the fear of a poisoned supply chain.
The "Bad Seed" Problem: A Hardware Wallet's Single Point of Failure
One of the most insidious attacks on a hardware security device is what’s known as a "bad seed" attack. This is when a manufacturer deliberately tampers with the cryptographic chips inside a device.
The goal of this attack is to sabotage the chip's random number generator, which is responsible for creating the entropy needed to generate a secure private key. A proper cryptographic key should be generated from a massive pool of possibilities—typically 2^{256}. This number is so astronomically large that it's impossible to guess or "brute force."
In a bad seed attack, the compromised chip is designed to limit this randomness. Instead of pulling from a near-infinite pool, it pulls from a much smaller, pre-defined search space known only to the attacker. While the key might look random to the user, the manufacturer who poisoned the chip knows exactly which narrow window of possibilities it came from. This gives them a drastically reduced search space that can be easily brute-forced, allowing them to steal the private key and any assets it protects.
The only ways to know for sure your cryptography chip hasn’t been tampered with are methods well beyond the capability of most individuals, and isn’t feasible for large volume production QA.
PhysiKey - A Truly Trustless Hardware Solution: On-Device Generation and Multi-Factor Security
Our system is designed from the ground up to be resistant to these types of supply chain attacks. The core principle is simple: never trust the hardware. Instead of relying on a factory-produced chip to generate critical secrets, we use "dumb" NFC tags for what they’re good at—storage—while handling the security logic on a trusted device.
Here’s how it works:
1. Isolated Generation: The initial cryptographic material is generated on your own device (e.g., a smartphone) within an isolated software environment. This immediately sidesteps the risk of a compromised random number generator on a factory-produced chip. The NFC tag is never involved in generating the secret; it's just a passive vessel for storing it.
2. A Multi-Factor System: The material stored on the NFC tag is only one factor. To reconstruct the final key, a second factor is required: user input, such as a strong password or passphrase. Without this second piece of the puzzle, the data on the tag is useless.
3. Key Stretching with Argon2: This is the critical step. The two factors—the secret from the device and the user's input—are combined and fed into Argon2, a modern, robust cryptographic hashing function which is specifically designed to be resistant to brute-force attacks. It processes the combined inputs to create the value that will be used by the final KDF to create the private key. Since each different PIN/Password creates a wholely separate key, this means if the physical device is stolen, the adversary will need to run the stored value through Argon 2 to brute force combinations of PINs and Passwords, which will require huge levels of resources to do, adding another security layer here. Ask us about custom physical theft detection software features we can build into our product during your free consultation.
4. Final Key Production: Only after this process is the final key produced, again within the same isolated signing environment. This ensures that even if one factor (the hardware tag) were created by a compromised manufacturer, the system's security remains intact.
By using the NFC tag as simple, air-gapped memory and placing the security logic in a trusted, user-controlled environment, we eliminate the single point of failure that makes bad seed attacks so dangerous. The simplicity of the NFC tag becomes its greatest strength—it has no complex processors or cryptographic chips that can be tampered with. It just holds data, making it the perfect foundation for a truly trustless security model.