haltingstate



Offline



Activity: 11

Merit: 0







NewbieActivity: 11Merit: 0 Bitcoin Hardware Wallet Project November 08, 2013, 04:20:34 PM

Last edit: November 21, 2013, 11:40:46 AM by haltingstate #1



The wallet private keys stay on the hardware device and never leave. The hardware device can be put in a colocation center or stored somewhere safe and you can authorize transactions remotely over internet with a USB device. The USB device has a keypad and a shared secret. A pin number is required to authorize transactions, to keep the Bitcoin safe if the key device is stolen.



The hardware wallet is encrypted and uses BIP32, if the wallet device is lost or stolen, you can recover the Bitcoin. This is perfect for exchange operators and other people who want the safety of a "cold wallet" but still need to do transactions from the wallet.



This project needs community support to happen.



=== About Me



I have been active in the Bitcoin community for years I wrote the golang secp256k1 wrapper and helped debug Sipa's libsecp256k1 cryptography library that Bitcoin will be switching to.



Here is my github:



I am now working on getting Sipa's libsecp256k1 library to compile for android and ARM processors. This is the first step in a larger project aimed at building a high security bitcoin hardware wallet.



The wallet should be

- open source

- secure as a cold wallet

- easy to use

- look cool



=== Implementation



There are two parts to the hardware wallet.

1> A secure 32 bit ARM board, which stores bitcoin private keys and can sign with the keys. This device stores the cold wallet private keys. The private keys never leave the device. This goes in an underground Swiss bunker.

2> A keyfob device that connects to a computer and requires a pin number in order to authorize bitcoin transactions from the cold wallet.



https://i.imgur.com/HKbzn4g.jpg



This is the current prototype of the device for storing the bitcoin cold wallet. It has no kernel, no operating system and is not connected to a network. It has to communicate over a serial cable to a computer attached to the internet (raspberry pi?) and should be in a physically secure location.



This is the development board for the key fob. The development board is $31. For another $12 I can add bluetooth so its wireless and add a battery.



https://i.imgur.com/g2tvYbV.jpg



The production version requires a custom PCB and case to be manufactured. The production version will be much cheaper than development board version and may be as cheap as $10 for the microusb version (no battery, bluetooth). The firmware, PCB layout and casing autocad files will be released with open source license.



http://imall.iteadstudio.com/im120424001.html

http://imall.iteadstudio.com/development-platform/arduino/shields/im120417001.html

http://imall.iteadstudio.com/im120411008.html



A more expensive, premium desktop key fob can be constructed with anodized aluminum and would cost approximately $35 to $60. I am sourcing machine shops now who can CNC the laser cut anodized case.



https://i.imgur.com/eUDL3oQ.jpg



To use the device, a person would load the seed for a deterministic wallet onto the wallet device. Then they would associate the key fob with the wallet device and sets a pin number. To make transactions from a wallet, a person attaches the keyfob to a computer, makes a transaction in the Bitcoin GUI, approves the transaction in the keyfob (Verifying amount and destination) and inputs their pin number into the device.



Using and HMAC authentication protocol, the keyfob generates an authentication code that is sent to the hardware wallet. The hardware wallet then returns the signatures for the addresses used in the transaction.



Notice

- the private keys do not leave the hardware wallet

- if the computer is compromised, the computer cannot change the destination address of an authorized transaction

- if the computer is compromised, the trojan does not have access to the private keys used in the transaction (the wallet is safe)

- if the hardware wallet is stolen, it cannot be used to make transactions without the pin number

- if your keyfob device is stolen, they will be locked out after a certain number of failed key attempts to prevent brute forcing



There are several details of the protocol for security (HMAC authentication, encryption of communication between fob and wallet shared secret, encryption between the computer and wallet etc...), which I wont go into in detail.



The keyfob requires an lcd screen and a keypad. A less secure but more convenient device, I call the "Credstick" after the currency in Shadowrun. A Bitcoin credit stick is a USB device the size of a quarter with two buttons on it. A credstick uses the same software as the keyfob, but without the hardware keypad and LCD display. They are low cost, disposable and secure.



These are examples of simple AVR 8-bit microprocessors which are suitable for a credstick implementation.



https://i.imgur.com/9qxp03l.jpg



https://i.imgur.com/s0iWIOL.jpg



https://i.imgur.com/51PwWL1.jpg



You "load" the credit stick with authorizations for an amount of Bitcoin associated with a particular hardware wallet. To spend the credits you plug in the credit stick, do a transaction and press the authorize button on the cred stick. The cred stick then goes to the hardware wallet server and returns signatures for a transaction.



