Pages:
Author

Topic: How can you verify the randomness that's coming from a hardware? - page 6. (Read 1651 times)

staff
Activity: 3304
Merit: 4115
Couldn't one of all these hardware wallet companies implement something like that and steal millions of dollars worth of BTC, in just one moment? It would probably be the worst scandal of the crypto space.
Technically could, although there would be no way to prove this as far as I'm aware, so there isn't a way to verify it either. It would be a pretty sophisticated attack though, it reminds me how computer forensics would freeze computers in the past, specifically the ram in order to extract data. Also, I do believe that some programs in the past, which I can't recall right now would give you supposedly random data, i.e a password generation based on the temperature of the device, and various other things.

I'm not sure how plausible this kind of attack would be though.
legendary
Activity: 2450
Merit: 4415
🔐BitcoinMessage.Tools🔑
Well, it depends. If I have tested the dice and I've verified that, on average, all of the values have a ~16.66% chance to return, then it's safe to assume it's random. At least, that's the definition according to Wikipedia:
Quote from: Randomness
In common parlance, randomness is the apparent or actual lack of pattern or predictability in events.


I know it sounds paranoid, but I don't know what to answer if one ever made me such question. Like, sure, most of the hardware is very unlikely to have this kind of weakness, but what about hardware wallets? They're designed for solely transacting bitcoins and their random number generator, as in all hardware, isn't apparent.

Couldn't one of all these hardware wallet companies implement something like that and steal millions of dollars worth of BTC, in just one moment? It would probably be the worst scandal of the crypto space.
In the case of dice rolls, you can be sure the number you got was random only because you were generating it yourself without trusting anybody. You have to be a witness of the whole process to verify randomness. But if you come and tell me that a certain number was generated randomly with dice rolls or coin flips or with something else, I have no way to verify your claims. In the case of hardware, it is simply impossible to follow the whole process of generation, so you can't be a witness by definition. The best you can do is test numbers for pseudorandomness by generating billions of numbers and trying to find a pattern.

This thread may also be helpful: https://bitcointalksearch.org/topic/seed-generation-in-hardware-wallets-5317199
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
For example, when you roll a dice, you can check that you are not getting four every time. But if you would, could you call it random?
Well, it depends. If I have tested the dice and I've verified that, on average, all of the values have a ~16.66% chance to return, then it's safe to assume it's random. At least, that's the definition according to Wikipedia:
Quote from: Randomness
In common parlance, randomness is the apparent or actual lack of pattern or predictability in events.

I know it sounds paranoid, but I don't know what to answer if one ever made me such question. Like, sure, most of the hardware is very unlikely to have this kind of weakness, but what about hardware wallets? They're designed for solely transacting bitcoins and their random number generator, as in all hardware, isn't apparent.

Couldn't one of all these hardware wallet companies implement something like that and steal millions of dollars worth of BTC, in just one moment? It would probably be the worst scandal of the crypto space.
copper member
Activity: 821
Merit: 1992
We cannot do much. Unless it is Open Hardware, where you can know all design details, you can create your own CPU architecture from scratch, you can change everything and design anything. Then, you can assume that you have full control. But still, you are limited by the laws of physics. You cannot see small things, you can use other devices, such as microscopes, to display that things in a huge zoom. You cannot have objectively trustless randomness. You can only have things that are random enough for your purposes, that is all you can get. And to test that, you can get some samples and check some basic things. For example, when you roll a dice, you can check that you are not getting four every time. But if you would, could you call it random? https://xkcd.com/221/
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
Warning: I don't know much from hardware. And when I say much, I mean nothing.


I had created a thread regarding this in the Hardware Wallet section, but I choose to broaden it in the Dev & Tech board. Pretty simple question, but I've come to realize that it's much more difficult to answer than it seems.

When we say that a wallet software is closed source, we're afraid it may have access to our keys via the internet, sell our IP addresses and other info, or simply generate predictable entropy to steal our money in the smoothest way possible. We choose open source, so we can have a peace of mind.

So, how do we verify that the hardware doesn't generate predictable entropy, regardless of whether the wallet developers have bad intentions or not? I don't care about the OS, let's assume you use an open-source one; my focus is on those who build the hardware that is used to generate randomness.
Pages:
Jump to: