Bitcoin is not enough: we need open source hardware

Artemis3

legendary

Activity: 2030

Merit: 1573

CLEAN non GPL infringing code made in Rust lang

Quote from: rifiuti on April 16, 2019, 06:09:22 AM

People talk about air gapped computers being secure but they are subject to get compromised via light, sound, heat, electromagnetic, magnetic and ultrasonic waves.

Especially if you are physically next to it or close... Yeah i read those papers before, they are interesting and good idea for a James Bond like movie, not impossible but not trivial either, and very unlikely to succeed in facilities with an adequate security protocol.

In the past it was also possible to recreate what CRTs displayed by passive listening alone, that gap is now closed. Some of the tricks need mechanical moving magnetic media, and those also seem to be on the way out. Nothing is 100% secure, but its about reducing the risks.

There used to be some joke about an air gapped computer, inside a room with armed guards outside. Yeah if you are next to it protection gets trickier... Computer forensics is also an interesting career.

rifiuti

full member

Activity: 320

Merit: 101

People talk about air gapped computers being secure but they are subject to get compromised via light, sound, heat, electromagnetic, magnetic and ultrasonic waves.

Read the paper; https://arxiv.org/pdf/1804.04014.pdf

cellard

legendary

Activity: 1372

Merit: 1252

Quote from: Lionel on March 14, 2019, 09:44:22 AM

Quote from: butka on March 14, 2019, 09:19:14 AM

You are right in that having a closed source hardware, like Intel or AMD, can be a potential liability. I'm not overly familiar with this subject, but I think there are independent hardware manufacturer you can switch to, like Raspberry pi.

Alternatively, if you use an air-gapped computer, you can get by even with closed source hardware, as discussed in this thread:

https://bitcointalksearch.org/topic/could-the-intel-vulnerability-have-compromised-private-keys-2690001

Quote from: HeRetiK on January 04, 2018, 01:26:12 PM

Quote from: cellard on January 04, 2018, 12:35:02 PM

[...]

Even if I moved all of my private keys into an airgapped laptop which has never seen the internet after being formatted, when I wanted to sign an offline transaction into the online node... the node is still connected to the internet, could somehow a exploit happen in the process?

Signing an offline transaction with an airgapped device won't compromise your private keys, since the online device that transmits the transaction has no access to the private keys on the airgapped device.

However, the following possible exploits still prevail, regardless of Meltdown and Spectre:

-) A compromised USB stick could still grab your private keys from the airgapped device while copying the signed transaction for later transmission using the online device.

-) Simply moving a private key from an online device to an airgapped device will do little for your security. The private keys should be generated by the airgapped device itself.

-) Make sure your device is indeed airgapped and doesn't try to connect to any open Wifis that may be around.

Basically, every offline approach to wallet security still holds. Hot wallets are more susceptible to attacks than ever, at least until the security updates are out.

Very smart solution ! +5 merit

About the USB stick, what about if you don't use it: just generate a QR code of the signed tx on the airgapped PC, and you take a pic of the QR with a phone.
That eliminates the need to plug untrusted devices/sticks to the airgapped PC

The only thing left is mining. If you have a mining pool or are mining solo ( maybe a minor altcoin ) , you still need a fully synced node with the PK in its folder, and internet connection.

There are devices that are basically scanning guns designed to read QR, it would near impossible that you happen to have that gun compromised. The phone or USB could be compromised to tweak the QR into an attacker's address QR.

I still would like to see a ice GUI implementation off offline to online signing tx's. Right now as far as I know you have to manually craft the tx on the cvar console on Core's client, get the raw tx and pass it on the hot wallet.

Is there a way to do it through the GUI, choose whatever inputs you want to use on Coin Control, and then export this and put it into the hot wallet? It would be safer than screwing up a complex raw tx manually crafted.

mixoftix

full member

Activity: 135

Merit: 178

..

Quote from: Lionel on March 14, 2019, 08:59:30 AM

When you say that your private key is in your hands, you mean that it is stored in a device you trust.
Or if it is on paper, you assume that when you will import/use the PK on a device to make a payment/transfer, you trust that device.

you just post a real concern in this topic.. and this is what I have done in PoCo Project [1], a hardware wallet that will be fully open source.. even the PCB, bill of material and drawing of the box will be available for everyone:

http://mixoftix.net/knowledge_base/blockchain/poco_wallet_prototype.jpg

an important note regarding to the PoCo Wallet is that, I try to provide a very different method for signing and save the private security value in this specific project, and this simply lets me to work with a very small (and cheap) AVR micro-controller, and I am not sure if the same AVR could do heavy process of bitcoin security model too (however there are sort of projects online that could handle asymmetric encryption by an AVR). anyways, simple micro-controllers better suit your real concerns about the necessity of an open source hardware project..

[1] https://bitcointalksearch.org/topic/shahin-go-round-proof-of-consistency-poco-and-the-ringchain-5066624

hosseinamin

jr. member

Activity: 39

Merit: 25

Quote from: Lionel on March 15, 2019, 09:44:52 AM

Quote from: hosseinamin on March 14, 2019, 11:14:01 AM

FPGA can be a possible solutions for more controlled transaction signing. Since these devices are made for engineers to build chips.

That would be a good compromise.
I am not into FPGAs, so i ask you: is it easy to verify there aren't suspicious components in there?

For motherboards it is not easy to check.
See https://tech.slashdot.org/story/17/11/07/1041236/minix-intels-hidden-in-chip-operating-system
or https://itsfoss.com/fact-intel-minix-case/

Or even for CPU cores: https://www.tomshardware.com/news/x86-hidden-god-mode,37582.html

RISC-V ISA has implemented and was developed using FPGA's. These devices are used for testing gates before taping it out as an ASIC (CPU is a programmable ASIC) .
Well these devices have several GPIO pins for communicating with other devices. One can limit amount of IO's they use and use an open-source communication method to make sure it can only do one thing.

And about verification of loaded bitstream. Best option is to build and upload the bitstream.

How much one should think ahead to break into this device?

RISCV is open-source. You can build bit-stream of it. Or even add custom instructions to it. I'm not sure how these devices store data, For storing private key.

Lionel

sr. member

Activity: 613

Merit: 305

Quote from: hosseinamin on March 14, 2019, 11:14:01 AM

FPGA can be a possible solutions for more controlled transaction signing. Since these devices are made for engineers to build chips.

That would be a good compromise.
I am not into FPGAs, so i ask you: is it easy to verify there aren't suspicious components in there?

For motherboards it is not easy to check.
See https://tech.slashdot.org/story/17/11/07/1041236/minix-intels-hidden-in-chip-operating-system
or https://itsfoss.com/fact-intel-minix-case/

Or even for CPU cores: https://www.tomshardware.com/news/x86-hidden-god-mode,37582.html

Carlton Banks

legendary

Activity: 3430

Merit: 3080

Quote from: Lionel on March 15, 2019, 09:24:57 AM

But why would you build a hardware chip that fully implements a general-purpose ISA, like RISC-V ?
You don't need the complexity of a general purpose ISA, when the functionality you need is just generating transactions.
Why don't design an ASIC chip just for that function? Should be simpler.

Like hatshepsut93 said, you can go the pencil and paper route to create the private/public keypairs. And like I said, if you want to use an open chip design, you still have to trust the manufacturer of the chip to produce the design according to the open spec

Lionel

sr. member

Activity: 613

Merit: 305

@hatshepsut93 If the "hardcore cold storage setup" is just a formatted PC with Linux, it's not a bulletfproof solution. It still suffers from the issue pointed out by @domob. The cold storage device in the Faraday cage may have a malicious memory controller chip that messes up the transaction script generated by your wallet, to put the attacker's receiving address in it.

@Carlton Banks Doing it the hard way ( by yourself from scratch) is obviously a solution. But i hoped it was not necessary.
But why would you build a hardware chip that fully implements a general-purpose ISA, like RISC-V ?
You don't need the complexity of a general purpose ISA, when the functionality you need is just generating transactions.
Why don't design an ASIC chip just for that function? Should be simpler.

Carlton Banks

legendary

Activity: 3430

Merit: 3080

RISC-V is the only open instruction set out there, or at least the only modern design (the older MIPS stuff was open sourced recently if I remember rightly)

The only way to get total control of an open ISA as an end-user is to validate the chip design all by yourself, then fabricate the chip yourself in your garden shed. Presumably that's what you intend to do?

hatshepsut93

legendary

Activity: 3038

Merit: 2162

What if someone:

1. Uses a hardcore cold storage setup.

2. Has a Faraday cage to ensure that there's no transmissions at all.

3. Generates private keys physically, for example with dice.

Would this be enough to defeat backdoored hardware?

aliashraf

legendary

Activity: 1456

Merit: 1175

Always remember the cause!

Quote from: Carlton Banks on March 14, 2019, 02:50:46 PM

It exists: the RISC-V ISA

The Bitcoin developers are ahead of the game somewhat, Bitcoin core 0.18.0 release will have RISC-V binaries

RISC-V is hardly relevant, it is open cpu design mainly with focus on the interface, i.e. instruction set. What op is worried about is manufacturer's malicious behavior not design flaws.

Carlton Banks

legendary

Activity: 3430

Merit: 3080

It exists: the RISC-V ISA

The Bitcoin developers are ahead of the game somewhat, Bitcoin core 0.18.0 release will have RISC-V binaries

butka

full member

Activity: 434

Merit: 246

Quote from: ABCbits on March 14, 2019, 01:15:15 PM

Unfortunately, not all parts of Raspberry Pi is open source. Some hardware parts, especially it's SoC (System-on-a-chip) is closed source and it's open source GPU driver isn't as good as Proprietary GPU driver.

I see. Thanks for correcting me. Despite not all parts being open source, do you still consider using Raspberry Pi a better option security-wise than using Intel/AMD hardware?

ABCbits

legendary

Activity: 2870

Merit: 7490

Crypto Swap Exchange

While i agree with your opinion, it's tall-order because :
1. Maintain open-source software is expensive and difficult, many companies don't bother do it especially because they obtain security through obscurity
2. Open-source isn't guarantee there's no spy or backdoor. For example, firmware on one of Bitmain's ASIC (i think it's Antminer S9) had a backdoor for remote shutdown.
3. One people simply can't verify all source-code of software/hardware he uses, he must trust others at some point.

While it's a bit off-topic, have you tried using computer for everyday usage only with open-source software/driver?
I tried it for a bit, but it's extremely difficult. There weren't any free/open-source driver for my wi-fi card and it's GPU driver isn't good enough is crap for 3D gaming.

Quote from: butka on March 14, 2019, 09:19:14 AM

I'm not overly familiar with this subject, but I think there are independent hardware manufacturer you can switch to, like Raspberry pi.

Unfortunately, not all parts of Raspberry Pi is open source. Some hardware parts, especially it's SoC (System-on-a-chip) is closed source and it's open source GPU driver isn't as good as Proprietary GPU driver.

Lucius

legendary

Activity: 3234

Merit: 5637

Blackjack.fun-Free Raffle-Join&Win $50🎲

Perhaps the OP concern regarding NSA or some other USA agencies is justified by the fact that NSA is working for years on methods of monitoring and identification of bitcoin users. But I would bet that the Chinese in this matter are even more dangerous. Few years ago it was discovered they spy almost all American big companies, included even secret agencies and the ministry of defense.

I am not sure how we can protect our private keys in such world, Ledger or Trezor are too small to resist such challenges. Regardless of the methods we use for storage, nothing is 100% safe.

posi

hero member

Activity: 2268

Merit: 579

Vave.com - Crypto Casino

Quote from: Lionel on March 14, 2019, 08:59:30 AM

When you say that your private key is in your hands, you mean that it is stored in a device you trust.
Or if it is on paper, you assume that when you will import/use the PK on a device to make a payment/transfer, you trust that device.

What if the NSA asks hardware manufacturers to integrate spy chips in their devices?
Your PC may have a spy controller chip that reads your PK from your HD and sends it over to the NSA via your network card.

I'd like many open source computer and phone projects to pop up, but there are just a few of them and don't seem to get traction.
Maybe the people is still not concerned enough with their privacy. ... but hey we are talking about our life's savings here!

I never thought of this kind of thing happening this before, I understand and respect your opinion. We definitely need an open source hardware because the possibility that the NSA will make this kind of move in the future is high but how can we this happening when we barely have the right link to achieve it.

suzanne5223

hero member

Activity: 2660

Merit: 651

Want top-notch marketing for your project, Hire me

Quote from: RocketSingh on March 14, 2019, 09:06:15 AM

You can create a Private Key just by pen, paper and a dice. 3 letter agencies can do a f**k about that.

You seems not to understand the concern of the OP cause he was not talking about the creation of private keys but people privacy which might leak now or in the future if NSA tell computers and phone manufacturer company to integrate a spy chip and we both know that everything about crypto currency have to do with phones or computers.

domob

legendary

Activity: 1135

Merit: 1166

Quote from: Lionel on March 14, 2019, 09:44:22 AM

The only thing left is mining. If you have a mining pool or are mining solo ( maybe a minor altcoin ) , you still need a fully synced node with the PK in its folder, and internet connection.

Why is mining a problem? At least for Bitcoin and alts that work similarly, you do not need the private key at all for constructing a block. So you can create the private key and its corresponding address on your offline device, and then just use that in your online mining computer.

Two more things to be aware of when using an airgapped computer:

If the device is compromised, it could try to manipulate the transaction you are signing (i.e. change it to one that sends all your coins to the attacker). As soon as the transaction gets onto your online computer, it could be broadcast. So to be really secure, you need to verify the signed transaction independently and before putting it onto an insecure device connected to the internet.
A compromised airgapped computer could still try to leak your private key through the transaction signatures it generates.

hosseinamin

jr. member

Activity: 39

Merit: 25

FPGA can be a possible solutions for more controlled transaction signing. Since these devices are made for engineers to build chips.

butka

full member

Activity: 434

Merit: 246

Quote from: Lionel on March 14, 2019, 09:44:22 AM

Very smart solution ! +5 merit

Thanks I appreciate it very much, but all the credit goes to @HeRetiK

Quote from: Lionel on March 14, 2019, 09:44:22 AM

About the USB stick, what about if you don't use it: just generate a QR code of the signed tx on the airgapped PC, and you take a pic of the QR with a phone.
That eliminates the need to plug untrusted devices/sticks to the airgapped PC

Yes, that's an excellent solution and as far as I can remember, it has been suggested before in this context of transferring signed transactions between the cold and hot wallets.

Quote from: Lionel on March 14, 2019, 09:44:22 AM

The only thing left is mining. If you have a mining pool or are mining solo ( maybe a minor altcoin ) , you still need a fully synced node with the PK in its folder, and internet connection.

Yes, that's right. I have no idea how this might be solved.

Topic: Bitcoin is not enough: we need open source hardware (Read 613 times)