slush



Offline



Activity: 1386

Merit: 1024









LegendaryActivity: 1386Merit: 1024 [ESHOP launched] Trezor: Bitcoin hardware wallet November 05, 2012, 01:45:11 PM

Last edit: August 04, 2014, 02:07:22 PM by slush Merited by OgNasty (1), vapourminer (1), TheBeardedBaby (1) #1

TREZOR finally for sale!



TREZOR The Bitcoin Safe is ultimately secure

and easy to use hardware bitcoin wallet.





TREZOR The Bitcoin Safe is ultimately secureand easy to use hardware bitcoin wallet.

TREZOR FAQ











Original post:



Hello all!



Today we'd like to announce a project I and



We are creating a hardware bitcoin wallet, basically a device that is a secure place to store private keys to your bitcoin addresses. Because all transactions are signed in the device itself, the keys never leave the device and thus cannot be stolen by a virus, malicious code or an attacker.



We believe that this project is very improtant for the bitcoin world, because it gives the ability to use the highest possible security measures, which were only available for geeks until now, for all bitcoin users, even the non-technical savvy ones.



There will be two versions of the wallet available:

1) A shield for Raspberry Pi (for DIY hackers)

2) Custom hardware based solution (for common consumers)



Both versions will be open-source (both hardware and software!) and will provide the same functionality, like for example:



* Deterministic

* No need for periodic backups, writing down the seed to paper during the device initialization will be enough forever

* Unlimited count of inputs and outputs in transaction (transaction streaming API)

* Plug & Play - no driver installation on a desktop computer required

* Unauthorized physical access to wallet protected by PIN

* Optionally wallet will require one-time-passwords for important actions



Custom hardware version will have these extra features:



* Impossibility to obtain private keys from the device in a case of theft

* Impossibility to re-flash the device with malicious code

* Possibility to do paper-backup of private keys only once during wallet initialization

* iPod Shuffle sized aluminium case for durability and robustness

* Variety of colors to tell the wallets apart by simply looking at them



We believe that we have enough knowledge and experience to succesfully finalize this product. Stick is a hacker and he has been involved in development for quite some time. He's also one of the founders of Brmlab hackerspace, which you may know from Prague Bitcoin conference 2011. We've already done arrangements with a hardware manufacturer who has confirmed that he's able to deliver casings for our custom solution.



Sneak peek preview of our hardware:

Hello all!Today we'd like to announce a project I and stick have been working on for the last couple of weeks. We decided that we want to keep the development open since the beginning.We are creating a hardware bitcoin wallet, basically a device that is a secure place to store private keys to your bitcoin addresses. Because all transactions are signed in the device itself, the keys never leave the device and thus cannot be stolen by a virus, malicious code or an attacker.We believe that this project is very improtant for the bitcoin world, because it gives the ability to use the highest possible security measures, which were only available for geeks until now, for all bitcoin users, even the non-technical savvy ones.There will be two versions of the wallet available:1) A shield for Raspberry Pi (for DIY hackers)2) Custom hardware based solution (for common consumers)Both versions will be open-source (both hardware and software!) and will provide the same functionality, like for example:* Deterministic BIP 0032 compatible wallet algorithm (=unlimited count of addresses)* No need for periodic backups, writing down the seed to paper during the device initialization will be enough forever* Unlimited count of inputs and outputs in transaction (transaction streaming API)* Plug & Play - no driver installation on a desktop computer required* Unauthorized physical access to wallet protected by PIN* Optionally wallet will require one-time-passwords for important actionsCustom hardware version will have these extra features:* Impossibility to obtain private keys from the device in a case of theft* Impossibility to re-flash the device with malicious code* Possibility to do paper-backup of private keys only once during wallet initialization* iPod Shuffle sized aluminium case for durability and robustness* Variety of colors to tell the wallets apart by simply looking at themWe believe that we have enough knowledge and experience to succesfully finalize this product. Stick is a hacker and he has been involved in development for quite some time. He's also one of the founders of Brmlab hackerspace, which you may know from Prague Bitcoin conference 2011. We've already done arrangements with a hardware manufacturer who has confirmed that he's able to deliver casings for our custom solution.Sneak peek preview of our hardware: Buy Trezor! | Slush Pool | SatoshiLabs

slush



Offline



Activity: 1386

Merit: 1024









LegendaryActivity: 1386Merit: 1024 Re: [ANN] Hardware wallet project November 05, 2012, 01:46:01 PM

Last edit: July 08, 2014, 09:50:43 PM by slush #2



19.11.2012: First preview of the design. Dimensions are 60x40x10 mm 50x35x10mm (edited 22.11.2012).





19.11.2012: First prototype of Raspberry Pi shield.





22.11.2012: First batch of displays received. OLED, 128x64 pixels.





22.11.2012: First casing prototype has been printed out! How it has been made:

http://www.youtube.com/watch?v=-uYW3ks0WwA





29.11.2012: Second casing version printed (it is bit smaller than previous one):





04.01.2013: First succesfully CNC'ed and assembled casing!





19.01.2013: First eloxed (colored) prototypes.





04.02.2013: First design of PCB





11.02.2013: PCBs just arrived!





18.03.2013: Trezor Shield performing some Unit Tests. Ethernet connection is used just for debugging purposes, main communication is done over USB cable with final protocol which will be used in the final product. Computer doesn't need any drivers, Trezor Shield is acting as USB HID device (like keyboard or mouse).

http://youtu.be/p1qnwKbZBVA



01.04.2013: Celebrating $100 while working on Trezor!





08.09.2013: First Metallic arrived!





21.11.2013: PCBs for preorders are ready





20.02.2014: Product package design





22.02.2014: Metallics on table ready to ship





08.07.2014: Trezor likes Club Mate

22.11.2012: Display shield for Stellaris Launchpad prototype.19.11.2012: First preview of the design. Dimensions are50x35x10mm (edited 22.11.2012).19.11.2012: First prototype of Raspberry Pi shield.22.11.2012: First batch of displays received. OLED, 128x64 pixels.22.11.2012: First casing prototype has been printed out! How it has been made:29.11.2012: Second casing version printed (it is bit smaller than previous one):04.01.2013: First succesfully CNC'ed and assembled casing!19.01.2013: First eloxed (colored) prototypes.04.02.2013: First design of PCB11.02.2013: PCBs just arrived!18.03.2013: Trezor Shield performing some Unit Tests. Ethernet connection is used just for debugging purposes, main communication is done over USB cable with final protocol which will be used in the final product. Computer doesn't need any drivers, Trezor Shield is acting as USB HID device (like keyboard or mouse).01.04.2013: Celebrating $100 while working on Trezor!08.09.2013: First Metallic arrived!21.11.2013: PCBs for preorders are ready20.02.2014: Product package design22.02.2014: Metallics on table ready to ship08.07.2014: Trezor likes Club Mate Buy Trezor! | Slush Pool | SatoshiLabs

Jutarul

Legendary



Offline



Activity: 994

Merit: 1000









DonatorLegendaryActivity: 994Merit: 1000 Re: [ANN] Hardware wallet project November 05, 2012, 02:38:07 PM #5 Nice! Are you planning on creating a company to sell these products? Do you need seed money for prototype development? The ASICMINER Project https://bitcointalk.org/index.php?topic=99497.0

"The way you solve things is by making it politically profitable for the wrong people to do the right thing.", Milton Friedman "The way you solve things is by making it politically profitable for the wrong people to do the right thing.", Milton Friedman

jim618



Offline



Activity: 1708

Merit: 1000









LegendaryActivity: 1708Merit: 1000 Re: [ANN] Hardware wallet project November 05, 2012, 02:49:03 PM

Last edit: November 05, 2012, 03:03:24 PM by jim618 #6 Quote from: Belkaar on November 05, 2012, 02:20:40 PM Would you describe how a standard transaction would take place?

Do I have to plug it into a PC? Do I need extra software? Is it Web-Service based?



There is quite a lot of coding to make it all work, but MultiBit is planning to support these devices.



You would have a watch only wallet in your desktop client with all the transactions in it. When you want to do a send MultiBit creates the transaction and passes it to the device for signing via USB. The transaction comes back and the MultiBit sends it off to the network.



Slush has also created a fork of Electrum where he is coding up the wire protocol etc. This is in protobuf format so anything like python, C++, Java can use it.



Edit: Java devs who are interested in helping please PM me !



There is quite a lot of coding to make it all work, but MultiBit is planning to support these devices.You would have a watch only wallet in your desktop client with all the transactions in it. When you want to do a send MultiBit creates the transaction and passes it to the device for signing via USB. The transaction comes back and the MultiBit sends it off to the network.Slush has also created a fork of Electrum where he is coding up the wire protocol etc. This is in protobuf format so anything like python, C++, Java can use it.Edit: Java devs who are interested in helping please PM me ! MultiBit HD Lightweight desktop client. Bitcoin Solutions Ltd Bespoke software. Consultancy.

slush



Offline



Activity: 1386

Merit: 1024









LegendaryActivity: 1386Merit: 1024 Re: [ANN] Hardware wallet project November 05, 2012, 02:55:48 PM #9 Quote Do I have to plug it into a PC? Do I need extra software? Is it Web-Service based?



It will be USB device (micro USB connector like phones). You won't need to install any drivers, everything you'll need is to have desktop Bitcoin wallet (like Electrum or Multibit) capable to talk with the device. At this stage I'm in touch with Multibit developers and I'm working on Electrum...



Quote from: Belkaar on November 05, 2012, 02:20:40 PM Would you describe how a standard transaction would take place?



1. You connect the device into the USB and run Bitcoin wallet software

2. It automatically recognizes the device (by matching VendorID and ProductID of USB bus)

3. Software ask for master public key. Then it will be able to show your addresses and their balances.

4. When you want to send some coins, software creates template of bitcoin transaction and send it to wallet device.

5. Device displays transaction summary on its display and ask you to confirm transaction by pressing hardware button

6. Device signs transactions using private key stored in the device and sends signed transaction to desktop software.

7. Desktop software sends signed transaction to the bitcoin network.

It will be USB device (micro USB connector like phones). You won't need to install any drivers, everything you'll need is to have desktop Bitcoin wallet (like Electrum or Multibit) capable to talk with the device. At this stage I'm in touch with Multibit developers and I'm working on Electrum...1. You connect the device into the USB and run Bitcoin wallet software2. It automatically recognizes the device (by matching VendorID and ProductID of USB bus)3. Software ask for master public key. Then it will be able to show your addresses and their balances.4. When you want to send some coins, software creates template of bitcoin transaction and send it to wallet device.5. Device displays transaction summary on its display and ask you to confirm transaction by pressing hardware button6. Device signs transactions using private key stored in the device and sends signed transaction to desktop software.7. Desktop software sends signed transaction to the bitcoin network. Buy Trezor! | Slush Pool | SatoshiLabs

2112



Offline



Activity: 2128

Merit: 1038









LegendaryActivity: 2128Merit: 1038 Re: [ANN] Hardware wallet project November 05, 2012, 03:59:49 PM #14 Quote from: slush on November 05, 2012, 03:34:12 PM http://www.nxp.com/documents/application_note/AN10968.pdf



Chapter 3 (page 4) describes security level of the chip we currently want to use. Do you know about some cheap and quick solution how to skip this protection and read the seed from the device?



It is probably possible to read memory with high level laboratory equipment, but purpose of seed protection is that attacker need some time to read memory, so original owner can reload the seed to another device and send his coins out of compromised seed.

Chapter 3 (page 4) describes security level of the chip we currently want to use. Do you know about some cheap and quick solution how to skip this protection and read the seed from the device?It is probably possible to read memory with high level laboratory equipment, but purpose of seed protection is that attacker need some time to read memory, so original owner can reload the seed to another device and send his coins out of compromised seed.



But people like



Now that you've given the intended part number interested people can look up the information about various side-channel attacks on those chips. From a brief description of your intended deterministic wallet design I presume that it will be sufficient to exfiltrate only 512 bits to empty the whole wallet.



Thank you very much for your disclosure.



Edit: I'm adding a link to my earlier post about how to strenghten an USB-powered device against side-channel attacks. I know that your chip of choice lacks NEON, but please read it to the end.



https://bitcointalk.org/index.php?topic=78614.msg931995#msg931995



I'm personally out of the hardware design business for many years now.But people like http://www.mcu-reverse.com/ could give an estimate.Now that you've given the intended part number interested people can look up the information about various side-channel attacks on those chips. From a brief description of your intended deterministic wallet design I presume that it will be sufficient to exfiltrate only 512 bits to empty the whole wallet.Thank you very much for your disclosure.Edit: I'm adding a link to my earlier post about how to strenghten an USB-powered device against side-channel attacks. I know that your chip of choice lacks NEON, but please read it to the end.

Long-term mining prognosis: Please comment, critique, criticize or ridicule BIP 2112: https://bitcointalk.org/index.php?topic=54382.0 Long-term mining prognosis: https://bitcointalk.org/index.php?topic=91101.0

2112



Offline



Activity: 2128

Merit: 1038









LegendaryActivity: 2128Merit: 1038 Re: [ANN] Hardware wallet project November 05, 2012, 04:38:54 PM

Last edit: November 05, 2012, 04:49:29 PM by 2112 #18 Quote from: slush on November 05, 2012, 04:24:29 PM Afaik these attacks are more teoretical than in daily use. I'm not saying that it is impossible to get seed with unrestricted physical access to the wallet and good laboratory equipment. But still wallet owner have enough time to send his coins outside the seed.



Even with those teoretical attacks, real safety of such wallet is much higher than any existing solution.

The good laboratory equipment is required only to design the attack. Once you have the attack developed it takes very cheap equipment to implement it, because you already know how and where to look on the chip-pin waveform.



Maybe if people develop a habit of frequently connecting it their mobile phone or otherwise involve it in their daily routines their reaction to physical theft will be quick enough to prevent the logical theft of bitcoins.



Edit: Actually I recalled a bit. I believe you are located in Prague, Czechia. There's a company there called BLADOX and there was a guy called Deian or Deyan that had found some very creative ways to abuse their products.

The good laboratory equipment is required only to design the attack. Once you have the attack developed it takes very cheap equipment to implement it, because you already know how and where to look on the chip-pin waveform.Maybe if people develop a habit of frequently connecting it their mobile phone or otherwise involve it in their daily routines their reaction to physical theft will be quick enough to prevent the logical theft of bitcoins.Edit: Actually I recalled a bit. I believe you are located in Prague, Czechia. There's a company there called BLADOX and there was a guy called Deian or Deyan that had found some very creative ways to abuse their products.

Long-term mining prognosis: Please comment, critique, criticize or ridicule BIP 2112: https://bitcointalk.org/index.php?topic=54382.0 Long-term mining prognosis: https://bitcointalk.org/index.php?topic=91101.0