[ESHOP launched] Trezor: Bitcoin hardware wallet - page 264.

niko

hero member

Activity: 756

Merit: 501

There is more to Bitcoin than bitcoins.

Quote from: slush on November 05, 2012, 12:24:29 PM

Quote from: 2112 on November 05, 2012, 11:59:49 AM

Edit: I'm adding a link to my earlier post about how to strenghten an USB-powered device against side-channel attacks. I know that your chip of choice lacks NEON, but please read it to the end.

Afaik these attacks are more teoretical than in daily use. I'm not saying that it is impossible to get seed with unrestricted physical access to the wallet and good laboratory equipment. But still wallet owner have enough time to send his coins outside the seed.

How does the owner send funds outside of seed if the device has been stolen?

sebicas

member

Activity: 69

Merit: 20

Love the idea!! Please sign me up for one!
Have you thought in adding the project to http://www.kickstarter.com?
I will support it if you do...

hazek

legendary

Activity: 1078

Merit: 1002

Quote from: slush on November 05, 2012, 12:24:29 PM

Even with those theoretical attacks, real safety of such wallet is much higher than any existing solution.

No such thing as perfect security anyway. All there is are tradeoffs, you gain a bit of security but you lose convenience, you lose a bit of security but you gain a bit of convenience, finding the right balance for the right kind of circumstance is what is important.

I think this project is badly needed and I wish you success!

Mushroomized

legendary

Activity: 1470

Merit: 1002

Hello!

Subbin

(I was trying something similar with my raspi Wink

)

mc_lovin

legendary

Activity: 1190

Merit: 1000

www.bitcointrading.com

omg this is better than the "September announcement"!!!!

Jutarul

donator

Activity: 994

Merit: 1000

Quote from: 2112 on November 05, 2012, 12:38:54 PM

Quote from: slush on November 05, 2012, 12:24:29 PM

Afaik these attacks are more teoretical than in daily use. I'm not saying that it is impossible to get seed with unrestricted physical access to the wallet and good laboratory equipment. But still wallet owner have enough time to send his coins outside the seed.

Even with those teoretical attacks, real safety of such wallet is much higher than any existing solution.

The good laboratory equipment is required only to design the attack. Once you have the attack developed it takes very cheap equipment to implement it, because you already know how and where to look on the chip-pin waveform.

Maybe if people develop a habit of frequently connecting it their mobile phone or otherwise involve it in their daily routines their reaction to physical theft will be quick enough to prevent the logical theft of bitcoins.

Edit: Actually I recalled a bit. I believe you are located in Prague, Czechia. There's a company there called BLADOX and there was a guy called Deian or Deyan that had found some very creative ways to abuse their products.

As long as the attacker needs physical access to the chip, the keys are as secure as the dollar bills in your pocket.

2112

legendary

Activity: 2128

Merit: 1065

Quote from: slush on November 05, 2012, 12:24:29 PM

Afaik these attacks are more teoretical than in daily use. I'm not saying that it is impossible to get seed with unrestricted physical access to the wallet and good laboratory equipment. But still wallet owner have enough time to send his coins outside the seed.

Even with those teoretical attacks, real safety of such wallet is much higher than any existing solution.

The good laboratory equipment is required only to design the attack. Once you have the attack developed it takes very cheap equipment to implement it, because you already know how and where to look on the chip-pin waveform.

Maybe if people develop a habit of frequently connecting it their mobile phone or otherwise involve it in their daily routines their reaction to physical theft will be quick enough to prevent the logical theft of bitcoins.

Edit: Actually I recalled a bit. I believe you are located in Prague, Czechia. There's a company there called BLADOX and there was a guy called Deian or Deyan that had found some very creative ways to abuse their products.

slush

legendary

Activity: 1386

Merit: 1097

Quote from: Andreas Schildbach on November 05, 2012, 12:20:16 PM

I'd be happy to implement the necessary software support on the Android side!

C codes for the device will be open source, so you'll be more than welcome to play with it. At this point, we're focusing to get prototype alive, so make code able to cross-compile for ADK isn't on top of our priority list.

slush

legendary

Activity: 1386

Merit: 1097

Quote from: 2112 on November 05, 2012, 11:59:49 AM

Edit: I'm adding a link to my earlier post about how to strenghten an USB-powered device against side-channel attacks. I know that your chip of choice lacks NEON, but please read it to the end.

Afaik these attacks are more teoretical than in daily use. I'm not saying that it is impossible to get seed with unrestricted physical access to the wallet and good laboratory equipment. But still wallet owner have enough time to send his coins outside the seed.

Even with those teoretical attacks, real safety of such wallet is much higher than any existing solution.

Andreas Schildbach

hero member

Activity: 483

Merit: 501

Very nice project!

If this hardware would be designed as an ADK (Android Accessory Development Kit) device, it could be connected to virtually every phone with at least Android 2.3.3 installed and be used with Bitcoin Wallet.

I think ADK support is optional, so the same device could be connected to a PC as originally intended.

I'd be happy to implement the necessary software support on the Android side!

2112

legendary

Activity: 2128

Merit: 1065

Quote from: slush on November 05, 2012, 11:34:12 AM

http://www.nxp.com/documents/application_note/AN10968.pdf

Chapter 3 (page 4) describes security level of the chip we currently want to use. Do you know about some cheap and quick solution how to skip this protection and read the seed from the device?

It is probably possible to read memory with high level laboratory equipment, but purpose of seed protection is that attacker need some time to read memory, so original owner can reload the seed to another device and send his coins out of compromised seed.

I'm personally out of the hardware design business for many years now.

But people like http://www.mcu-reverse.com/ could give an estimate.

Now that you've given the intended part number interested people can look up the information about various side-channel attacks on those chips. From a brief description of your intended deterministic wallet design I presume that it will be sufficient to exfiltrate only 512 bits to empty the whole wallet.

Thank you very much for your disclosure.

Edit: I'm adding a link to my earlier post about how to strenghten an USB-powered device against side-channel attacks. I know that your chip of choice lacks NEON, but please read it to the end.

https://bitcointalksearch.org/topic/m.931995

slush

legendary

Activity: 1386

Merit: 1097

Quote from: 2112 on November 05, 2012, 11:24:25 AM

Slush, would you kindly ask Mr. stick for additional information to substantiate the above claim?

http://www.nxp.com/documents/application_note/AN10968.pdf

Chapter 3 (page 4) describes security level of the chip we currently want to use. Do you know about some cheap and quick solution how to skip this protection and read the seed from the device?

It is probably possible to read memory with high level laboratory equipment, but purpose of seed protection is that attacker need some time to read memory, so original owner can reload the seed to another device and send his coins out of compromised seed.

2112

legendary

Activity: 2128

Merit: 1065

Quote from: slush on November 05, 2012, 09:45:11 AM

* Impossibility to obtain private keys from the device in a case of theft

Everything looks very nice, with the exception of this one point.

Probably an average pirate TV-decoder-card vendor would be able to retrieve the private keys.

Slush, would you kindly ask Mr. stick for additional information to substantiate the above claim?

Thanks.

slush

legendary

Activity: 1386

Merit: 1097

Quote from: Jutarul on November 05, 2012, 10:38:07 AM

Nice! Are you planning on creating a company to sell these products? Do you need seed money for prototype development?

Project is in too early stage to tell this. For now we're focused to creating the device. We already have enough money for make device prototypes. We'll discuss detailed plan for funding and selling final product later.

slush

legendary

Activity: 1386

Merit: 1097

Quote from: 2weiX on November 05, 2012, 10:53:51 AM

Wasn't there a project that was announced a year ago that failed miserably... "ellet"?

I know about ellet. The problem was that they took quite a bigger challenge than they could handle.

slush

legendary

Activity: 1386

Merit: 1097

Quote from: Belkaar on November 05, 2012, 10:20:40 AM

Would you describe how a standard transaction would take place?

1. You connect the device into the USB and run Bitcoin wallet software
2. It automatically recognizes the device (by matching VendorID and ProductID of USB bus)
3. Software ask for master public key. Then it will be able to show your addresses and their balances.
4. When you want to send some coins, software creates template of bitcoin transaction and send it to wallet device.
5. Device displays transaction summary on its display and ask you to confirm transaction by pressing hardware button
6. Device signs transactions using private key stored in the device and sends signed transaction to desktop software.
7. Desktop software sends signed transaction to the bitcoin network.

2weiX

legendary

Activity: 2058

Merit: 1005

this space intentionally left blank

Wasn't there a project that was announced a year ago that failed miserably... "ellet"?
I for one wish you the best of luck.

VeeMiner

hero member

Activity: 752

Merit: 500

bitcoin hodler

sounds great, looking forward to seeing more information!

jim618

legendary

Activity: 1708

Merit: 1066

Quote from: Belkaar on November 05, 2012, 10:20:40 AM

Would you describe how a standard transaction would take place?
Do I have to plug it into a PC? Do I need extra software? Is it Web-Service based?

There is quite a lot of coding to make it all work, but MultiBit is planning to support these devices.

You would have a watch only wallet in your desktop client with all the transactions in it. When you want to do a send MultiBit creates the transaction and passes it to the device for signing via USB. The transaction comes back and the MultiBit sends it off to the network.

Slush has also created a fork of Electrum where he is coding up the wire protocol etc. This is in protobuf format so anything like python, C++, Java can use it.

Edit: Java devs who are interested in helping please PM me !

Jutarul

donator

Activity: 994

Merit: 1000

Nice! Are you planning on creating a company to sell these products? Do you need seed money for prototype development?

Topic: [ESHOP launched] Trezor: Bitcoin hardware wallet - page 264. (Read 965789 times)