Pages:
Author

Topic: Mnemonic phrases are too sucks. I developed an iris hardware wallet! (Read 410 times)

newbie
Activity: 11
Merit: 21
Some wallets that have pass key (for biometric) also have seed phrase phrase as alternative. Let me ask this question. What if someone prefer to go for seed phrase instead of the biometric means. Is it possible to get the seed phrase and backup the seed phrase instead?



EyeWallet also offers the functionality to extract mnemonic phrases, just like extracting the seed and private key from a backup. For users who are concerned about eye injuries or other unforeseen events, they can use this feature to extract the mnemonic phrase and store it securely.
newbie
Activity: 11
Merit: 21
Files stored in cloud, it is closed source, coming from China, and it scans your eyes... what could go wrong?  Tongue
This sounds like conceptual device from horror movie and I would never use something like this as bitcoin wallet.
There is no way to import keys in other wallets, and if any injury happens to user eyes he probably can't access file anymore.


The device itself is air-gapped, and users can decide whether to store backup files locally or in the cloud. This backup is irreversible, just like you can't derive a public key from an address, nor can you obtain the user's private key from it. The code will definitely be open-sourced at an appropriate time. In fact, except for the biometric features, the rest of the source code already uses open-source projects from wallets like Trezor, which is why it can connect with third-party apps like Trezor and MetaMask.

Also, buddy, let's set aside any preconceived notions. Chinese people have no interest in collecting your eye data or leaving backdoors in your wallet. If you have even a basic understanding of biometrics and cryptography, you'll probably understand what I'm saying.



Some wallets that have pass key (for biometric) also have seed phrase phrase as alternative. Let me ask this question. What if someone prefer to go for seed phrase instead of the biometric means. Is it possible to get the seed phrase and backup the seed phrase instead?



EyeWallet also offers the functionality to extract mnemonic phrases, just like extracting the seed and private key from a backup. For users who are concerned about eye injuries or other unforeseen events, they can use this feature to extract the mnemonic phrase and store it securely.

Mod note: Consecutive posts merged
legendary
Activity: 1512
Merit: 4795
Leading Crypto Sports Betting & Casino Platform
Some wallets that have pass key (for biometric) also have seed phrase phrase as alternative. Let me ask this question. What if someone prefer to go for seed phrase instead of the biometric means. Is it possible to get the seed phrase and backup the seed phrase instead?

legendary
Activity: 2212
Merit: 7064
Files stored in cloud, it is closed source, coming from China, and it scans your eyes... what could go wrong?  Tongue
This sounds like conceptual device from horror movie and I would never use something like this as bitcoin wallet.
There is no way to import keys in other wallets, and if any injury happens to user eyes he probably can't access file anymore.
newbie
Activity: 11
Merit: 21

So do I. One can be left without his eye after the $5-knife-attack. Besides of that,   as opposed to eye,  SEED can be backuped  by many ways and copies of that backup can be  stored in the differed geographical locations.

However  I'm wondering about users (like me) who wear contact lenses. Should they remove them while exploiting this wallet?

Regarding concerns about eye injuries, many people share this worry, and we have specifically addressed it in the Q&A section on our website. Your question about using the wallet while wearing contact lenses is very relevant. According to our tests, wearing contact lenses does not affect the extraction of iris features at all. However, if you use glasses, the reflective glare on the glass surface might cover some features and affect the collection process. Therefore, the conclusion is that you do not need to remove contact lenses, but it is recommended to take off glasses when using EyeWallet.
staff
Activity: 4284
Merit: 8808
As you mentioned, we use a fuzzy extraction method to restore the key.
Do you have any information on the fuzzy extraction scheme you use?
hero member
Activity: 714
Merit: 1298


I prefer seed phrase.

So do I. One can be left without his eye after the $5-knife-attack. Besides of that,   as opposed to eye,  SEED can be backuped  by many ways and copies of that backup can be  stored in the differed geographical locations.

However  I'm wondering about users (like me) who wear contact lenses. Should they remove them while exploiting this wallet?
newbie
Activity: 11
Merit: 21
Thank you for your suggestion. We actually considered whether to equip the device with full capabilities or design it as a peripheral for computers or mobile phones. After comprehensive evaluation, if it only exists as an eye-scanning peripheral, the related encoding and decoding algorithms would need to run on computers or mobile phones, making it unavoidable for the seed and private key to appear on these devices, which are inevitably connected to the internet. This seems to violate the most basic principle of hardware wallets, which is that the private key should never be exposed to the internet. Therefore, we decided to design the device with full capabilities for collection, encryption, and decryption.

Yes, what you wrote is true, but nowadays there exists a hardware component in most devices called the "Secure Element" <-- this is what iOS and Android call this part. It's an enclave that is separated from the rest of the memory and SoC where you can store secrets like private keys. In fact, that's what the Airgap Vault uses to store its wallet on mobile phones (I am not endorsing them or anything, I am just mentioning that.)

For desktops it is understandably more complicated but Intel does have an equivalent called TPM but there is no easy API across operating systems that exposes it. I'm not sure what it's called under AMD but it would be very surprising if they did not have a secure chip.

So at the very least it is feasible for mobile phones.

You are right, the security chip on mobile phones can indeed provide some protection. Specifically for this case, if EyeWallet is merely a peripheral for mobile phones, there are still some unavoidable vulnerabilities. If EyeWallet only acts as an iris collection module, responsible for capturing optical images and even extracting iris features, then the captured images or iris features must be transmitted to the host device for further processing. This poses a certain privacy leakage risk. This is similar to the cold wallet performing signature calculations on the device, aiming to completely eliminate the risk of key leakage.
newbie
Activity: 11
Merit: 21
Do you use a fuzzy extractor to use the biometrics to unlock the keys directly... or are you just comparing the input biometric to a saved copy and trusting some chip to keep them secret against an attacker that has physical access?


We do not save copies of the iris features, as it is too insecure and raises privacy concerns. Although WLD's ORB does this, we prioritize our users' privacy and firmly refuse to store any copies. As you mentioned, we use a fuzzy extraction method to restore the key.
staff
Activity: 4284
Merit: 8808
Do you use a fuzzy extractor to use the biometrics to unlock the keys directly... or are you just comparing the input biometric to a saved copy and trusting some chip to keep them secret against an attacker that has physical access?
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
Thank you for your suggestion. We actually considered whether to equip the device with full capabilities or design it as a peripheral for computers or mobile phones. After comprehensive evaluation, if it only exists as an eye-scanning peripheral, the related encoding and decoding algorithms would need to run on computers or mobile phones, making it unavoidable for the seed and private key to appear on these devices, which are inevitably connected to the internet. This seems to violate the most basic principle of hardware wallets, which is that the private key should never be exposed to the internet. Therefore, we decided to design the device with full capabilities for collection, encryption, and decryption.

Yes, what you wrote is true, but nowadays there exists a hardware component in most devices called the "Secure Element" <-- this is what iOS and Android call this part. It's an enclave that is separated from the rest of the memory and SoC where you can store secrets like private keys. In fact, that's what the Airgap Vault uses to store its wallet on mobile phones (I am not endorsing them or anything, I am just mentioning that.)

For desktops it is understandably more complicated but Intel does have an equivalent called TPM but there is no easy API across operating systems that exposes it. I'm not sure what it's called under AMD but it would be very surprising if they did not have a secure chip.

So at the very least it is feasible for mobile phones.
newbie
Activity: 11
Merit: 21
Some thought and question.
1. Does Iris HW (hardware wallet) optionally provide other way to backup and restore? Iris may be damaged or it's color changed over time.
2. I don't think mnemonic words is that inconvenient. You can store it on safe or safe deposit storage, while recovering wallet is something you rarely do.
3. If someone require their Iris scanned (usually due to work or legal reason), then it's risky to use your HW.


I watched this video, but 2 overlapping subtitle and partially cropped subtitle (when 2 line text is shown) is annoying. You probably want to fix that.

Thank you for your suggestion. In fact, EyeWallet still supports the mnemonic backup function, depending on the user's preference. If users feel that relying solely on iris recognition to secure their wallet seed is risky, they can use the mnemonic viewing function. EyeWallet will extract the seed from the iris information and display the corresponding mnemonic to the user. We understand users' concerns about eye injuries threatening asset security. In addition to retaining the mnemonic recovery function, EyeWallet also supports registering multiple irises for the same wallet. Besides using their own left and right eyes, users can add the eyes of their spouse, children, or anyone they trust. This adds more flexibility to EyeWallet.

Regarding the security of iris recognition, iris features are quite different from facial or fingerprint recognition and are difficult to steal without the user's knowledge. Even for industry professionals, obtaining consistent features from iris scans taken with different devices, in different environments, or from different angles is very challenging. This ensures that even if a stolen iris image is captured using professional equipment like Apple VR, it cannot be used to attack EyeWallet. More detailed information is available on our website, and we welcome further discussion.
newbie
Activity: 11
Merit: 21
It is great that somebody has actually designed an eye-scanning hardware wallet.

But I have a few suggestions for you:

- This would be much more useful as a stand-alone module which you can plug into your computer or connect via Bluetooth than as a full hardware wallet. Instead of giving yourselves the burden of competing with all the other hardware wallets (and software wallets!), why don't you work with most of them to create an integration for the Iris eye scanning feature as an alternative to BIP39 seed phrases when first creating a wallet? You could call such a thing EyeScan or something like that. It would be much more useful if I could use iris scanning on Electrum or Trezor or Trust Wallet than if it's its own wallet.
- You should write down how you make sure the same binary sequence is generated for each iris, without variation. That is a flaw with earlier attempts to make biometric seeds.

