Pages:
Author

Topic: Bitgen - tool for addresses, signatures, encryption and transactions - page 2. (Read 6830 times)

jr. member
Activity: 45
Merit: 3
I have noticed the compile error for the "SSE2 instruction set" for some computers.
This seems to be related to the physical machine that is used.
Argon2 is optimized for the x86 architecture, and this is the cause of the compile error.

I have three Ubuntu 14.04 machines, and the two 64-bit machines compile the source without errors, one Intel and one AMD machine.

But the older 32 bit machine with an Intel Atom processor get the compile error.
I will fix this.


Yes, Bitgen is currently using Argon2d (and not Argon2i), but the choice was not an easy one.

The choice of the "d" version instead of "i" was motivated  since a dedicated machine without any internet connection should not have any side-channels for timing attacks(?)
For example, on a shared Linux-machine were several persons are logged in at the same time there will be possible to use side-channels when someone is changing a password.

I also interpret "being faster" as positive regarding ASIC-resistance.
If it is faster on a normal PC, it will perform better compared to a dedicated ASIC hardware.

The parameters for the "hardness" of the Argon2 function have been choose so it will take about 10 seconds to  perform the key derivation.

Here are the choosen parameters:

   const unsigned t_cost = 5;
   const unsigned m_cost = 100000;
   const unsigned thr = 8;


However, it is not too late to change if there is enough reason to do so.


I have to update the documentation, will be done in the next release.

hero member
Activity: 640
Merit: 771
BTC⇆⚡⇄BTC
For your new brainwallet function you used "Argon2d", right?

"Argon2d is faster and uses data-depending memory access, which makes it suitable for cryptocurrencies and applications with no threats from side-channel timing attacks."

On the other hand:

"Argon2i uses data-independent memory access, which is preferred for password hashing and password-based key derivation. Argon2i is slower as it makes more passes over the memory to protect from tradeoff attacks."

Source: Official Argon2.pdf (page 3).

Wouldn't using "Argon2i" be more suitable (safer) for your bitgen's brainwallet function?

Last but not least: you need to update the "brainwallet" info at "USING_BITGEN" file...
hero member
Activity: 640
Merit: 771
BTC⇆⚡⇄BTC
I got an error msg while trying to build v0.8 using make (Debian Wheezy).

Error msg is:

Code:
In file included from argon2d-ref.cpp:23:0:
/usr/lib/gcc/i486-linux-gnu/4.7/include/emmintrin.h:32:3: error: #error "SSE2 instruction set not enabled"
argon2d-ref.cpp: In function ‘int Argon2dRef(uint8_t*, uint32_t, const uint8_t*, uint32_t, const uint8_t*, uint32_t, const uint8_t*, uint8_t, const uint8_t*, uint32_t, uint32_t, uint32_t, uint8_t)’:
argon2d-ref.cpp:252:37: error: ‘__m128i’ was not declared in this scope
make: *** [argon2d-ref.o] Error 1
jr. member
Activity: 45
Merit: 3
Bitgen 0.8 has been released:

http://bitcoin-gen.org/

This release includes:

* KDF and salt for brainwallet
* low-s for signatures

The new release uses the Argon2 KDF, which won the Password Hashing Competition:

https://password-hashing.net/candidates.html
https://password-hashing.net/index.html

Argon2 is supposed to be an improved method compared to scrypt.

More information About Argon2:
https://www.cryptolux.org/images/0/0d/Argon2.pdf


To use the brainwallet function in bitgen, an email address should be specified as salt:

$ bitgen brainwallet [email protected] "ThIs is a sEnTeNcE with (10-5-2)*1+0-0 strrrrange WoRdS: Hyberfurtic, Megasilver and Filitelling, which will end Very vEry veRy verY VERY soon! Over and out. Bye bye. Still there? Good night gentlemen and ladiEs..."

The new release also uses low-s for signatures.


jr. member
Activity: 45
Merit: 3
Bitgen 0.7 has been released:

http://bitcoin-gen.org/

The new release includes:

* Stdin input support
* Added signature formats
* Large file signature support
* Performance improvements
* ... and more

Previous versions took private key arguments on the command line,
and therefore this information might be stored in the shell history file.
To prevent this information leakage the new version supports
input from the application standard in rather than the shell command line.
This will prevent information to be stored by the shell.

In order to use stdin input, a minus sign (-) should be substituted for the private data,
for example:

$ bitgen dice -

This will read the dice data from stdin instead of the command line.

The new version supports signatures with some added signature formats.
It is also able to determine which format a given signature is.

The following examples shows how signatures can be done:

$ bitsig signAb64 "test" (Armory base64)
$ bitsig signAclear "test" (Armory clearsign)
$ bitsig signArmory "test" (Armory hex)
$ bitsig signInputsIo "test" (InputsIo)
$ bitsig signMultibit "test" (Multibit)
$ bitsig signRaw "test" (Bitcoin QT)

The verifyMessage command will identify the given format and verify the signature:

bitsig verifyMessage 9CE428D5.inputsio


Previous versions read files to sign into a memory buffer, which put a limit on
the size of the files that could be signed and verified.
This release reads the file as a stream and is therefore not limited the available memory.

