In August 2022, we shared our initial efforts to develop a modular, open-source Hardware Security Module (HSM) platform tailored for blockchain environments.
Today, we are excited to update the community on the progress we’ve made, and why this work is more relevant than ever.
A Persistent Problem: Protecting Cryptographic Keys
A recurring challenge in security, especially for cloud-hosted and internet-facing applications, is the protection of cryptographic material.
Hardware Security Modules (HSMs) have long been used to mitigate this risk: they secure cryptographic keys and perform sensitive operations internally, without exposing private material to external software.
However, most commercial HSMs remain closed-source, making it difficult to verify their real security properties. Worse, their closed nature often delays the adoption of modern cryptographic techniques — a critical limitation in fast-evolving environments like Ethereum.
Real-World Evidence: Why Open Hardware Matters
The risks of relying on “security through obscurity” are not theoretical.
In recent years, several attacks have highlighted the fragility of closed systems:
- ROCA (2017): A severe vulnerability in RSA key generation affecting Infineon chips, discovered after years of undisclosed flaws.
- EUCLEAK (2024): A side-channel attack against ECC keys stored in the Infineon SLE78 secure element, a key component in many authentication tokens like the YubiKey 5 series.
Both incidents showed that even if source code isn’t publicly available, determined adversaries can break implementations via side channels or reverse engineering — often without warning or vendor cooperation.
The lesson is clear: transparency is not optional. For critical cryptographic systems, it is the only sustainable foundation.
The Missing Piece in Blockchain Infrastructure
HSMs are standard in traditional critical systems (e.g., Root Certification Authorities) and cloud services.
But in blockchain security, HSM usage is still limited — mainly focused on user wallet keys, while validator node keys are often overlooked.
This gap is concerning. Blockchain clients are:
- Highly exposed: Nodes often run on internet-facing machines, sometimes in cloud environments.
- Financially critical: Compromising a node’s key material could enable the theft of significant funds or disrupt consensus.
Moreover, Ethereum presents unique challenges for commercial HSMs:
- Use of BLS Signatures: Ethereum’s consensus mechanisms depend on Boneh–Lynn–Shacham (BLS) signatures, which are not widely supported by traditional HSMs.
- Rapid cryptographic evolution: Emerging protocols like Zero-Knowledge Proofs (ZKPs) will demand hardware flexibility that proprietary HSMs are unlikely to match.
Thus, we saw the need for an HSM that is not only transparent but also agile — evolving in sync with the Ethereum network.
Our Approach
Our project aims to provide a foundation for an open-source, modular HSM, accessible to any Ethereum node operator.
Key features include:
- Low-cost, widely available hardware: based on ARM Cortex-M33 microcontrollers.
- Support for ARM TrustZone: enabling secure key isolation.
- Remote operation: secure communication over the internet or LTE networks.
- Over-the-Air (OTA) Updates: secure firmware upgrade mechanisms.
- BLS signature support: specifically targeting Ethereum validator operations.
We chose the Nordic Semiconductor Development Kits (e.g., nRF5340 DK, nRF9160 DK, nRF7002 DK) as hardware platforms because of their:
- Strong support for ARM TrustZone technology.
- Open documentation and schematics.
- Integration with Zephyr OS, an open-source real-time operating system.
This combination of open-source software and accessible hardware ensures that the entire stack can be audited, verified, and improved by the community.
Deployment Scenarios
We designed our system to support two common deployment models for Ethereum validators:
- Staker A, a node operator with physical access to the hardware — the HSM connects directly to the node via USB or UART.
- Staker B, a node running in the cloud — the HSM connects remotely over LTE or Internet protocols, authenticating securely before handling sensitive operations.
This flexibility allows operators to secure their keys whether they run their nodes on-premises or in distributed, cloud-based infrastructures.
What Comes Next
We are preparing for the next phase:
- Hardware iterations based on testing feedback.
- Public documentation and reproducible builds for verification.
- Beta testing program: inviting node operators, researchers, and security experts.
- Community workshops and educational materials around open hardware security.
We believe the only way to secure the decentralized future is through collaboration and transparency.
We invite the blockchain community — developers, researchers, operators — to join us in shaping this project.
Open-source security is not a luxury. It is a necessity.
Let’s build it together.