By the way, it looks like you left the title of the HTML page written in Chinese or something.


Thank you for your suggestion. We actually considered whether to equip the device with full capabilities or design it as a peripheral for computers or mobile phones. After comprehensive evaluation, if it only exists as an eye-scanning peripheral, the related encoding and decoding algorithms would need to run on computers or mobile phones, making it unavoidable for the seed and private key to appear on these devices, which are inevitably connected to the internet. This seems to violate the most basic principle of hardware wallets, which is that the private key should never be exposed to the internet. Therefore, we decided to design the device with full capabilities for collection, encryption, and decryption.

As you mentioned, the characteristics of each person's eye will vary with each capture. This was the first problem we solved. We can ensure that each user's seed is accurately restored, and there will never be any misidentification between different users. This is the beauty of iris technology.
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
It is great that somebody has actually designed an eye-scanning hardware wallet.

But I have a few suggestions for you:

- This would be much more useful as a stand-alone module which you can plug into your computer or connect via Bluetooth than as a full hardware wallet. Instead of giving yourselves the burden of competing with all the other hardware wallets (and software wallets!), why don't you work with most of them to create an integration for the Iris eye scanning feature as an alternative to BIP39 seed phrases when first creating a wallet? You could call such a thing EyeScan or something like that. It would be much more useful if I could use iris scanning on Electrum or Trezor or Trust Wallet than if it's its own wallet.
- You should write down how you make sure the same binary sequence is generated for each iris, without variation. That is a flaw with earlier attempts to make biometric seeds.

By the way, it looks like you left the title of the HTML page written in Chinese or something.
legendary
Activity: 2870
Merit: 7490
Crypto Swap Exchange
Some thought and question.
1. Does Iris HW (hardware wallet) optionally provide other way to backup and restore? Iris may be damaged or it's color changed over time.
2. I don't think mnemonic words is that inconvenient. You can store it on safe or safe deposit storage, while recovering wallet is something you rarely do.
3. If someone require their Iris scanned (usually due to work or legal reason), then it's risky to use your HW.


I watched this video, but 2 overlapping subtitle and partially cropped subtitle (when 2 line text is shown) is annoying. You probably want to fix that.
newbie
Activity: 11
Merit: 21
Yes, you are right. To be precise, we use iris features to encrypt the seed using an algorithm. When needed, we decode it using real-time collected iris features. The entire process does not store the seed or any private keys. Therefore, only the legitimate user can extract the seed and obtain the corresponding private key, eliminating the possibility of key leakage or loss. In this regard, EyeWallet is essentially a tool for extracting the private key accurately from the user's iris.You can find more information on our website and in our YouTube videos.

https://eye-wallet.com/

How to create a new wallet with EyeWallet
https://www.youtube.com/watch?v=62DO9ad7Gnk

Ledger Stax VS. EyeWallet
https://www.youtube.com/watch?v=UY-hW1a5qgU

What is Eye Wallet?
https://www.youtube.com/watch?v=qriNKAzSPbo
legendary
Activity: 4466
Merit: 3391
I like the idea, but your description says that the device stores an encrypted "private key". Does the device store only a single private key, or is it BIP-32 with a seed or master private key?
newbie
Activity: 11
Merit: 21
The videos on YouTube were uploaded by one of our team members, and two of them were just recently uploaded. Thank you for your reminder. I realized that these videos have not been shared yet, so I will directly share the links to the videos here.

How to create a new wallet with EyeWallet
https://www.youtube.com/watch?v=62DO9ad7Gnk
How to conduct transactions using EyeWallet
https://www.youtube.com/watch?v=-eIKaSDuH9w
What is Eye Wallet?
https://www.youtube.com/watch?v=qriNKAzSPbo&t=39s
legendary
Activity: 1512
Merit: 4795
Leading Crypto Sports Betting & Casino Platform
No one will trust you on this forum. If you need trust, go and market your product first so we can know how legit it is. According to my findings, no information yet about you except a video that I saw about you on YouTube that has only 5 views. Your website 'sign in' and 'get started' button, contact and every other thing are not working. I am surprised how the YouTube video creator was able to contact you.
newbie
Activity: 11
Merit: 21
Thank you for your feedback;


Yes, facial recognition and fingerprint recognition indeed carry significant risks, with many cases showing that they can be easily compromised. However, iris recognition is currently the highest level of security among biometric technologies, typically used in counter-terrorism and financial sectors. Compared to facial and fingerprint recognition, iris technology is virtually immune to attacks. Additionally, in existing hardware wallets, facial and fingerprint recognition merely replace PIN codes for login protection, while private keys are still stored on the device, which is very risky. In contrast, EyeWallet does not store private keys. Instead, it encrypts the private key using each individual's unique iris features, and the private key itself is immediately destroyed. Therefore, if it is not the user themselves, it is impossible for anyone to obtain the user's private key.

For more information on security, you can visit our website.
Pages:
Jump to: