Topic: Bitgen - tool for addresses, signatures, encryption and transactions - page 2. (Read 6890 times)

I have noticed the compile error for the "SSE2 instruction set" for some computers.
This seems to be related to the physical machine that is used.
Argon2 is optimized for the x86 architecture, and this is the cause of the compile error.

I have three Ubuntu 14.04 machines, and the two 64-bit machines compile the source without errors, one Intel and one AMD machine.

But the older 32 bit machine with an Intel Atom processor get the compile error.
I will fix this.


Yes, Bitgen is currently using Argon2d (and not Argon2i), but the choice was not an easy one.

The choice of the "d" version instead of "i" was motivated  since a dedicated machine without any internet connection should not have any side-channels for timing attacks(?)
For example, on a shared Linux-machine were several persons are logged in at the same time there will be possible to use side-channels when someone is changing a password.

I also interpret "being faster" as positive regarding ASIC-resistance.
If it is faster on a normal PC, it will perform better compared to a dedicated ASIC hardware.

The parameters for the "hardness" of the Argon2 function have been choose so it will take about 10 seconds to  perform the key derivation.

Here are the choosen parameters:

   const unsigned t_cost = 5;
   const unsigned m_cost = 100000;
   const unsigned thr = 8;


However, it is not too late to change if there is enough reason to do so.


I have to update the documentation, will be done in the next release.

For your new brainwallet function you used "Argon2d", right?

"Argon2d is faster and uses data-depending memory access, which makes it suitable for cryptocurrencies and applications with no threats from side-channel timing attacks."

On the other hand:

"Argon2i uses data-independent memory access, which is preferred for password hashing and password-based key derivation. Argon2i is slower as it makes more passes over the memory to protect from tradeoff attacks."

Source: Official Argon2.pdf (page 3).

Wouldn't using "Argon2i" be more suitable (safer) for your bitgen's brainwallet function?

Last but not least: you need to update the "brainwallet" info at "USING_BITGEN" file...

I got an error msg while trying to build v0.8 using make (Debian Wheezy).

Error msg is:

Bitgen 0.8 has been released:

http://bitcoin-gen.org/

This release includes:

* KDF and salt for brainwallet
* low-s for signatures

The new release uses the Argon2 KDF, which won the Password Hashing Competition:

https://password-hashing.net/candidates.html
https://password-hashing.net/index.html

Argon2 is supposed to be an improved method compared to scrypt.

More information About Argon2:
https://www.cryptolux.org/images/0/0d/Argon2.pdf


To use the brainwallet function in bitgen, an email address should be specified as salt:

$ bitgen brainwallet [email protected] "ThIs is a sEnTeNcE with (10-5-2)*1+0-0 strrrrange WoRdS: Hyberfurtic, Megasilver and Filitelling, which will end Very vEry veRy verY VERY soon! Over and out. Bye bye. Still there? Good night gentlemen and ladiEs..."

The new release also uses low-s for signatures.

Bitgen 0.7 has been released:

http://bitcoin-gen.org/

The new release includes:

* Stdin input support
* Added signature formats
* Large file signature support
* Performance improvements
* ... and more

Previous versions took private key arguments on the command line,
and therefore this information might be stored in the shell history file.
To prevent this information leakage the new version supports
input from the application standard in rather than the shell command line.
This will prevent information to be stored by the shell.

In order to use stdin input, a minus sign (-) should be substituted for the private data,
for example:

$ bitgen dice -

This will read the dice data from stdin instead of the command line.

The new version supports signatures with some added signature formats.
It is also able to determine which format a given signature is.

The following examples shows how signatures can be done:

$ bitsig signAb64 "test" (Armory base64)
$ bitsig signAclear "test" (Armory clearsign)
$ bitsig signArmory "test" (Armory hex)
$ bitsig signInputsIo "test" (InputsIo)
$ bitsig signMultibit "test" (Multibit)
$ bitsig signRaw "test" (Bitcoin QT)

The verifyMessage command will identify the given format and verify the signature:

bitsig verifyMessage 9CE428D5.inputsio


Previous versions read files to sign into a memory buffer, which put a limit on
the size of the files that could be signed and verified.
This release reads the file as a stream and is therefore not limited the available memory.

The new release is also a bit quicker than previously.

It does not handle transactions, but that may be added in the future.
Current development focus is bitcoin address handling and features related to that.

Given from and to addresses along with the amount to send, can this tool create raw Tx ?

Looks like something new and unique. Good job!
But there are code issues. You have an error already in your first like of code.

Here are example pdf files generated with bitgen:

http://bitcoin-gen.org/sample_private.pdf

http://bitcoin-gen.org/sample_share.pdf

With this, will there be any work on getting a vanity pool set up. We currently only have one option to choose from and new updated pool might get some attention

This one has tons of features over vanitygen.

Nice to hear that. It's good to see that you worry about security.

BTW thanks for developing that dice feature to help improve random key generation. It's almost like Diceware feature. It's very helpful!

Consider creating a Github/Gitlab repository for Bitgen.

Version 0.6 of the bitgen package has been released:

http://bitcoin-gen.org/

This version supports compressed public keys, although it still generates uncompressed by default.

The major new feature in this release is support for signature generation and verification.
This functionality is included in a separate command line application: bitsig.

Unlike bitgen, the bitsig application is stateful and stores a keychain in a local database.

With this keychain it is possible to sign and verify both messages and files.
Bitsig currently support the Armory, InputsIo and Multibit message signature formats.

It also introduces a new file format for full file signatures. This makes is possible to use
bitsig instead of PGP for file signatures.

To create a new private key for signature generation, the same methods are possible as in bitgen.
The easiest method to generate a private key is the following
 $ bitsig random

This generates a random private key for you and stores it in the keychain.

To sign a message using the multibit format the following command can be used:

$ bitsig signMultibit "My message".

This will give an output similar to the following:


-----BEGIN BITCOIN SIGNED MESSAGE-----
My message
-----BEGIN BITCOIN SIGNATURE-----
Version: Bitcoin-qt (1.0)
Address: 1oqJSLKdZThXreezwtdNjMM2QTG3xwE2h

G6XuhBvnDHKoYabdFdxT5ZwcSJQPCwy8D65EBC+sGdedQvhGrZ2V5R9LWSLfRrYws+zUi7hf6yi9Nkb36/Db92Q=
-----END BITCOIN SIGNATURE-----


To verify the message, use the following command (with the proper file name):
$ bitsig verifyMultibit B98F3492.multibit

This will print the following:
=====================
Verifying signature...
Verify OK for multibit file
Signature address: 1oqJSLKdZThXreezwtdNjMM2QTG3xwE2h
=====================

Importing public addresses is done with "bitsig import" for example:
$ bitsig import 1Bb2NBwDrqUUBHcGsHYTArDqLJ7ECGNe33 Bob

Then a hash checksum has to be specified for security reasons:
$ bitsig import 1Bb2NBwDrqUUBHcGsHYTArDqLJ7ECGNe33 Bob B374DD02

The bitgen package is now signed with my signature public key which is:

1L5TnzknDGZuHde9Uz8mBjZAq6tz8MnN97

The signatures are stored in "bitsig" files.
http://bitcoin-gen.org/bitgen_0.6.tar.gz.bitsig

In order to use the PGP-like functionality and verify the integrity of the archive,
the following command can be used:

$ bitsig verify bitgen_0.6.tar.gz bitgen_0.6.tar.gz.bitsig 1L5TnzknDGZuHde9Uz8mBjZAq6tz8MnN97

But even better is to store the address in the keychain for future use:

$ bitsig import 1L5TnzknDGZuHde9Uz8mBjZAq6tz8MnN97 bit22gen
$ bitsig import 1L5TnzknDGZuHde9Uz8mBjZAq6tz8MnN97 bit22gen 5981B032

When the address is stored, the address need not be specified:
$ bitsig verify bitgen_0.6.tar.gz bitgen_0.6.tar.gz.bitsig

This will give:
==============================
The signed file      : bitgen_0.6.tar.gz
The signature file   : bitgen_0.6.tar.gz.bitsig
Calculated address   : 1L5TnzknDGZuHde9Uz8mBjZAq6tz8MnN97
No public address given, looking in keychain
Found the address in the keychain
Verifying signature....
Verify OK for address: 1L5TnzknDGZuHde9Uz8mBjZAq6tz8MnN97
Address alias: bit22gen
==============================

Yes, it supports vanity addresses, but it is currently too slow be be very useful.
That will improve in future versions.


Thanks for adding the software there.

The comments regarding the brainwallet address generation are very valid.
It would be easy to use a sentence that is predictable and therefore results in low entropy.
Salt and KDF would certainly improve the security, should hopefully be included before version 1.0 is released.

I've just added this precious piece of software to my list here (if you don't mind):

https://bitcointalksearch.org/topic/list-foss-brainwallets-1164163

Tens of features, very well done! Congratulations for the effort!

Do you have any Github/Gitlab repository for that?

If not, I suggest that you create one.

Keep up the good work.

The NSA definitely knows how to crack stuff like this...but would they really bother with users like us? We're small fries 

Interesting, just another tool for generating addresses? Can it do vanity addresses? It would be nice to have a tool other than vanitygen.

Bitgen generates a bitcoin address and the corresponding private key.
(The private key is given in various forms, WIF, QR-code, mnemonic etc.)

In the simplest case, use for example the following command:
 $ bitgen random

The key information is saved in postscript/pdf-files as well as txt files.

To use it for cold storage, simply send bitcoins to the public address, and keep the postscript files in several safe places,
possible printed out on paper.

When the bitcoins should be used after the cold storage period, a wallet can be used to redeem to funds with the private key.
Most wallets can be used for that purpose.

For example, in electrum use "Import private key".
In the "android bitcoin app", use "Sweep paper wallet".

Bitgen is similar to for example bitaddress.org, but is used from the command line instead of in a web browser.
This makes it easy to use from for example a raspberry pie, or outdated PC hardware.

Ideally, the computer used for cold storage key generation should never be connected to the internet
since that is a security risk.

Bitgen is completely offline, and should be used without any network connection.

Do we need an Internet Connection to generate a new address?
Who knows it could be offline

Though your explanations are beautiful but I still can not get how I can use this tool for bitcoin cold storage.

Bitgen 0.5 has been released:

http://bitcoin-gen.org/

The new 0.5 release adds support for:
* Mnemonics
* Invoice generation
* Mini private key
* Hierarchical random address generation (for advanced users)
* Vanity addresses (Experimental support)