Topic: Hardware Bitcoin Wallet (Read 4803 times)

If it were me, I wouldn't use C (though cryptography in ASM might be a challenge) but a cheap PIC microcontroller with embedded USB hardware can be had for cheap. I don't know if it has the power to handle the application but proof-of-concept could be put together pretty quickly and reasonably cheaply (Microchip will even send you the chips for free).

I made a little AVR-powered LCD badge starting with a schematic and going all the way to home-etched board about a year and a half ago.  Maybe I could get a chip with some more horsepower and write some code to make it into a project like this.  Some have suggested using a regular USB key to move between your secure PC and your internet PC.  I don't like the idea of using USB for this because of the possibility of infection:

http://www.tomshardware.com/news/usb-flash-virus-secure,6564.html

If you plug in your USB key to an infected PC connected to the internet, and it's infected, then you plug it into your "vault" PC, the secure PC could also be infected.  If the virus author is clever enough, your private key could be compromised when you plug the key back into the internet PC.  Why not do all of this without USB?  I wonder if a serial interface could be devised that would allow you to send in JSON of a requested transaction (like {address, amount}), have you go physically push a button to confirm it on the device, and have it send back to you a transaction.  It's basically the OP's idea, but much more paranoid.  I have all the equipment to do this - maybe I'll start soon.

I was thinking more along this lines,

http://www.ebay.com/itm/84-48-LCD-Module-White-backlight-adapter-PCB-for-Nokia-5110-Arduino-/170817974147?pt=LH_DefaultDomain_0&hash=item27c58b6f83

I know these can be got in qty with only a single line and for less than $1 each, but I no longer have the details on them. It was years ago. I bought the kind in this ebay post for about $3 in Bangkok around 5 years ago, in qty 2-3. So no doubt they are readily available in China for much less. These LCD displays usually have a chip mounted on the glass and can be controlled by any micro controller thru either a serial or 4/8 bit port.

Cheap display like http://www.kx-e.com/upload/gift/2010121617271237333.jpg should be enough.

Absolutely. Without a display any method of confirmation via the usb port can be easily faked. The display is the only thing that makes this worthwhile and it doesn't need to cost much at all. You just need to source them from Asia. Some time ago there was quite a discussion of this type of device on Schneier's security blog and the display was the key component (though that discussion was not talking about Bitcoin).

Whatever micro-controller you chose, make sure it cannot be reprogrammed over the USB connection otherwise the device would be way too easily compromised.

Also, I think the use of an on-board display is essential for visual confirmation of the destination address before accepting to sign the transaction.

My Wife and a I were discussing the name tonight. Here's what we came up with:


Name: The BitSafe
Slogan: It's much more than a little-bit safe.

I've been working on a Hardware Bitcoin Wallet for a few weeks now.

It's going to use MICROCHIP PIC32.
I was able to get ECDSA working and prove the concept on the hardware chosen, but the firmware/software is still seriously lacking.

In 6 to 8 weeks, I will have a prototype PCB.

Was going to wait to post, but since so many our focused on the same thing I don't want to duplicate the work.
It is going to be open source hardware and open source firmware/software.

However, I wanted to do it with one button. a quick press for one function and a long press (3 seconds) for a different function.

Also, I was looking for different ways to get away with not having a display to keep cost and size down. One thought was to have the
USB Security device to disconnect and reconnect as a keyboard and with a quick press - what is about to be signed would be displayed
with a signature (not the signature for the transaction), but from the USB device (to make sure its not some malware in between the user and the data that's being received).
If all is good, then a long button press produces the desired signature.

Anyways, please keep me informed if anyone else is working on this. I do have a PCB being designed and it's 20% complete.
Also have the design ready for a development board for those interested in developing the firmware and software. The will Start working on the PCB design after I build a prototype.
The final price looks to be between $12.00 to $15.00, but that is no guarantee and that may not even be conservative.

Hi, could you link me to this hardware?

It would be interesting for other projects i have, non bitcoin related.

Thank you!

Surely you mean cheaper, not easier.

Can I assume that you also make your own OS and bitcoin client?

The best way to start doing this without putting the cart before the horse would be to write the C code that will run on all this magical dream hardware.

Once there's a Linux-based program and a well-defined serial protocol that can serve as the proof-of-concept (even if the program runs on another whole computer), then the hardware discussion will be much more fruitful I think... (and the serial protocol can be adapted to run over USB, TCP, etc.)

Whether a piece of hardware has been secretly backdoored is relatively moot, because the only action the hardware could take would be to sign a transaction it wasn't supposed to sign, which would only be possible if the same person who provided the backdoored hardware also happens to have control over the host computer.

Would you trust your bank if the gave you a secondhand device, that they had reconfigured? Would you trust me if I gave you one?
Here, safewallet for you my friend, only 2,5 Btc

To get to grandma and avarage joe, it has to be something that is comes in a plastic package and can be bought in stores.

If you want to build one of these I'd suggest getting in touch with Austria Micro Systems and see how much it would cost for a previous gen ARM chip like they used in the Sansa Fuze or Sansa Clip.

These devices are supported by Rockbox and so you have a wealth of ready to use open source code and ready to go dev tools. The clip already has a minimal display but in either case you would reduce the device to just the chip, one line display and button. No battery, no wheel or sound or other stuff. Just chip, usb connector, display, button on a pcb. Your main cost is the AMS chip and I don't know what the volume price on those is but I'm sure it's capable enough to do the needed crypto functions, unlike the cheap 8 bit PICS and AVRs etc. One line LCD display can be very cheap. I bought mobile phone LCD displays for $2-3 and they were multi-line like on Nokia phones.

You might also look at some of the Broadcom chips available like they use in the Raspberry PI, though you could get by with one much less capable than they use for that. I don't know what the cheapest ARM chips on the market - you should search for the lowest priced one as you don't need much more than cpu+usb+some flash memory.

The nice thing about using the AMS chips is you can buy a second hand Fuze off ebay and do all the dev work and hack in a display and test it fully before you even make a PCB and order anything. So you could do a prototype for almost nothing and look for funding to do a real production run.

BTW I contributed to the Rockbox project and did dev work on my Fuze so I know all this to be doable quite easily. Heck, you could probably just market the open source Sansa Fuze/Clip compatible code to make this thing work with the millions of Clips/Fuzes kicking around now. It's pretty easy for an average user to upgrade the firmware too and it can become a Bitcoin wallet device.

RockCoin ... Bitcoin Wallet for Rockbox. Solid Like A Rock. Or CoinBox sounds better.

Fuzes with broken display are dumped on ebay for like $5-10 or so. Or they were, I haven't checked recently.

Edit: Just saw on AMS web site 1k qty chip is $9 each. A bit high but maybe they have a lower end chip available. USB conn stk#10019 from4uconnector.com about 0.13 each, PCB 0.5"x2" from China low qty about 0.50 each. May need a volt reg if not already on chip, 5V > 3.3V likely.

my earlier post about using an USB mp3 player at the cost of £8 ~ $13 is far cheaper then the OP's suggestion..
http://www.1topstore.com/en-gbp/2gb-lcd-mp3-player-usb-flash-drive-built-in-fm-radio-p8840.html

the link is just one example. theres many more i seen with a couple buttons and a screen for under $6.

the costs of a small business to produce circuit boards with labour time added far exceeds that of existent larger businesses that use machines that churn out products by the second.

plus the example i used has more then 2 buttons.. use the fastforward button to increase amount, rewind button to decrease the amounts, the play button to accept payment and the stop button to cancel payment.

all you need is someone with firmware experience to reprogram it and your complete. no soldering/ special machinary required.

Yeah, those threads are fun to watch. This one was started by a pure wannabe. The previous ones were started by various pretenders, for example the pretend-programmer that proposed BitClip:

https://bitcointalksearch.org/topic/m.308635
https://bitcointalksearch.org/topic/m.643656

Now if there was a way to mine the deposits of comedy gold that are hidden in BitcoinTalk we would all be rich.

Edit:

Poking fun is too easy. Here's the link for some hardware wallet device proposal from somebody with an actual skill:

https://bitcointalksearch.org/topic/smart-card-wallet-take-2-94119

What's wrong with blockchain app from the app store? Besides the fact that not everyone has a device that can support it.

Yep.  That's exactly why you should only buy one of these things if it specifically isn't marketed as a bitcoin-related device.  Catch-22.

Heh

By the way, this is about the fiftieth time this idea has been posted.  But at least there's a nice drawing this time.  Maybe someday somebody will actually sell these things, but if they were marketed as a way to store your BTC I'm not sure I'd trust them.

In the meantime you can buy a USB stick with an AVR, flash memory, and two buttons on it for about $10.  That's probably the easier route, and since they're sold mainly for non-bitcoin applications you don't have to worry quite as much about being trojaned.

Yes, that's why there is a display on the hardware wallet, so you have a chance to discover the error before you sign the transaction.

Absolutely correct. That's why the crucial step - signing a transaction - is run on a microprocessor that no malware can reprogram

SilkRoad I guess