Pages:
Author

Topic: Hardware Bitcoin Wallet (Read 4810 times)

legendary
Activity: 2576
Merit: 2267
1RichyTrEwPYjZSeAYxeiFBNnKC9UjC5k
October 08, 2012, 03:06:22 PM
#64
The best way to start doing this without putting the cart before the horse would be to write the C code that will run on all this magical dream hardware.

If it were me, I wouldn't use C (though cryptography in ASM might be a challenge) but a cheap PIC microcontroller with embedded USB hardware can be had for cheap. I don't know if it has the power to handle the application but proof-of-concept could be put together pretty quickly and reasonably cheaply (Microchip will even send you the chips for free).
hero member
Activity: 518
Merit: 500
Manateeeeeeees
October 08, 2012, 10:02:00 AM
#63
I made a little AVR-powered LCD badge starting with a schematic and going all the way to home-etched board about a year and a half ago.  Maybe I could get a chip with some more horsepower and write some code to make it into a project like this.  Some have suggested using a regular USB key to move between your secure PC and your internet PC.  I don't like the idea of using USB for this because of the possibility of infection:

http://www.tomshardware.com/news/usb-flash-virus-secure,6564.html

If you plug in your USB key to an infected PC connected to the internet, and it's infected, then you plug it into your "vault" PC, the secure PC could also be infected.  If the virus author is clever enough, your private key could be compromised when you plug the key back into the internet PC.  Why not do all of this without USB?  I wonder if a serial interface could be devised that would allow you to send in JSON of a requested transaction (like {address, amount}), have you go physically push a button to confirm it on the device, and have it send back to you a transaction.  It's basically the OP's idea, but much more paranoid.  I have all the equipment to do this - maybe I'll start soon.
hero member
Activity: 784
Merit: 1009
firstbits:1MinerQ
October 08, 2012, 09:24:21 AM
#62
Cheap display like http://www.kx-e.com/upload/gift/2010121617271237333.jpg should be enough.
I was thinking more along this lines,

http://www.ebay.com/itm/84-48-LCD-Module-White-backlight-adapter-PCB-for-Nokia-5110-Arduino-/170817974147?pt=LH_DefaultDomain_0&hash=item27c58b6f83

I know these can be got in qty with only a single line and for less than $1 each, but I no longer have the details on them. It was years ago. I bought the kind in this ebay post for about $3 in Bangkok around 5 years ago, in qty 2-3. So no doubt they are readily available in China for much less. These LCD displays usually have a chip mounted on the glass and can be controlled by any micro controller thru either a serial or 4/8 bit port.
legendary
Activity: 2142
Merit: 1010
Newbie
October 08, 2012, 05:33:56 AM
#61
Cheap display like http://www.kx-e.com/upload/gift/2010121617271237333.jpg should be enough.
hero member
Activity: 784
Merit: 1009
firstbits:1MinerQ
October 08, 2012, 03:07:56 AM
#60
Also, I think the use of an on-board display is essential for visual confirmation of the destination address before accepting to sign the transaction.
Absolutely. Without a display any method of confirmation via the usb port can be easily faked. The display is the only thing that makes this worthwhile and it doesn't need to cost much at all. You just need to source them from Asia. Some time ago there was quite a discussion of this type of device on Schneier's security blog and the display was the key component (though that discussion was not talking about Bitcoin).
member
Activity: 85
Merit: 10
October 08, 2012, 02:44:01 AM
#59
Whatever micro-controller you chose, make sure it cannot be reprogrammed over the USB connection otherwise the device would be way too easily compromised.

Also, I think the use of an on-board display is essential for visual confirmation of the destination address before accepting to sign the transaction.

sr. member
Activity: 455
Merit: 250
You Don't Bitcoin 'till You Mint Coin
October 07, 2012, 11:12:13 PM
#58
My Wife and a I were discussing the name tonight. Here's what we came up with:


Name: The BitSafe
Slogan: It's much more than a little-bit safe.
sr. member
Activity: 455
Merit: 250
You Don't Bitcoin 'till You Mint Coin
October 07, 2012, 05:06:30 PM
#57
I've been working on a Hardware Bitcoin Wallet for a few weeks now.

It's going to use MICROCHIP PIC32.
I was able to get ECDSA working and prove the concept on the hardware chosen, but the firmware/software is still seriously lacking.

In 6 to 8 weeks, I will have a prototype PCB.

Was going to wait to post, but since so many our focused on the same thing I don't want to duplicate the work.
It is going to be open source hardware and open source firmware/software.

However, I wanted to do it with one button. a quick press for one function and a long press (3 seconds) for a different function.

Also, I was looking for different ways to get away with not having a display to keep cost and size down. One thought was to have the
USB Security device to disconnect and reconnect as a keyboard and with a quick press - what is about to be signed would be displayed
with a signature (not the signature for the transaction), but from the USB device (to make sure its not some malware in between the user and the data that's being received).
If all is good, then a long button press produces the desired signature.

Anyways, please keep me informed if anyone else is working on this. I do have a PCB being designed and it's 20% complete.
Also have the design ready for a development board for those interested in developing the firmware and software. The will Start working on the PCB design after I build a prototype.
The final price looks to be between $12.00 to $15.00, but that is no guarantee and that may not even be conservative.
legendary
Activity: 1176
Merit: 1001
October 07, 2012, 01:16:50 PM
#56
Specifically, I need:
  • A businessman, who will keep track of orders, outsourcing production, making bulletpoins, etc.
  • An electrical engineer, who can design a PCB with the needed components.
  • A programmer, who can help me in making the PC UI, the µc firmware, auditing etc.
Why do they need you?

Heh Smiley

By the way, this is about the fiftieth time this idea has been posted.  But at least there's a nice drawing this time.  Maybe someday somebody will actually sell these things, but if they were marketed as a way to store your BTC I'm not sure I'd trust them.

In the meantime you can buy a USB stick with an AVR, flash memory, and two buttons on it for about $10.  That's probably the easier route, and since they're sold mainly for non-bitcoin applications you don't have to worry quite as much about being trojaned.

Hi, could you link me to this hardware?

It would be interesting for other projects i have, non bitcoin related.

Thank you!
newbie
Activity: 43
Merit: 0
October 07, 2012, 01:02:01 PM
#55
In the meantime you can buy a USB stick with an AVR, flash memory, and two buttons on it for about $10.  That's probably the easier route, and since they're sold mainly for non-bitcoin applications you don't have to worry quite as much about being trojaned.
Surely you mean cheaper, not easier.

Yep.  That's exactly why you should only buy one of these things if it specifically isn't marketed as a bitcoin-related device.  Catch-22.
Can I assume that you also make your own OS and bitcoin client?
vip
Activity: 1386
Merit: 1140
The Casascius 1oz 10BTC Silver Round (w/ Gold B)
October 07, 2012, 12:49:09 PM
#54
The best way to start doing this without putting the cart before the horse would be to write the C code that will run on all this magical dream hardware.

Once there's a Linux-based program and a well-defined serial protocol that can serve as the proof-of-concept (even if the program runs on another whole computer), then the hardware discussion will be much more fruitful I think... (and the serial protocol can be adapted to run over USB, TCP, etc.)

Whether a piece of hardware has been secretly backdoored is relatively moot, because the only action the hardware could take would be to sign a transaction it wasn't supposed to sign, which would only be possible if the same person who provided the backdoored hardware also happens to have control over the host computer.
newbie
Activity: 9
Merit: 0
October 07, 2012, 12:44:12 PM
#53
You know, someone could probably build the app to do this in C, targeting Linux as the OS, using serial as the interface, and it would probably run on gobs of hardware that's already out there for nearly free.  People could root their old 2nd generation iPod or whatever, and use it as a transaction verifier and be able to get into it for zero hardware cost (or pick one up on eBay).

Sure, but that's a nerd thing.

We are targeting grandma's here.

Not exactly.  The goal isn't to make it a hobby project for nerds, the goal is to get the hardware cheap.  There is SO MUCH obsolete hardware that could run an application like this that people are throwing in the garbage.  It would be a sustainable business model to pick some old gadget, refurbish and recycle it into a low-cost bitcoin transaction verifier, and sell it on the open market to grandma.  An iPod modified to be a transaction verifier would be very grandma-friendly (if someone else does the modification, of course).

Would you trust your bank if the gave you a secondhand device, that they had reconfigured? Would you trust me if I gave you one?
Here, safewallet for you my friend, only 2,5 Btc Wink

To get to grandma and avarage joe, it has to be something that is comes in a plastic package and can be bought in stores.
hero member
Activity: 784
Merit: 1009
firstbits:1MinerQ
October 07, 2012, 11:47:01 AM
#52
If you want to build one of these I'd suggest getting in touch with Austria Micro Systems and see how much it would cost for a previous gen ARM chip like they used in the Sansa Fuze or Sansa Clip.

These devices are supported by Rockbox and so you have a wealth of ready to use open source code and ready to go dev tools. The clip already has a minimal display but in either case you would reduce the device to just the chip, one line display and button. No battery, no wheel or sound or other stuff. Just chip, usb connector, display, button on a pcb. Your main cost is the AMS chip and I don't know what the volume price on those is but I'm sure it's capable enough to do the needed crypto functions, unlike the cheap 8 bit PICS and AVRs etc. One line LCD display can be very cheap. I bought mobile phone LCD displays for $2-3 and they were multi-line like on Nokia phones.

You might also look at some of the Broadcom chips available like they use in the Raspberry PI, though you could get by with one much less capable than they use for that. I don't know what the cheapest ARM chips on the market - you should search for the lowest priced one as you don't need much more than cpu+usb+some flash memory.

The nice thing about using the AMS chips is you can buy a second hand Fuze off ebay and do all the dev work and hack in a display and test it fully before you even make a PCB and order anything. So you could do a prototype for almost nothing and look for funding to do a real production run.

