EthVault: A Secure and Resource-Conscious FPGA-Based Ethereum Cold Wallet

Cryptocurrency blockchain networks safeguard digital assets using cryptographic keys, with wallets playing a critical role in generating, storing, and managing these keys. Wallets, typically categorized as hot and cold, offer varying degrees of security and convenience. However, they are generally software-based applications running on microcontrollers. Consequently, they are vulnerable to malware and side-channel attacks, allowing perpetrators to extract private keys by targeting critical algorithms, such as ECC, which processes private keys to generate public keys and authorize transactions. To address these issues, this work presents EthVault, the first hardware architecture for an Ethereum hierarchically deterministic cold wallet, featuring hardware implementations of key algorithms for secure key generation. Also, an ECC architecture resilient to side-channel and timing attacks is proposed. Moreover, an architecture of the child key derivation function, a fundamental component of cryptocurrency wallets, is proposed. The design minimizes resource usage, meeting market demand for small, portable cryptocurrency wallets. FPGA implementation results validate the feasibility of the proposed approach. The ECC architecture exhibits uniform execution behavior across varying inputs, while the complete design utilizes only 27%, 7%, and 6% of LUTs, registers, and RAM blocks, respectively, on a Xilinx Zynq UltraScale+ FPGA

💡 Research Summary

The paper presents EthVault, the first fully hardware‑implemented Ethereum hierarchical deterministic (HD) cold wallet built on a field‑programmable gate array (FPGA). Recognizing that most existing cold wallets are software applications running on microcontroller units (MCUs) and therefore vulnerable to malware, side‑channel, and timing attacks, the authors propose a dedicated hardware architecture that isolates all critical cryptographic operations from a general‑purpose execution environment.

Key contributions include:

1. SCA‑Resistant SECP256K1 Engine – The elliptic‑curve point addition (ECPA) and point multiplication (ECPM) are realized using complete addition formulas together with a Montgomery ladder. By eliminating data‑dependent branches and ensuring uniform execution flow, the design achieves constant‑time behavior and uniform power consumption, mitigating simple power analysis (SPA), differential power analysis (DPA), and timing attacks.

2. Hardware Child‑Key Derivation (CKD) Module – Implemented according to BIP‑32/44 standards, the CKD unit derives child private/public keys from a master key and chain code using HMAC‑SHA‑512. The module is pipelined and shares the HMAC‑SHA‑512 core with other hash‑based functions, reducing overall resource consumption.

3. Integrated Cryptographic Primitives – The design also incorporates hardware implementations of HMAC‑SHA‑512, SHA‑512, KECCAK‑256, PBKDF2‑HMAC‑SHA‑512, and the ECDSA signing algorithm, as well as the Ethereum checksum address algorithm. All modules are designed for reuse across the wallet’s workflow, minimizing duplication.

4. Resource‑Conscious Design – Targeting a portable device, the authors set quantitative goals of under 70 k lookup tables (LUTs) and a minimum throughput of 10 kbps for real‑time signing. On a Xilinx Zynq UltraScale+ MPSoC, the complete EthVault occupies only 27 % of LUTs, 7 % of registers, and 6 % of block RAM, comfortably meeting the performance target (≈200 MHz operation, >10 kbps signing).

5. Security Evaluation – A threat model covering power analysis, electromagnetic emission, and timing attacks is presented. Experimental results show that the ECC engine’s power traces are indistinguishable across different private keys, confirming resistance to SPA/DPA. The authors also discuss physical tamper‑resistance measures such as shielding, on‑chip voltage integrity monitoring, and secure boot to protect the FPGA configuration itself.

The paper details the full wallet flow: entropy generation, mnemonic and seed creation (BIP‑39), master key and chain‑code derivation (HMAC‑SHA‑512), hierarchical child‑key generation (CKD), Ethereum address computation (KECCAK‑256 with checksum), and transaction signing (ECDSA). Each stage is mapped to the corresponding hardware block, and the design reuses modules wherever possible to keep the silicon footprint low.

Implementation results include latency, frequency, and resource usage for each block, as well as end‑to‑end benchmarks showing that EthVault can generate and sign transactions within the latency bounds required by the current Ethereum network.

In the discussion, the authors acknowledge that while the FPGA platform offers strong isolation and flexibility, it is still susceptible to physical attacks if not properly packaged. They propose future work on hardened packaging, on‑chip random number generation, and migration of the design to an ASIC for cost‑effective mass production.

Overall, EthVault demonstrates that a carefully engineered FPGA‑based architecture can deliver a secure, low‑resource, and high‑performance cold wallet for Ethereum, addressing the critical security gaps of MCU‑based software wallets and paving the way for hardware‑centric cryptocurrency key management solutions.