How can you verify the randomness that's coming from a hardware? - page 6.

Welsh

staff

Activity: 3304

Merit: 4115

Quote from: BlackHatCoiner on April 26, 2022, 02:23:00 AM

Couldn't one of all these hardware wallet companies implement something like that and steal millions of dollars worth of BTC, in just one moment? It would probably be the worst scandal of the crypto space.

Technically could, although there would be no way to prove this as far as I'm aware, so there isn't a way to verify it either. It would be a pretty sophisticated attack though, it reminds me how computer forensics would freeze computers in the past, specifically the ram in order to extract data. Also, I do believe that some programs in the past, which I can't recall right now would give you supposedly random data, i.e a password generation based on the temperature of the device, and various other things.

I'm not sure how plausible this kind of attack would be though.

witcher_sense

legendary

Activity: 2450

Merit: 4415

🔐BitcoinMessage.Tools🔑

Quote from: BlackHatCoiner on April 26, 2022, 02:23:00 AM

Well, it depends. If I have tested the dice and I've verified that, on average, all of the values have a ~16.66% chance to return, then it's safe to assume it's random. At least, that's the definition according to Wikipedia:

Quote from: Randomness

In common parlance, randomness is the apparent or actual lack of pattern or predictability in events.

I know it sounds paranoid, but I don't know what to answer if one ever made me such question. Like, sure, most of the hardware is very unlikely to have this kind of weakness, but what about hardware wallets? They're designed for solely transacting bitcoins and their random number generator, as in all hardware, isn't apparent.

Couldn't one of all these hardware wallet companies implement something like that and steal millions of dollars worth of BTC, in just one moment? It would probably be the worst scandal of the crypto space.

In the case of dice rolls, you can be sure the number you got was random only because you were generating it yourself without trusting anybody. You have to be a witness of the whole process to verify randomness. But if you come and tell me that a certain number was generated randomly with dice rolls or coin flips or with something else, I have no way to verify your claims. In the case of hardware, it is simply impossible to follow the whole process of generation, so you can't be a witness by definition. The best you can do is test numbers for pseudorandomness by generating billions of numbers and trying to find a pattern.

This thread may also be helpful: https://bitcointalksearch.org/topic/seed-generation-in-hardware-wallets-5317199

BlackHatCoiner

legendary

Activity: 1512

Merit: 7340

Farewell, Leo

Quote from: garlonicon on April 25, 2022, 01:07:10 PM

For example, when you roll a dice, you can check that you are not getting four every time. But if you would, could you call it random?

Well, it depends. If I have tested the dice and I've verified that, on average, all of the values have a ~16.66% chance to return, then it's safe to assume it's random. At least, that's the definition according to Wikipedia:

Quote from: Randomness

In common parlance, randomness is the apparent or actual lack of pattern or predictability in events.

I know it sounds paranoid, but I don't know what to answer if one ever made me such question. Like, sure, most of the hardware is very unlikely to have this kind of weakness, but what about hardware wallets? They're designed for solely transacting bitcoins and their random number generator, as in all hardware, isn't apparent.

Couldn't one of all these hardware wallet companies implement something like that and steal millions of dollars worth of BTC, in just one moment? It would probably be the worst scandal of the crypto space.

garlonicon

copper member

Activity: 821

Merit: 1992

We cannot do much. Unless it is Open Hardware, where you can know all design details, you can create your own CPU architecture from scratch, you can change everything and design anything. Then, you can assume that you have full control. But still, you are limited by the laws of physics. You cannot see small things, you can use other devices, such as microscopes, to display that things in a huge zoom. You cannot have objectively trustless randomness. You can only have things that are random enough for your purposes, that is all you can get. And to test that, you can get some samples and check some basic things. For example, when you roll a dice, you can check that you are not getting four every time. But if you would, could you call it random? https://xkcd.com/221/

BlackHatCoiner

legendary

Activity: 1512

Merit: 7340

Farewell, Leo

Warning: I don't know much from hardware. And when I say much, I mean nothing.

I had created a thread regarding this in the Hardware Wallet section, but I choose to broaden it in the Dev & Tech board. Pretty simple question, but I've come to realize that it's much more difficult to answer than it seems.

When we say that a wallet software is closed source, we're afraid it may have access to our keys via the internet, sell our IP addresses and other info, or simply generate predictable entropy to steal our money in the smoothest way possible. We choose open source, so we can have a peace of mind.

So, how do we verify that the hardware doesn't generate predictable entropy, regardless of whether the wallet developers have bad intentions or not? I don't care about the OS, let's assume you use an open-source one; my focus is on those who build the hardware that is used to generate randomness.

Topic: How can you verify the randomness that's coming from a hardware? - page 6. (Read 1651 times)