These can be cheap, disposable $5 devices for daily spending and for use at the point of sale (example: buying a cup of coffee). To make a payment at the point of sale, you swipe the USB device over the POS terminal. Then you you press the button on the credit stick to authorize the transaction. The POS terminal communicates with the issuing hardware wallet and receives the signatures for the bitcoin transaction.



=== Whats left



I need to finish porting libsecp256k1 to compile on ARM Cortex-M3. I need to finalize and document the cryptographic exchange protocols. I need to get AES and SHA256 libraries working on ARM Cortex-M3.



=== What you can do



I am finishing porting secp256k1, SHA256 and AES C libraries to compile for the ARM Cortex-M3. I have to write protocol spec for key storage and remote signing and then finish implementation (surprisingly easy actually).



Then I need to design the form factor for the box the hardware wallet will go in and the form factor for the high end keyfob. I am looking at using laser cut 0.25" anodized aluminum for the casing and a button style based upon the monome. I have a cheap CNC place sourced out that can do this work.



It will be a 3x4 keypad with a ~3" LCD display in this style.



https://i.imgur.com/j6MIzSf.jpg



It would also be interesting to make a device in this style. Black anodized aluminum with tron style LED keys.



https://i.imgur.com/BiVVLKY.jpg



I need a smaller button size than the monome so I am making prototypes in low temperature thermoplastic and determining what kind of switches to use for the keypad. Then I need to create a breadboard prototype and PCB layout.



Once the software for the hardware wallet and keyfob is working on the dev boards, we need to update bitcoind to support transactions with remote signing. Then we need to push for the major wallets to adapt option for remote signing from external devices. Trezor has already started on this, so should see some progress on this front soon.



=== Whats going to happen



1> Libraries for bitcoin crypto working on ARM/Android (almost done with this; will be on github soon)

2> Libraries for key storage and remote signing on ARM devices and hardware prototype

3> Software for the key fob on development board (only doing this is there is demand for it and community support)

4> Professionally made PCB boards and iPhone style anodized aluminum casing (requires $$$ and order volume; its going to be $150/unit with 6 units, which is not to bad)



I am open sourcing

- software/firmware for ARM Cortex-M3 hardware wallet

- software/firmware for the key fob and bitcoin credstick

- PCB layouts and components for keyfob and bitcoin credstick



If the community wants to chip in, I have someone good/cheap who will write the keyfob firmware for the $31 commodity hardware. For the custom PCB devices and devices on anodized aluminum casing, we will have to do a kickstarter style thing and I will only be responsible for it if there is enough demand.





Update/Appendex/Rant:



=== Advanced Security: What is keeping your hardware wallet safe?



I believe that the ARM hardware wallet implementation will be significantly more secure than hosting private keys on Amazon or keeping them on servers exposed to the public internet. The wallet has no operating system, no kernel, no external code and is unable to even read messages that are not signed withcrytographic keys and all communication with the outside world occurs over a serial cable.



The hardware wallet is designed to have the security advantages of a cold paper wallet, while still allowing bitcoins transactions to be authorized from the wallet. Bitcoin cannot be stolen from the wallet, even if the wallet is used from a compromised computer. It is idiot proof.



=== Exchange Security: Standard for User Authentication



This is how to keep coins from being looted from exchanges. If a user deposits 10 bitcoins, you create a credstick credit of 10 bitcoins for that user. Users cannot withdraw more Bitcoin than they have. A user with 10 Bitcoin cannot withdraw 2000 Bitcoin from the exchange. The hardware wallet wont let them. Where as right now, if a user gains access to the server running the exchange , they can loot all the bitcoins on the server.



- If a user sells something for 2 bitcoin, you increase their credit by 2 bitcoin.

- If they buy something for 8 bitcoin, you decrease their creditby 8 bitcoin.

- A credit has to come from somewhere (either a deposit or from another user, who is debited).

- The total number of credits for all users must sum to the number of bitcoin in the hardware wallet.



So in order to steal bitcoin, a hacker has to gain control over the authenticate for the credstick accounts for each user and loot them individually. You store part of the authorization on a $4 USB dongle. The hardware wallet will not authenticate a withdraw from a user unless they pass an HMAC 2-factor auth that involves possession of the associated $4 USB dongle. Once the user has associated the account with the credstick dongle, the service will not permit withdraws without the possession of the dongle. Over-riding the dongle 2-factor authentication requirement would require action by the service operator using their keyfob.



For instance a user losing their keyfob might have to authenticate by typing in a number received through cell phone text message. Some users will be idiots and will not get the $4 dongle and they deserve to have their bitcoin stolen. These $4 dongles can act as an additional 2-factor authentication system that can be standardized across multiple bitcoin services. This is a hardware wallet. It prevents your Bitcoin from being stolen. It stores your Bitcoin wallet and protects your Bitcoin. Other people will be unable to steal your Bitcoin, even if your computer is completely broken into and compromised. If your computer is infected with a trojan and there is a key logger and they have complete control of the system, the Bitcoin will still be safe.The wallet private keys stay on the hardware device and never leave. The hardware device can be put in a colocation center or stored somewhere safe and you can authorize transactions remotely over internet with a USB device. The USB device has a keypad and a shared secret. A pin number is required to authorize transactions, to keep the Bitcoin safe if the key device is stolen.The hardware wallet is encrypted and uses BIP32, if the wallet device is lost or stolen, you can recover the Bitcoin. This is perfect for exchange operators and other people who want the safety of a "cold wallet" but still need to do transactions from the wallet.This project needs community support to happen.=== About MeI have been active in the Bitcoin community for years I wrote the golang secp256k1 wrapper and helped debug Sipa's libsecp256k1 cryptography library that Bitcoin will be switching to.Here is my github: https://github.com/haltingstate I am now working on getting Sipa's libsecp256k1 library to compile for android and ARM processors. This is the first step in a larger project aimed at building a high security bitcoin hardware wallet.The wallet should be- open source- secure as a cold wallet- easy to use- look cool=== ImplementationThere are two parts to the hardware wallet.1> A secure 32 bit ARM board, which stores bitcoin private keys and can sign with the keys. This device stores the cold wallet private keys. The private keys never leave the device. This goes in an underground Swiss bunker.2> A keyfob device that connects to a computer and requires a pin number in order to authorize bitcoin transactions from the cold wallet.This is the current prototype of the device for storing the bitcoin cold wallet. It has no kernel, no operating system and is not connected to a network. It has to communicate over a serial cable to a computer attached to the internet (raspberry pi?) and should be in a physically secure location.This is the development board for the key fob. The development board is $31. For another $12 I can add bluetooth so its wireless and add a battery.The production version requires a custom PCB and case to be manufactured. The production version will be much cheaper than development board version and may be as cheap as $10 for the microusb version (no battery, bluetooth). The firmware, PCB layout and casing autocad files will be released with open source license.A more expensive, premium desktop key fob can be constructed with anodized aluminum and would cost approximately $35 to $60. I am sourcing machine shops now who can CNC the laser cut anodized case.To use the device, a person would load the seed for a deterministic wallet onto the wallet device. Then they would associate the key fob with the wallet device and sets a pin number. To make transactions from a wallet, a person attaches the keyfob to a computer, makes a transaction in the Bitcoin GUI, approves the transaction in the keyfob (Verifying amount and destination) and inputs their pin number into the device.Using and HMAC authentication protocol, the keyfob generates an authentication code that is sent to the hardware wallet. The hardware wallet then returns the signatures for the addresses used in the transaction.Notice- the private keys do not leave the hardware wallet- if the computer is compromised, the computer cannot change the destination address of an authorized transaction- if the computer is compromised, the trojan does not have access to the private keys used in the transaction (the wallet is safe)- if the hardware wallet is stolen, it cannot be used to make transactions without the pin number- if your keyfob device is stolen, they will be locked out after a certain number of failed key attempts to prevent brute forcingThere are several details of the protocol for security (HMAC authentication, encryption of communication between fob and wallet shared secret, encryption between the computer and wallet etc...), which I wont go into in detail.The keyfob requires an lcd screen and a keypad. A less secure but more convenient device, I call the "Credstick" after the currency in Shadowrun. A Bitcoin credit stick is a USB device the size of a quarter with two buttons on it. A credstick uses the same software as the keyfob, but without the hardware keypad and LCD display. They are low cost, disposable and secure.These are examples of simple AVR 8-bit microprocessors which are suitable for a credstick implementation.You "load" the credit stick with authorizations for an amount of Bitcoin associated with a particular hardware wallet. To spend the credits you plug in the credit stick, do a transaction and press the authorize button on the cred stick. The cred stick then goes to the hardware wallet server and returns signatures for a transaction.These can be cheap, disposable $5 devices for daily spending and for use at the point of sale (example: buying a cup of coffee). To make a payment at the point of sale, you swipe the USB device over the POS terminal. Then you you press the button on the credit stick to authorize the transaction. The POS terminal communicates with the issuing hardware wallet and receives the signatures for the bitcoin transaction.=== Whats leftI need to finish porting libsecp256k1 to compile on ARM Cortex-M3. I need to finalize and document the cryptographic exchange protocols. I need to get AES and SHA256 libraries working on ARM Cortex-M3.=== What you can doI am finishing porting secp256k1, SHA256 and AES C libraries to compile for the ARM Cortex-M3. I have to write protocol spec for key storage and remote signing and then finish implementation (surprisingly easy actually).Then I need to design the form factor for the box the hardware wallet will go in and the form factor for the high end keyfob. I am looking at using laser cut 0.25" anodized aluminum for the casing and a button style based upon the monome. I have a cheap CNC place sourced out that can do this work.It will be a 3x4 keypad with a ~3" LCD display in this style.It would also be interesting to make a device in this style. Black anodized aluminum with tron style LED keys.I need a smaller button size than the monome so I am making prototypes in low temperature thermoplastic and determining what kind of switches to use for the keypad. Then I need to create a breadboard prototype and PCB layout.Once the software for the hardware wallet and keyfob is working on the dev boards, we need to update bitcoind to support transactions with remote signing. Then we need to push for the major wallets to adapt option for remote signing from external devices. Trezor has already started on this, so should see some progress on this front soon.=== Whats going to happen1> Libraries for bitcoin crypto working on ARM/Android (almost done with this; will be on github soon)2> Libraries for key storage and remote signing on ARM devices and hardware prototype3> Software for the key fob on development board (only doing this is there is demand for it and community support)4> Professionally made PCB boards and iPhone style anodized aluminum casing (requires $$$ and order volume; its going to be $150/unit with 6 units, which is not to bad)I am open sourcing- software/firmware for ARM Cortex-M3 hardware wallet- software/firmware for the key fob and bitcoin credstick- PCB layouts and components for keyfob and bitcoin credstickIf the community wants to chip in, I have someone good/cheap who will write the keyfob firmware for the $31 commodity hardware. For the custom PCB devices and devices on anodized aluminum casing, we will have to do a kickstarter style thing and I will only be responsible for it if there is enough demand.=== Advanced Security: What is keeping your hardware wallet safe?I believe that the ARM hardware wallet implementation will be significantly more secure than hosting private keys on Amazon or keeping them on servers exposed to the public internet. The wallet has no operating system, no kernel, no external code and is unable to even read messages that are not signed withcrytographic keys and all communication with the outside world occurs over a serial cable.The hardware wallet is designed to have the security advantages of a cold paper wallet, while still allowing bitcoins transactions to be authorized from the wallet. Bitcoin cannot be stolen from the wallet, even if the wallet is used from a compromised computer.=== Exchange Security: Standard for User AuthenticationThis is how to keep coins from being looted from exchanges. If a user deposits 10 bitcoins, you create a credstick credit of 10 bitcoins for that user. Users cannot withdraw more Bitcoin than they have. A user with 10 Bitcoin cannot withdraw 2000 Bitcoin from the exchange. The hardware wallet wont let them. Where as right now, if a user gains access to the server running the exchange , they can loot all the bitcoins on the server.- If a user sells something for 2 bitcoin, you increase their credit by 2 bitcoin.- If they buy something for 8 bitcoin, you decrease their creditby 8 bitcoin.- A credit has to come from somewhere (either a deposit or from another user, who is debited).- The total number of credits for all users must sum to the number of bitcoin in the hardware wallet.So in order to steal bitcoin, a hacker has to gain control over the authenticate for the credstick accounts for each user and loot them individually. You store part of the authorization on a $4 USB dongle. The hardware wallet will not authenticate a withdraw from a user unless they pass an HMAC 2-factor auth that involves possession of the associated $4 USB dongle. Once the user has associated the account with the credstick dongle, the service will not permit withdraws without the possession of the dongle. Over-riding the dongle 2-factor authentication requirement would require action by the service operator using their keyfob.For instance a user losing their keyfob might have to authenticate by typing in a number received through cell phone text message. Some users will be idiots and will not get the $4 dongle and they deserve to have their bitcoin stolen. These $4 dongles can act as an additional 2-factor authentication system that can be standardized across multiple bitcoin services.