Hardware signer and key storage Kampela: Milestones 5&6

This is proposal for Milestones 5&6.

DOT/EUR exchange rate calculated as 5.8176 by EMA7 (EMA with 168 period frame) by Kraken

Our team proposes to design an open source hardware storage for dotsama ecosystem.

Please see complete proposal on Skiff

Project repository

Project matrix room: #Kampela:matrix.zymologia.fi

See previous material here:


Proposal for milestones 1&2

Proposal for milestones 3&4

Milestone 1 report

Milestone 2 report

Milestone 3 report

Milestone 4 report

Project name is Kampela, Finnish word for flounder fish. The device is envisioned as flat card mostly consisting of e-paper screen and few controls (and it allows keys to stay safely in depth).

Kampela is a hardware version of Parity Signer. It is a small card-shaped device (ideally comparable to a credit card form factor, to be carried in a wallet when needed) that accepts data through unidirectional NFC port and shows output on a monochrome electronic paper screen. It has cryptographic strongbox with elliptic curves supported by Substrate — which only stores private keys (after initial import) and performs all signing operations on-chip.

Kampela is designed to be a comparatively low-cost (below €100, in contrast to €500+ for a Signer-compatible smartphone) single-purpose device, which would only support a single seed phrase per unit, operated via a drastically simplified user interface. However, it would have all the security features of Parity Signer: a full-featured SURI account derivation system, transactions preview, metadata updates, logging.

As something that supports the same QR code output formats as Signer, it would be able to drop-in replace Signer when providing signatures back to a mobile/desktop wallet. The only challenge would be in transforming the current QR-driven input format of Signer into a suitable NFC payload. Alongside with native support in some apps (which would require software modification) this can also be achieved with a tiny “translator” app for a regular (online, not necessary trusted — one’s usual daily driver) mobile phone: it would snap a QR code with the transaction details and (statelessly, without any extra features or complicated UI) transform that into an NFC payload.

Kampela is a natural (and long-discussed) extension of Parity Signer to leverage the most out of modern hardware-based crypto chips and drastically reduce Signer’s attack surface: no mobile OS, not extra platform features, no unexpected communication methods or airplane mode to take care of.

Kampela is not a wallet! It is a signing tool, it is not able to track on-chain balances, validate things over chain-provided information or generate transactions on itself.

The scope of this proposal does not include actual production, but does result in all preliminary development required for production. Hopefully, many assembly shops would rush in to compete with us and each other!

As these last milestones were listed out long time ago, it makes sense to clarify them now with more details on planned work and deliverables:

Milestone 5

  • Fabricate another iteration of the casing (test mechanical integrity of device, usability, etc)
  • Test end-of-life secure self-destruct feature: it's trigger circuit (can we rely on broken screen as self-destruct indicator? Is trigger easy to activate? Is indication clear?) and success (does the chip indeed understand wipe command and use small enough power to perform it?)
  • Power circuit (test whether it supports various phones budgets and withstands some instability; make sure device can safely burn off residual power and reboot on power loss)
  • User input (make sure touch pad input on E-Ink is not too frustrating)
  • Test secure element powered key management (encrypt key, decrypt, check attempt counter and self-destruct features)
  • NFC reception of large signed payloads

We have decided to leave RNG analysis out of scope, as that component of chip is indeed certified and tested upstream; implementing extra hashing over existing certified secure RNG device in an airgapped cold device with single baremetal app running does not seem feasible, as implementation error risks greatly outweigh probability of hardware attacks, as there is no path to pass exploit trigger event for an attacker; deploying simpler exploits that would make SE accessible to an attacker or make snapshots of onboard RAM, would be simpler for manufacturer to embed into hardware.

Milestone 6

  • Final specifications for NFC communication protocol
  • Full manufacturing schematics for the device, including "hacker" edition with programming interface exposed for enthusiasts and hackers to play with, that we intend to manufacture and distribute to order right after completion of the project, as it obviously does not require any audit
  • Prepare documentation on analysis of device, for community to study and for auditors to facilitate manufacturing security audit procedure
  • Demonstration of fully assembled and operational device with basic functionality and interface
  • Decision on whether active NFC tag dummy could be used as second factor with sufficiently secure signing of NFC responses at current level of technology without too high impact on power system of the Kampela device
There are no comments here