The new release is also a bit quicker than previously.

jr. member
Activity: 45
Merit: 3
Quote
Given from and to addresses along with the amount to send, can this tool create raw Tx ?

It does not handle transactions, but that may be added in the future.
Current development focus is bitcoin address handling and features related to that.

hero member
Activity: 616
Merit: 500
I AM A SCAMMER
Given from and to addresses along with the amount to send, can this tool create raw Tx ?
member
Activity: 120
Merit: 10
❖ Bitcoin Enthusiast / Developer ❖
Looks like something new and unique. Good job! Wink
But there are code issues. You have an error already in your first like of code.
jr. member
Activity: 45
Merit: 3
hero member
Activity: 994
Merit: 500
Interesting, just another tool for generating addresses? Can it do vanity addresses? It would be nice to have a tool other than vanitygen.

Yes, it supports vanity addresses, but it is currently too slow be be very useful.
That will improve in future versions.


With this, will there be any work on getting a vanity pool set up. We currently only have one option to choose from and new updated pool might get some attention
hero member
Activity: 640
Merit: 771
BTC⇆⚡⇄BTC
Interesting, just another tool for generating addresses? Can it do vanity addresses? It would be nice to have a tool other than vanitygen.
This one has tons of features over vanitygen.

[...]
Salt and KDF would certainly improve the security, should hopefully be included before version 1.0 is released.
Nice to hear that. It's good to see that you worry about security.

BTW thanks for developing that dice feature to help improve random key generation. It's almost like Diceware feature. It's very helpful!

Consider creating a Github/Gitlab repository for Bitgen.
jr. member
Activity: 45
Merit: 3
Version 0.6 of the bitgen package has been released:

http://bitcoin-gen.org/

This version supports compressed public keys, although it still generates uncompressed by default.

The major new feature in this release is support for signature generation and verification.
This functionality is included in a separate command line application: bitsig.

Unlike bitgen, the bitsig application is stateful and stores a keychain in a local database.

With this keychain it is possible to sign and verify both messages and files.
Bitsig currently support the Armory, InputsIo and Multibit message signature formats.

It also introduces a new file format for full file signatures. This makes is possible to use
bitsig instead of PGP for file signatures.

To create a new private key for signature generation, the same methods are possible as in bitgen.
The easiest method to generate a private key is the following
 $ bitsig random

This generates a random private key for you and stores it in the keychain.

To sign a message using the multibit format the following command can be used:

$ bitsig signMultibit "My message".

This will give an output similar to the following:


-----BEGIN BITCOIN SIGNED MESSAGE-----
My message
-----BEGIN BITCOIN SIGNATURE-----
Version: Bitcoin-qt (1.0)
Address: 1oqJSLKdZThXreezwtdNjMM2QTG3xwE2h

G6XuhBvnDHKoYabdFdxT5ZwcSJQPCwy8D65EBC+sGdedQvhGrZ2V5R9LWSLfRrYws+zUi7hf6yi9Nkb36/Db92Q=
-----END BITCOIN SIGNATURE-----


To verify the message, use the following command (with the proper file name):
$ bitsig verifyMultibit B98F3492.multibit

This will print the following:
=====================
Verifying signature...
Verify OK for multibit file
Signature address: 1oqJSLKdZThXreezwtdNjMM2QTG3xwE2h
=====================

Importing public addresses is done with "bitsig import" for example:
$ bitsig import 1Bb2NBwDrqUUBHcGsHYTArDqLJ7ECGNe33 Bob

Then a hash checksum has to be specified for security reasons:
$ bitsig import 1Bb2NBwDrqUUBHcGsHYTArDqLJ7ECGNe33 Bob B374DD02

The bitgen package is now signed with my signature public key which is:

1L5TnzknDGZuHde9Uz8mBjZAq6tz8MnN97

The signatures are stored in "bitsig" files.
http://bitcoin-gen.org/bitgen_0.6.tar.gz.bitsig

In order to use the PGP-like functionality and verify the integrity of the archive,
the following command can be used:

$ bitsig verify bitgen_0.6.tar.gz bitgen_0.6.tar.gz.bitsig 1L5TnzknDGZuHde9Uz8mBjZAq6tz8MnN97

But even better is to store the address in the keychain for future use:

$ bitsig import 1L5TnzknDGZuHde9Uz8mBjZAq6tz8MnN97 bit22gen
$ bitsig import 1L5TnzknDGZuHde9Uz8mBjZAq6tz8MnN97 bit22gen 5981B032

When the address is stored, the address need not be specified:
$ bitsig verify bitgen_0.6.tar.gz bitgen_0.6.tar.gz.bitsig

This will give:
==============================
The signed file      : bitgen_0.6.tar.gz
The signature file   : bitgen_0.6.tar.gz.bitsig
Calculated address   : 1L5TnzknDGZuHde9Uz8mBjZAq6tz8MnN97
No public address given, looking in keychain
Found the address in the keychain
Verifying signature....
Verify OK for address: 1L5TnzknDGZuHde9Uz8mBjZAq6tz8MnN97
Address alias: bit22gen
==============================
jr. member
Activity: 45
Merit: 3
Interesting, just another tool for generating addresses? Can it do vanity addresses? It would be nice to have a tool other than vanitygen.