BTW I contributed to the Rockbox project and did dev work on my Fuze so I know all this to be doable quite easily. Heck, you could probably just market the open source Sansa Fuze/Clip compatible code to make this thing work with the millions of Clips/Fuzes kicking around now. It's pretty easy for an average user to upgrade the firmware too and it can become a Bitcoin wallet device.

RockCoin ... Bitcoin Wallet for Rockbox. Solid Like A Rock. Or CoinBox sounds better.

Fuzes with broken display are dumped on ebay for like $5-10 or so. Or they were, I haven't checked recently.

Edit: Just saw on AMS web site 1k qty chip is $9 each. A bit high but maybe they have a lower end chip available. USB conn stk#10019 from4uconnector.com about 0.13 each, PCB 0.5"x2" from China low qty about 0.50 each. May need a volt reg if not already on chip, 5V > 3.3V likely.
legendary
Activity: 4424
Merit: 4794
October 07, 2012, 11:43:13 AM
#51
my earlier post about using an USB mp3 player at the cost of £8 ~ $13 is far cheaper then the OP's suggestion..
http://www.1topstore.com/en-gbp/2gb-lcd-mp3-player-usb-flash-drive-built-in-fm-radio-p8840.html

the link is just one example. theres many more i seen with a couple buttons and a screen for under $6.

the costs of a small business to produce circuit boards with labour time added far exceeds that of existent larger businesses that use machines that churn out products by the second.

plus the example i used has more then 2 buttons.. use the fastforward button to increase amount, rewind button to decrease the amounts, the play button to accept payment and the stop button to cancel payment.

all you need is someone with firmware experience to reprogram it and your complete. no soldering/ special machinary required.

legendary
Activity: 2128
Merit: 1073
October 07, 2012, 10:46:50 AM
#50
By the way, this is about the fiftieth time this idea has been posted.  But at least there's a nice drawing this time.
Yeah, those threads are fun to watch. This one was started by a pure wannabe. The previous ones were started by various pretenders, for example the pretend-programmer that proposed BitClip:

https://bitcointalksearch.org/topic/m.308635
https://bitcointalksearch.org/topic/m.643656

Now if there was a way to mine the deposits of comedy gold that are hidden in BitcoinTalk we would all be rich.

Edit:

Poking fun is too easy. Here's the link for some hardware wallet device proposal from somebody with an actual skill:

https://bitcointalksearch.org/topic/smart-card-wallet-take-2-94119
hero member
Activity: 518
Merit: 500
October 07, 2012, 08:04:41 AM
#49
What's wrong with blockchain app from the app store? Besides the fact that not everyone has a device that can support it.
donator
Activity: 980
Merit: 1004
felonious vagrancy, personified
October 07, 2012, 07:50:25 AM
#48
Quote
OK, say you want to make a transaction. You fill out four things in the PC client: the wallet to transfer from, the amount of BTC, the destination address and the password for the wallet.
You press OK, and the transaction is sent to the device via USB for signing.
The Send-To address is changed by malware to another address before being sent to hardware wallet for signing. Hardware signs the transaction.

You cannot get any security on compromised computer! It is only a question how sophisticated is the malware.

Yep.  That's exactly why you should only buy one of these things if it specifically isn't marketed as a bitcoin-related device.  Catch-22.
donator
Activity: 980
Merit: 1004
felonious vagrancy, personified
October 07, 2012, 07:48:07 AM
#47
Specifically, I need:
  • A businessman, who will keep track of orders, outsourcing production, making bulletpoins, etc.
  • An electrical engineer, who can design a PCB with the needed components.
  • A programmer, who can help me in making the PC UI, the µc firmware, auditing etc.
Why do they need you?

Heh Smiley

By the way, this is about the fiftieth time this idea has been posted.  But at least there's a nice drawing this time.  Maybe someday somebody will actually sell these things, but if they were marketed as a way to store your BTC I'm not sure I'd trust them.

In the meantime you can buy a USB stick with an AVR, flash memory, and two buttons on it for about $10.  That's probably the easier route, and since they're sold mainly for non-bitcoin applications you don't have to worry quite as much about being trojaned.
newbie
Activity: 43
Merit: 0
October 07, 2012, 03:19:54 AM
#46
The payment address selection are still performed on computer before being sent to hardware wallet DERP!
Yes, that's why there is a display on the hardware wallet, so you have a chance to discover the error before you sign the transaction.

Quote
Truecrypt and Bitcoin are different, but they both can be compromised with malware on computers they operate. The only way to protect the computer is - don't run any malicious or insecure code on it!
Absolutely correct. That's why the crucial step - signing a transaction - is run on a microprocessor that no malware can reprogram
legendary
Activity: 2142
Merit: 1010
Newbie
October 07, 2012, 03:06:31 AM
#45
So what stores will my grandma be using this at?

SilkRoad I guess  Grin
Pages:
Jump to: