Trying to undrestand how does Secure Element protect the PIN

Hello,
I’m trying to understand the statement on a site which talks about the secure element.

“The Secure Element in the TS3 protects your PIN (without learning it), which releases a secret (stored on the Secure Element), which in turn protects your recovery seed (stored only on the Trezor Safe 3 general purpose chip, encrypted by both the device PIN and the secret stored on the Secure Element).”

In my own words: From my understanding, the Secure Element stores a secret key, which it releases after the correct PIN was inserted. The secret key is used to decrypt the recovery seed without knowing the PIN or the recovery seed. Could someone explain that to me please?

I would also like to understand how the cryptography works, the PIN is made to a hash and then through some algorithm which uses the PIN and the Secret Key, the recover seed emerges? Or does it use only the secret key?

Thank you for your patience and answers in advance

Hi, what a great question and thanks for your patience while waiting for a response.

So on a simple level on Trezor Safe Family devices, your wallet is being encrypted through both the PIN and the Optiga secure element chip’s self-generated encryption keys. The design is meant to prevent the Optiga from learning either your backup phrase (aka recovery seed) used to decrypt the wallet or your PIN (which would in turn give access to the backup phrase).

The process used by your Trezor to decrypt your wallet after you enter the PIN enables you to use the device only (note that Trezor will not provide any or all private keys decrypted in this way to your computer or anywhere else). For decryption to occur, the first step is for the Trezor to take the result from combining the PIN with salt, which ensures that the Optiga cannot learn the PIN. This occurs to ensure that even if the secure element chip and/or communication between your Trezor’s microcontroller and the chip is compromised, the PIN remains secret.

Only then does your Trezor use this combination of PIN and salt to interact with the Optiga secure element through multiple key stretching rounds, that exercise different parts of the Optiga chip. Once this is completed, if all rounds are successful (meaning that the PIN is correct and the Optiga chip returns the correct keys), your wallet can be decrypted and used by the Trezor to sign transactions.

We think that this design for wallet decryption within the Trezor’s internal systems provides good balance for ensuring that our code remains open source. That’s because we’re only calling functions and not writing any code to the Optiga secure element. Our assumption with this design is that it could enhance security, but if we later learn this chip does not in fact do so, then your security is still as strong as your PIN. This provides the additional security that is commonly appreciated from a secure element while ensuring that should it fail it does not take down our entire security model with it.

If you have any additional questions please let us know :smiley: Many thanks to @andrew and @matejcik for helping me formulate this response.