Cryptnox Docs

cryptnox-logo

Supported Algorithms & Curves

The Cryptnox Basic Wallet Card supports a comprehensive suite of asymmetric, symmetric, and hashing algorithms that align with current blockchain and authentication standards.

Elliptic Curves

Two primary elliptic curves are supported:

  • secp256k1, widely used in Bitcoin, Ethereum, and other blockchain ecosystems. It supports both ECDSA and Schnorr (BIP340) signatures.
  • secp256r1 (NIST P-256), commonly used for enterprise security, TLS, and FIDO2/WebAuthn authentication, supporting ECDSA signatures.

Signature Algorithms

The card implements multiple signature schemes, including:

  • ECDSA (DER-encoded with canonical low-S enforcement)
  • EOSIO-compatible ECDSA
  • Schnorr (BIP340) for secp256k1 curve applications

Symmetric Cryptography

All secure messaging operations use AES-256 CBC for encryption and AES-256 CMAC for message integrity and authentication within the Secure Channel.

Key Derivation

Hierarchical deterministic key derivation is implemented following:

  • BIP32 for secp256k1
  • SLIP-0010 for secp256r1

Child keys are derived using HMAC-SHA512 as per standard definitions.
The card also supports pinless path derivation, compatible with EIP-1581, allowing selective derivation paths to operate without requiring PIN entry.

Randomness

The Secure Element integrates a hardware True Random Number Generator (TRNG) compliant 

with AIS-20 Class DRG.3, used for generating seeds, keypairs, and session nonces.

Hash Functions

The card supports both SHA-256 and SHA-512 for cryptographic operations, including message 

digest generation, PIN/PUK verification, and session key derivation.

Standards Compliance 

The Cryptnox Basic Wallet Card conforms to major industry standards and blockchain 

interoperability protocols, including:

  • ISO/IEC 7816 (Parts 1–4) — defining smartcard electrical, transmission, and APDU communication standards.
  • GlobalPlatform Secure Channel Protocol (SCP03-like) — ensuring secure, authenticated communication between the host and card.
  • BIP32, BIP39, BIP44, and SLIP10 — defining hierarchical deterministic wallet structures and derivation mechanisms.
  • BIP340 — defining Schnorr signature schemes for Bitcoin and secp256k1 curve applications.

This compliance ensures compatibility across blockchain environments, enterprise identity 

frameworks, and security infrastructures.

Menu
cryptnox-logo
Menu