Yes, it supports vanity addresses, but it is currently too slow be be very useful.
That will improve in future versions.

Quote
I've just added this precious piece of software to my list here (if you don't mind):

https://bitcointalksearch.org/topic/list-foss-brainwallets-1164163

Tens of features, very well done! Congratulations for the effort!

Do you have any Github/Gitlab repository for that?

If not, I suggest that you create one.

Keep up the good work.

Thanks for adding the software there.

The comments regarding the brainwallet address generation are very valid.
It would be easy to use a sentence that is predictable and therefore results in low entropy.
Salt and KDF would certainly improve the security, should hopefully be included before version 1.0 is released.






hero member
Activity: 640
Merit: 771
BTC⇆⚡⇄BTC
Bitgen version 0.4 has been released:

http://bitcoin-gen.org/

The bitgen software generates bitcoin addresses from a given or generated random number.
The generated addresses can be used for cold storage.


I've just added this precious piece of software to my list here (if you don't mind):

https://bitcointalksearch.org/topic/list-foss-brainwallets-1164163

Tens of features, very well done! Congratulations for the effort!

Do you have any Github/Gitlab repository for that?

If not, I suggest that you create one.

Keep up the good work.
hero member
Activity: 714
Merit: 500
The NSA may know some weakness in the default random number generator.

The NSA definitely knows how to crack stuff like this...but would they really bother with users like us? We're small fries  Grin
hero member
Activity: 854
Merit: 658
rgbkey.github.io/pgp.txt
Interesting, just another tool for generating addresses? Can it do vanity addresses? It would be nice to have a tool other than vanitygen.
jr. member
Activity: 45
Merit: 3

Quote
Though your explanations are beautiful but I still can not get how I can use this tool for bitcoin cold storage.

Bitgen generates a bitcoin address and the corresponding private key.
(The private key is given in various forms, WIF, QR-code, mnemonic etc.)

In the simplest case, use for example the following command:
 $ bitgen random

The key information is saved in postscript/pdf-files as well as txt files.

To use it for cold storage, simply send bitcoins to the public address, and keep the postscript files in several safe places,
possible printed out on paper.

When the bitcoins should be used after the cold storage period, a wallet can be used to redeem to funds with the private key.
Most wallets can be used for that purpose.

For example, in electrum use "Import private key".
In the "android bitcoin app", use "Sweep paper wallet".

Bitgen is similar to for example bitaddress.org, but is used from the command line instead of in a web browser.
This makes it easy to use from for example a raspberry pie, or outdated PC hardware.

Ideally, the computer used for cold storage key generation should never be connected to the internet
since that is a security risk.

Bitgen is completely offline, and should be used without any network connection.
legendary
Activity: 1022
Merit: 1003
𝓗𝓞𝓓𝓛
Do we need an Internet Connection to generate a new address?
Who knows it could be offline Grin
sr. member
Activity: 434
Merit: 250
In the easiest setup, the bitgen software can generate random numbers by using the /dev/random generator.

To use this method, just give the following command:
./bitgen random

This will give you ps-files with the private key and public address (as well as text files with the same information).

However, it is also possible to generate a random number manually, and give that to bitgen.
If you throw a 6-sided dice 100 times, this will give you 256 bits of entropy, which is used to calculate the private key.

Throwing a single dice 100 times is a bit tedious, but if you throw 10 dice 10 times, this is actually quickly done.

Why not letting /dev/random generate the random number then?

Subverting random number generation is a wet dream of espionage agencies.
/dev/random is probably generating good random numbers, but you never know....
The NSA may know some weakness in the default random number generator.

For large amounts of money, throwing the 10 dice yourself will make you sleep well at night.

The algorithm in bitgen for converting from a base-6 number to a base 2 number is very simple,
and the source code is provided so anyone can verify the calculation.

For example, the following bitgen command will generate a bitcoin private key from 100 dice throws:

./bitgen dice 5123512351523523525525252552531523515235123512531523512355525253566616166262661 662626626363663636363




Though your explanations are beautiful but I still can not get how I can use this tool for bitcoin cold storage.
jr. member
Activity: 45
Merit: 3
Bitgen 0.5 has been released:

http://bitcoin-gen.org/

The new 0.5 release adds support for:
* Mnemonics
* Invoice generation
* Mini private key
* Hierarchical random address generation (for advanced users)
* Vanity addresses (Experimental support)

Pages:
Jump to: