Topic: A sneak peak at the future of Bitcoin Cold Storage - page 5. (Read 13526 times)

I get the impression the slug in the middle is hard to duplicate. What about the glass sleeve? is that marked somehow? Perhaps with an integrated marble?

BTW: I fear the greatest threat of Bitcoin loss is people loosing their encryption keys (assuming they are using some kind of sane cold-storage). M-of-N keys in multiple locations can really help protect against physical key destruction.

Well I hope I haven't lost you just yet.

There are still a few ways around this that I am experimenting with and I think it depends on what users are looking for. The lowest tech solution to this is simply writing with permanent marker on the device. Again, I can't protect users from a 3rd party that has the ability to seize all your devices (or m-of-n) devices, because if I could- that would defeat the purpose of allowing you to do things like estate planning or "you are in a coma we need your bitcoin to pay your medical bills" situation.

The market for this device is to protect you from yourself, more or less and the regular thieves that in the future will one day be after bitcoin too. The ability to which it protects you from the government depends on your ability to hide it from the government. Which is a reasonable trade off for most people. If this is a serious concern for you, and you don't mind your bitcoin going with you to the grave, there's no reason to not memorise a really exceptionally long brainwallet and leave it at that. If you want to access your bitcoin on a daily basis, and be secure, then Trezor is a better option.

This is for long term storage and planning of your bitcoin that doesn't require trusting me, the manufacturer, but also assumes that you can take care of protecting the device relatively well yourself, within reason considering whatever your situation might be. If at the very least, this eliminates the systemic threat that physical bitcoin manufactures pose. For all the people minting coins or printing plastic cards- the manufacturer has the ability to steal all the bitcoin of all the people who have ever purchased their products all at once. If I were to somehow get compromised, a 3rd party would still have to hunt down every user individually AND hunt down every m-of-n number of devices of very person AND still have to break whatever extra encryption or security strategy they may choose to employ. It's orders of magnitude more secure for the entire physical bitcoin ecosystem.

So I hope viewed through that perspective, you can keep your mind open. If you are so valuable that someone would commit themselves to hunting you down, and hunting every instance of this device that you own down, then you need to really consider some other options. If you're like many people coming into bitcoin now, investing 10K that might go to your kids college fund and you don't want to have to worry about Maleware getting it for the next 5 years, or getting married (like myself) and would like to have a joint "bitcoin savings fund" that you don't have to worry getting Goxxed, then this might just be perfect.

I really liked the concept until you explained the details.

The user has to supply a "secret" or "private key" if you will. They need to keep it private, yet it has to look valuable enough that it won't be thrown in the trash.

I understand that the user needs to supply their own secret to avoid trusting the manufacturer, but that also implies that the device(s) are no longer self-contained.

For (Paper) "Bitcoin checks" I wanted to develop (but have been too lazy to): I instead focused on ways the manufacture could prove they printed a document. This, combined with the manufacture trying to prove to themselves that they or their employees can not inadvertently record the private keys, should be secure enough for transient storage.

Couple thoughts:


I've never tried with a Samsung Android device.  But if that combination of hardware + Android causes trouble with the MIFARE line, you'll have problems with the DESFire 4K since it's part of the MIFARE line (it is literally the "MIFARE DESFire 4K").  NXP pretty much calls their entire line of 13.56MHz RFID IC's by the MIFARE trademark.  I have no experience with interacting with MIFARE from Samsung devices though so I can't say one way or the other which chips in the MIFARE line are compatible.



Random thought here, which country are you in?  This security model means you'll have the private keys (at least at the time of manufacture).  Just as an example, if you were in the US or are a US citizen, you could be compelled to produce the private keys to the US government via an NSL (National Security Letter).  If you didn't retain the private keys, at that point you're pretty much stuck in legal limbo unless you have a definitive way to prove the private keys are not in your possession (been there, but NSL's carry with them a gag order so details will not be forthcoming).  I'm unfamiliar with the regulations in other countries but wouldn't be surprised if similar regulations exist.  Given the libertarian bent of much of the Bitcoin adopter population, there's likely a good portion of them that actually see their government as one of the parties they're trying to guard their BTC (or other data) against.  Particularly over the last 10 months as views have started shifting to the possibility that various governments are actively acting as an aggressor and will stop at nothing to obtain data you hold dear or to seize your property (or as the IRS likes to put it, to "take your rights to own property" if anyone has received one of those love letters).

On the other side of it, the user will have to have trust in you that you did not retain the private keys.  I think if there is some way this could be structured such that you actually don't have the private keys, you'd have a really elegant solution.  Implementing such would probably depend on utilizing the security features of the NFC IC you select however, and trusting that access control of that IC will not be compromised (multiple members of the MIFARE family have already fallen to exploits, after all).  It would be a rather slick product if you arrived at a zero-trust solution in which you as the manufacturer never actually possess the private key (or at least the private key that actually encrypts the stored data).

No, no, I'm going to sell them! Just have to fix a few things, get packaging, etc....

you made it for yourself only or?

Given the choice, I'd tend to steer well toward the "new, potentially more exciting models" of the MIFARE line that are available.  Even if you're not relying on any security in the NFC solution at all, and you're using it as effectively an openly read/writable storage device with security equivalent to just using a USB thumb drive, there's still going to be a public perception issue in that DESFire's security mechanism was cracked 2.5 years ago and exploits are readily available.  If you meant DESFire EV1 or EV2, that perception problem might not exist (yet), until someone develops a similar attack for EV1 or EV2.  If it's the original DESFire you're targeting, the EV1, EV2 and MIFARE Plus would tend to be viable alternatives.  The original 4 variants of the DESFire IC have actually been end-of-lifed by NXP due to publication of exploits to bypass the DESFire security.



Actually, if you're not going to use the security features and access control of the RFID chip at all and are just going to use it as read/write data storage, you could probably safely homebrew a solution as well without compromising security relative to a DESFire 4K.  Effectively the security of a DESFire 4K IC is currently equivalent to an open-access EEPROM.

You have me curious about the security model you're planning to use.  If arbitrary ability for anyone to read the EEPROM off the RFID IC (even from quite a few feet away if you've seen some of the fun antennas people have come up with for the Proxmark) isn't important to the security model, are you planning to make the hidden key stored within the glass be the private key for an asymmetric cipher, with a public key otherwise available to the user (printed?) external to the glass (and/or visible through it), and all the actual cryptography will just occur in software external to the device with the user entering the public key?  Or have you designed it such that the user generates their own private key, prints it, then somehow seals it within the glass capsule after the device is already in the user's possession?  The concept of storing the private key to decrypt the data on the RFID tag within a break-once glass capsule is a neat idea, though I haven't quite grasped how the execution of the crypto is going to work here.  All of the ways I've been able to imagine interpreting your description so far result in the private key existing outside of the glass at some point in time in advance of the final glass breaking ceremony when the device fulfills it's purpose.

Not that I'm questioning your design or anything, just playing devil's advocate to help make sure you've contemplated the attack vectors and how the crypto side of things is going to work out, and arrive at a product with superior, well thought-out-security.  

Oh, it's not unbreakable. It IS breakable. How resistant it is to breaking is still to be determined. I'm still thinking about the "breaking too hard" problem though. Obviously pulverising the device would be a bad idea, but it's hard for me to quantify how much force someone might put into breaking it. Thus far the designers and myself have concluded that the device should be relatively easy to break so as to not encourage anyone to over do it in trying to break it and thus destroyed the password inside. The compromise however is that we need to expect users to treat the device with care and not, as someone else mentioned, leave it around in street to be run over by trucks. It is really intended to be handled like a valuable object, where it's value is contingent upon it not being broken. People seem to do a pretty good job of this in general: Expensive jewels, expensive vases, expensive pieces of art. Sure things get knocked over once and while, but if it's in a safe deposit box or your home safe, it should be pretty okay. Even paintings by great painters get dug out of the trash by automechanics who then go on to protect them without knowing their true value. Hence the idea of making it looks REALLY special. People will be inclined to treat the device well.

As for CT scanning it. At the moment I'm limited in how thoroughly I can test this. But there are a few ways to mitigate the threat of some exotic method of scanning a device: Multi-Sig and Salting. Simply salting the password with something that's not contained in the device can make it impractical to attempt to scan (although now you need to protect your salt). The other thing is, you can simply require more then one device to access your bitcoin- Multisig. Meaning as long as you can do a good job ensuring that at least some number of your devices can't fall into the hands of someone who might scan them, you should be okay.

The device is intended to simplify storing your bitcoin securely, but of course, the greater the resources of your potential attacker, the greater lengths you will need to go to thwart their efforts.


Also, this device doesn't have to be just for bitcoin. You could store your gmail password, or any other short string of data in it.

The only reason I haven't said is that I haven't decided. I started with the DesFire 4K but NXP has new, potentially more exciting models out and now I'm going to be testing with the NTAG216. There is no secret behind the IC itself. The technology is secure enough to work for this product, being able to 'sniff' the data, or steal the data, does nothing to alter the integrity of the device. All data stored on the chip is intended to be encrypted by the user.  So if you really did let someone sniff your chip somehow, then you're still just as secure as before. Bruteforcing the encrypted data would be the same as brute forcing your bitcoin public key. Makes no difference.

Memory retention is the only issue here that should be worried about- indeed minimum 10 years is a pretty good start. Once again though, you could just print out the encrypted data from the chip and store it with the device if you were really worried about this. Still doesn't change the integrity of the device.

I am not engineering a custom NFC device. There are too many security issues that would crop up from somehow designing my own security system and chip. This is off the shelf, standard components. No tricks, no surprises. I may even offer a choice of chip to users: Desfire 4K or NTAG216.

that is a pretty sharp looking gizmo.  I'm intrigued but also anxiously awaiting more details even thought this seems to be in the R&D stages.  I was just thinking I wonder what crazy_rabbit is up to these days and now I know.   

I understand most of this but one aspect is a bit fuzzy to me.

it must be broken to redeem. the password to decrypt the NFC data is etched inside in some fashion? on something that is not destroyed by breaking the glass but not visible or scannable (say by a CT scanner)?

just how unbreakable is it. I mean I can swing a hammer really hard could one break it "too hard" to the point the password is not recoverable? or the NFC chip is broken? or do you read the chip data before breaking it?  perhaps (brief) instructions should be somehow visible when looking at the thing by eye? 30 years from now it may not be easy to figure out what this is if a decedent of mine finds it with no instructions.

this look realy good!!!

The term NFC doesn't tell much about the type of IC you're using or even the encryption/protection technology employed.  I'm assuming you're using an off-the-shelf RFID IC.  If you tell everyone which IC is used in the design, everyone can go fetch the datasheet and observe the data retention spec and what the protection scheme employed is.  If you're not willing to say which actual IC, even the frequency (125kHz? 13.56MHz?) and protection technology (MIFARE DESfire/EV1/EV2?) would at least be something.  From there, everyone will be able to better assess (a) how long the data is likely to be (accurately) retained by the device, and (b) what the strength of the encryption/protection scheme employed is and that it isn't designed around an NFC solution that has already been compromised (like, say, MIFARE Classic).

Not sure there's much use not disclosing which RFID IC is used.  As soon as people have them, someone's going to probe it with an RFID reader or Proxmark and fingerprint the IC (assuming it's an off-the-shelf IC), and then everyone will know anyway.

Off-the-shelf RFID IC's don't have unlimited data retention (same situation with most EEPROM and flash technologies).  As an example, the MIFARE DESfire line of RFID IC's spec a minimum data retention of 10 years.  They'll probably still be readable without flipped bits for some time beyond that, but that is not guaranteed.

If you look back to an earlier point in this thread I think you will understand why it's glass.

If you are expecting that maybe it might get run over by a lorry, then this product isn't for you. Yes you could drop it and it could break. The same can be said for your mobile phone. Don't drop it. The device isn't intended to be handled on a daily basis. You get it, set it, and forget about it: Preferably somewhere safe other than your pocket or on the road.

The reason it is glass is that it NEEDS to be breakable. It's a one time use only device. You break it open to get the decryption password inside. You can't put it back together in a perfect way so you know it's genuine and untouched. I couldn't find a way to do that with plastic or any other material that is anywhere near realistic to manufacture. Glass is one of those few special materials.

Actually yes- you can make a glass device that is nearly unbreakable, that would survive lorries, etc.. But then what would the point be? You need your decryption password inside and not even a sledgehammer will break it open? Glass is a good balance for durability. The device will be think enough to hopefully survive small drops, but not so thick as to be unbreakable.

I suspect this is something I'm going to have to clarify many times in the life of this product: It is not intended for everyday use. It is INTENDED to be broken. It ASSUMES you will take care of it and protect it. It is not a sock draw/pants pocket/toss around foot ball product. If you need something to sign keys: I would recomdend to buy a trezor. If you want to store you bitcoin seed for your trezor, but this product, but the seed in it, encrypt, put it in your bank vault, and sleep easy.

Please don't leave them around in the street for lorries to run over it. :-)

Looks like a neat idea. Good luck CrazyRabbit.

Yeah that's another thing. Glass isn't exactly durable now is it? What happens if I drop it? Or it gets run over by a lorry? It needs to survive being run over by large moving objects before I consider it durable and long lasting.

>>On that topic is it water proof or water resistant ?

Yes, it should be completely sealed in glass, thus waterproof. A few small challenges remain in doing this, but that is the plan.

>>Cold storage that can be accessed wirelessly sounds like a bit of a contradiction to me.

It's not really a contradiction. It's wireless only in the sense of there aren't any 'wires', but it can't communicate without a NFC reader directly near the chip reading it. Also all the data stored on the chip is intended to be encrypted, with the decryption information inside the device and *not* accessible wirelessly. So once the chip is encrypted and locked, there is no worries about 'wireless' theft. So no, it's not a contradiction.

>>That it's shaped like a dildo doesn't help.

The next version will be smaller and thus perhaps less reminiscent of your fears. That said, the shape is irrelevant to the function beyond the practical considerations of sealing a microchip in glass.

Cold storage that can be accessed wirelessly sounds like a bit of a contradiction to me. That it's shaped like a dildo doesn't help.