OneKey Passes EAL6+ Secure Chip Certification

YaelYael
/Dec 11, 2025
OneKey Passes EAL6+ Secure Chip Certification

Key Takeaways

• The THD89 chip has surpassed the EAL5+ standard, achieving military-grade security with EAL6+ certification.

• The certification process involved extensive testing against various attack methods, ensuring robust protection for private keys.

• OneKey emphasizes transparency and security in the cryptocurrency space by providing detailed information about its hardware components.

In the architecture of cryptocurrency hardware wallets, the Secure Element (SE) is regarded as the "digital vault" for storing private keys. It serves as the final line of defense against physical tampering and side-channel attacks.

Recently, the core secure chip used in OneKey hardware wallets—the THD89 Secure Microcontroller developed by Tongxin Microelectronics—officially received the Common Criteria EAL6+ certificate from the National Cryptologic Centre (CCN) of Spain.

This authoritative certificate, numbered CCN-CC-26/2020, marks that OneKey's core security component has reached military and government-grade standards in security evaluation, surpassing the EAL5+ standard commonly found in the financial industry.

Part 1: What is EAL6+ and why is it stronger than EAL5+?

Common Criteria (CC) is the international standard for information technology security evaluation (ISO/IEC 15408). EAL (Evaluation Assurance Level) represents the depth and rigor of the evaluation, ranging from EAL1 to EAL7. The higher the level, the more rigorous the testing.

1. Leaping from "Financial Grade" to "Military Grade"

Most bank cards and standard hardware wallets on the market today typically use EAL5+ level chips. However, the THD89 chip selected by OneKey has passed the EAL6+ (augmented with ASE_TSS.2) certification.

  • EAL5+: Generally used in the financial payment sector, designed to defend against moderate-level attacks.
  • EAL6+: Represents an extremely high assurance level, typically reserved for military applications, government secret protection, and high-value asset storage. This means the chip has undergone not only functional testing but also deep formal verification of its design documentation, source code, and development environment, capable of withstanding attackers with high technical skills and resources.

2. The Gold Standard of SOGIS Mutual Recognition

The SOGIS MRA logo on the top left of the certificate is critical. SOGIS is the highest specification mutual recognition agreement for information security in Europe, setting extremely strict technical thresholds specifically for smart cards and cryptographic devices. Obtaining a SOGIS-recognized certificate from the CCN (Centro Criptológico Nacional) implies that the chip's security is endorsed by Europe's top security agencies and carries high authority globally.

Part 2: What "Extreme Challenges" did the THD89 Chip Endure?

To obtain this EAL6+ certificate, the THD89 Secure Microcontroller (version 1.0) and its accompanying Crypto Library (version 1.01) had to pass rigorous testing by a third-party laboratory (Applus Laboratories).

1. Adhering to the Highest Protection Profile

The evaluation of this chip strictly complies with the Security IC Platform Protection Profile (BSI-CC-PP-0084-2014). This is currently the most authoritative protection profile internationally for smart card chips, covering all known hardware attack methods including physical probing, fault injection, and side-channel analysis.

2. Comprehensive Validation of Security Features

According to the certification report, the evaluation scope covered:

  • Physical Attack Defense: Even if an attacker obtains the physical device and attempts to de-cap the chip, probe circuits, or use Laser Fault Injection, the THD89 can effectively identify the intrusion and trigger self-destruction or locking mechanisms.
  • Robustness of Cryptographic Algorithms: The chip's built-in Crypto Library (version 1.01) has undergone rigorous mathematical verification to ensure that no private key information is leaked through power consumption or electromagnetic radiation during operations like signing or random number generation.

Part 3: Future Outlook — Building Trust with Core Technology

OneKey's selection of the EAL6+ certified THD89 chip demonstrates a "spare no expense" commitment to user asset security.

1. Extreme Transparency in the Supply Chain

OneKey is dedicated to disclosing the technical details of the device's core components. By showcasing the authoritative certificate obtained by the supplier, Tongxin Microelectronics, users can clearly trace the source of the device's security. This level of transparency is particularly valuable in the Web3 industry.

2. Safeguarding High-Value Assets

As the value of crypto assets continues to rise, hackers' attack methods are also evolving. The EAL6+ level chip provides OneKey users with a mathematically proven, nearly indestructible underlying execution environment. Whether you are storing Bitcoin, Ethereum, or other crypto assets, OneKey uses world-class security hardware to guard every gate of your private keys.

Security has no finish line. OneKey is redefining the ceiling of hardware wallet security with the EAL6+ standard.

Secure Your Crypto Journey with OneKey

Keep Reading