Existing software wallets are vulnerable to malware and side-channel/timing attacks—particularly during ECC private-key operations. To address this, we propose a hierarchical deterministic Ethereum cold wallet architecture implemented on FPGA. This is the first hardware architecture specifically designed for Ethereum cold wallets, featuring full hardware implementation of critical cryptographic operations: side-channel-resistant elliptic curve scalar multiplication and BIP-32 hierarchical key derivation. Such hardware realization ensures constant-time execution and physical security throughout key generation and derivation. Evaluated on a Xilinx Zynq UltraScale+ FPGA, the design occupies only 27% of LUTs, 7% of registers, and 6% of BRAM, achieving a favorable balance among high security, low resource utilization, and portability. The architecture thus provides robust protection against both software-based and physical-layer threats while maintaining practical deployability for end users.

Cryptocurrency blockchain networks safeguard digital assets using cryptographic keys, with wallets playing a critical role in generating, storing, and managing these keys. Wallets, typically categorized as hot and cold, offer varying degrees of security and convenience. However, they are generally software-based applications running on microcontrollers. Consequently, they are vulnerable to malware and side-channel attacks, allowing perpetrators to extract private keys by targeting critical algorithms, such as ECC, which processes private keys to generate public keys and authorize transactions. To address these issues, this work presents EthVault, the first hardware architecture for an Ethereum hierarchically deterministic cold wallet, featuring hardware implementations of key algorithms for secure key generation. Also, an ECC architecture resilient to side-channel and timing attacks is proposed. Moreover, an architecture of the child key derivation function, a fundamental component of cryptocurrency wallets, is proposed. The design minimizes resource usage, meeting market demand for small, portable cryptocurrency wallets. FPGA implementation results validate the feasibility of the proposed approach. The ECC architecture exhibits uniform execution behavior across varying inputs, while the complete design utilizes only 27%, 7%, and 6% of LUTs, registers, and RAM blocks, respectively, on a Xilinx Zynq UltraScale+ FPGA.