Topic: OVERVIEW: BITCOIN HARDWARE WALLETS █████████████████ Secure your Coins - page 27. (Read 122206 times)

How do you load the bitstream ? Then how do you lock it ? Also how do you avoid getting back to square one (properly locking down the device) if you depend on a non corrupted bitstream in the first place ? Which FPGA do you plan to use ?


it's exactly the same problem if someone manages to change the bitstream. where is it loaded from ?


except you can't verify the generated bitstream on many (all ?) typical commercial FPGAs, so you blindly trust the generator.


you can still check the generated assembly code, at least, while you can't read the generated bitstream.


ok, so how do you reprogram it and avoid getting a "bad" firewall uploaded then ?

The final price depends strongly on the quantity, thus on the community interest in our solution. During the following month we are advertising in order to determine the mass production volume and unit price. The price could be anywhere between 50 to 250$.


www.eliptibox.com

We are working hard on the product and making good progress. It's a complex project and we prefer not to set over-optimistic expectations.
You are welcome to subscribe at our site to receive proof-of-work updates.
We didn't set the price yet, however our intention is to distribute EliptiBox as a community platform with low margins.


www.eliptibox.com

FPGAs are used today in many markets instead of ASICs, such as 10-100 GbEthernet, wireless communication, high throughput encryption, even in smartphones (project ARA). As mentioned, their ability to implement any logic function is a great asset. But after the FPGA is configured at power-on, it is not possible to change it's function over the input-output pins.

However, microcontroller is prone to attacks from it's input-output pins and dedicated interfaces (uart, usb, etc.). If a remote attacker was able to change the code on the microcontroller flash, only a single successful attack is needed. Afterwards the infected microcontroller can leak private keys, attack any device it is connected to (see recent usb vulnerability) and more without the user knowing it. (example: http://www.bunniestudios.com/blog/?p=3554)

With FPGA a developer controls every single bit and logic gate inside the chip as a routine.
With microcontroller you have to trust the compiler and effectively can not check the resulting binary code, because it is very different from the high-level C code written by developer.

FPGA configuration can be done only over dedicated pins of the chip, which are not accessible from external interface.

Moreover, we will publish the source code of the firewall, so that anyone can compile it on our development kit and validate the functionality.

You are welcome to subscribe at our site to receive in-depth design documentation to be published gradually.

www.eliptibox.com

FPGAs are actually harder to secure than any other kind of hardware - they're designed for flexible & fast hardware emulation, not security (and add proprietary bitstreams on top of that, which make it harder to understand what the chip is actually doing - f.e. see https://eprint.iacr.org/2014/649.pdf).

I fail to see what kind of added security an FPGA would bring, compared to another microcontroller performing the same checks using a totally different code base than the wallet code.

So how much will eliptibox be, and when is the 1st batch scheduled for ?

FPGA enables complete decoupling between the communication messages wallet-external app and the wallet crypto code.

With regular microcontoller (that all HW wallets use) the code you write in editor is not the code that runs on the device. Compiler optimizes (=rewrites) it and linker adds large blocks of 3rd party code automatically. Furthermore, usually the messages data is at the same physical memory as the code, so it is possible to change the code of the microcontroller by malicious message injection that exploits bugs in the chip design or the code. (buffer overflow as a common example).

If the same microcontroller is connected directly to the external interface, like USB, Cellular or BT, remote attacker can gain control over the interface and base his attacks from inside the wallet. We often read about new interface breach, like in USB or GSM or weak BT.

However, in FPGA you run exactly the code you've written and can verify it by looking at the final silicon configuration. There is no software or ability to change the FPGA code when running. So the code for the internal MCU can be upgraded and multiple external non-secure interfaces can be used without breaching the security.
FPGA chip sits in-between and makes sure only "legal" data goes through.


www.eliptibox.com

They are all looks cool.
I like  CryptoLabs Case.
I read article about it
https://www.cryptocoinsnews.com/cryptolabs-case-bitcoin-hardware-wallet-melds-biometrics-multi-sig-ease-use/

Nice features.
If I ever get amount worth of buying it, that will be my choice.
Why?
It's simple: "Without having possession of the device, there is no way to get that key."

I also was wondering why a field programable gate array would be used as a firewall. Apparently it does download block headers and stores tx info on the device, so says their site.

I've found more info here:

https://bitcointalksearch.org/topic/m.10601510

Thanks mate , really appreciate it hopefully they accept different payment methods

~ Madness

Thread : https://bitcointalksearch.org/topic/coolwallet-launched-resellers-are-wanted-915649. Good luck!

   -MZ

Oh I see , do you mind linking me to their thread ? their thread is here on Bitcointalk ?
~ Madness

You will have to purchase through Indiegogo. It's crowdfunding article. If you want to buy with BTC, post in their thread.

   -MZ

Oh , It's not available as far as I know , when I click "Purchase" , it redirect me to an Article on Indiegogo instead of doing the Payment process.

~ Madness

See second wallet in OP. Yes, it can be used for cold storage as well as for trading.

   -MZ

Never understood what is a Cool wallet is Cool wallet = Cold storage ? if yes what is Cold storaeg ? xD

~ Madness

Ledger wallet is nice and clean. There are few videos in YouTube, search 'Ledger bitcoin wallet' there. It is easy to setup. But why don't you go for CoolWallet?

   -MZ

1. CryptoLabs "Case" looks pretty cool ... but seems like It didn't come out yet and I'am losing hope here . If nothing comes out very soon I guess I will go with Ledger wallet anyone here used it before ? thanks .

~ Madness

Interesting concept, thanks for sharing. What does "fpga hardware firewall" means? Why do you need this if you do only offline signing? I don't assume that this wallet downloads the blockchain to let you view your transactions.