Bitcoin Forum
March 28, 2024, 11:15:58 PM *
News: Latest Bitcoin Core release: 26.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1] 2 »  All
  Print  
Author Topic: Physical device to generate public/private key pairs  (Read 4631 times)
bg002h (OP)
Donator
Legendary
*
Offline Offline

Activity: 1461
Merit: 1047


I outlived my lifetime membership:)


View Profile WWW
October 07, 2012, 08:33:49 PM
 #1

How hard would it be to build an electronic device that could generate and display a Bitcoin public / private key pair?  It would be nice to have a physical device that could, without connecting to anything, give you a new safe address to dump your coins to at the press of a button.


Hardforks aren't that hard. It’s getting others to use them that's hard.
1GCDzqmX2Cf513E8NeThNHxiYEivU1Chhe
1711667758
Hero Member
*
Offline Offline

Posts: 1711667758

View Profile Personal Message (Offline)

Ignore
1711667758
Reply with quote  #2

1711667758
Report to moderator
Unlike traditional banking where clients have only a few account numbers, with Bitcoin people can create an unlimited number of accounts (addresses). This can be used to easily track payments, and it improves anonymity.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
1711667758
Hero Member
*
Offline Offline

Posts: 1711667758

View Profile Personal Message (Offline)

Ignore
1711667758
Reply with quote  #2

1711667758
Report to moderator
1711667758
Hero Member
*
Offline Offline

Posts: 1711667758

View Profile Personal Message (Offline)

Ignore
1711667758
Reply with quote  #2

1711667758
Report to moderator
1711667758
Hero Member
*
Offline Offline

Posts: 1711667758

View Profile Personal Message (Offline)

Ignore
1711667758
Reply with quote  #2

1711667758
Report to moderator
Wekkel
Legendary
*
Offline Offline

Activity: 3108
Merit: 1531


yes


View Profile
October 07, 2012, 08:45:55 PM
 #2

How hard would it be to build an electronic device that could generate and display a Bitcoin public / private key pair?  It would be nice to have a physical device that could, without connecting to anything, give you a new safe address to dump your coins to at the press of a button.



I suppose someone can write an app for that?

bg002h (OP)
Donator
Legendary
*
Offline Offline

Activity: 1461
Merit: 1047


I outlived my lifetime membership:)


View Profile WWW
October 07, 2012, 09:01:03 PM
 #3

An app could do it...and there's lots of ways to do it on a computer...My thoughts were more along the line of security...

Hardforks aren't that hard. It’s getting others to use them that's hard.
1GCDzqmX2Cf513E8NeThNHxiYEivU1Chhe
casascius
Mike Caldwell
VIP
Legendary
*
Offline Offline

Activity: 1386
Merit: 1135


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW
October 07, 2012, 09:18:07 PM
 #4

I keep pitching credit card machines for this, since obsolete ones are available cheaply, they run C/C++, and have a satisfactory sized screen and printer for the purpose.

Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper or hardware wallets instead.
flatfly
Legendary
*
Offline Offline

Activity: 1064
Merit: 1011


View Profile
October 07, 2012, 09:21:40 PM
Last edit: October 07, 2012, 09:43:02 PM by flatfly
 #5

An app could do it...and there's lots of ways to do it on a computer...My thoughts were more along the line of security...

Even a non-connecting physical device doesn't offer more security per se.
If it's a physical device, it's usually closed source software, which means
a malicious vendor could program it to "generate" keys that are not really random, and that could be harvested at later time...

I suppose you could easily use my little "Deep Space Vagabond" application on an offline, freshly installed computer, to generate new addresses at the click of a button. See link in my signature. Source code to the very first version (which was a command-line Python script) is freely available to all, while source code for later versions is available to donators.

Alternatively if you're comfortable running Python command-line scripts, someone (I need to remember their name) made a wonderful little script doing just what you want. You could set up a Python environment on an offline computer, and then generate your keys using that script. If you're interested I can you look it up and post it here for you.

One last option is to use the fantastic vanitygen command-line tool directly. It is actually what my app relies on for generating addresses.

EDIT: at first, I didn't realize you were looking to build such a device yourself - sp my post is mostly irrelevant

My main address: 1337sfeChyyzZLzdHLewXzcaAaJSNTM893.
bg002h (OP)
Donator
Legendary
*
Offline Offline

Activity: 1461
Merit: 1047


I outlived my lifetime membership:)


View Profile WWW
October 07, 2012, 09:21:53 PM
 #6

I keep pitching credit card machines for this, since obsolete ones are available cheaply, they run C/C++, and have a satisfactory sized screen and printer for the purpose.
That's not a bad idea.  ...off to ebay...

Hardforks aren't that hard. It’s getting others to use them that's hard.
1GCDzqmX2Cf513E8NeThNHxiYEivU1Chhe
casascius
Mike Caldwell
VIP
Legendary
*
Offline Offline

Activity: 1386
Merit: 1135


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW
October 07, 2012, 09:23:09 PM
 #7

I have the SDK and compiler for Vx series, the cheapest model it supports being Vx510 (and the other models not having anything compelling that would do a better job of this)

Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper or hardware wallets instead.
bg002h (OP)
Donator
Legendary
*
Offline Offline

Activity: 1461
Merit: 1047


I outlived my lifetime membership:)


View Profile WWW
October 07, 2012, 09:27:12 PM
 #8

looks like $12 for a used credit card machine...I found a PC/USB cable for $50...I've yet to find a programming manual...

Hardforks aren't that hard. It’s getting others to use them that's hard.
1GCDzqmX2Cf513E8NeThNHxiYEivU1Chhe
casascius
Mike Caldwell
VIP
Legendary
*
Offline Offline

Activity: 1386
Merit: 1135


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW
October 07, 2012, 09:59:33 PM
 #9

Their SDKs are payware and their binaries must be signed.

But the majority of the work isn't hardware dependent.

If you can come up with a console app that will run under Linux, perhaps takes some entropy or a 32-byte private key and prints a single bitcoin address to the console, I can convert it to run on the credit card machine.  I can also provide the part that sends QR codes to the printer, given just the string to encode.

Importantly, it can't depend on having the whole openssl suite available, nor any libraries.  Whatever it is has to be pretty much self-contained, sort of like bitaddress.org is completely self contained.  These are machines with single digit megabytes of memory.

I just don't understand the inner workings of the EC math to go at it myself, but if that part were self-contained I'd have no problem producing the binary.  Possibly the best way is to surgically remove the relevant code from openssl and isolate it into its own module.

Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper or hardware wallets instead.
bg002h (OP)
Donator
Legendary
*
Offline Offline

Activity: 1461
Merit: 1047


I outlived my lifetime membership:)


View Profile WWW
October 07, 2012, 10:02:22 PM
 #10

Their SDKs are payware and their binaries must be signed.

But the majority of the work isn't hardware dependent.

If you can come up with a console app that will run under Linux, perhaps takes some entropy or a 32-byte private key and prints a single bitcoin address to the console, I can convert it to run on the credit card machine.  I can also provide the part that sends QR codes to the printer, given just the string to encode.

Importantly, it can't depend on having the whole openssl suite available, nor any libraries.  Whatever it is has to be pretty much self-contained, sort of like bitaddress.org is completely self contained.

I just don't understand the inner workings of the EC math to go at it myself, but if that part were self-contained I'd have no problem producing the binary.

I'm not sufficiently skilled to do the work with what I know now...although I'm sure I could figure it out, I haven't the time -- and surely there are people around here who know how to make it happen.  Just seems like a good idea and a good money maker for someone who can pull it off...

Hardforks aren't that hard. It’s getting others to use them that's hard.
1GCDzqmX2Cf513E8NeThNHxiYEivU1Chhe
runeks
Legendary
*
Offline Offline

Activity: 980
Merit: 1008



View Profile WWW
October 08, 2012, 01:26:06 AM
Last edit: October 08, 2012, 01:50:14 AM by runeks
 #11

If you're interested in learning ECC, Certicom has a lot of information that is reasonably easy to understand. It isn't really as complex as it may sound. Just a lot of equations.

http://www.certicom.com/images/pdfs/WP-ECCprimer.pdf
http://www.certicom.com/index.php/10-introduction

If you can come up with a console app that will run under Linux, perhaps takes some entropy or a 32-byte private key and prints a single bitcoin address to the console, I can convert it to run on the credit card machine.  I can also provide the part that sends QR codes to the printer, given just the string to encode.
How would one get entropy on such a device? Creating a standalone console app that can create an address from a private key is relatively simple. It might be something I would be up to.

It would require a standalone implementation of SHA256, RIPEMD160, EC math and BIGNUMs.

EDIT: Looking at OpenSSL's BIGNUM implementation, this depends on things as stdio.h and assert.h. What is actually available on this credit card machine?
Stephen Gornick
Legendary
*
Offline Offline

Activity: 2506
Merit: 1010


View Profile
October 08, 2012, 01:52:45 AM
 #12

How hard would it be to build an electronic device that could generate and display a Bitcoin public / private key pair?  It would be nice to have a physical device that could, without connecting to anything, give you a new safe address to dump your coins to at the press of a button.

For additional discussion on that:

Air gapped wallet printer
 - http://bitcointalk.org/index.php?topic=77930.0


Hardware Bitcoin wallet - a minimal Bitcoin wallet for embedded devices
 - http://bitcointalk.org/index.php?topic=78614.60


Offline Paper Wallet Creator - Raspberry Pi?
 - http://bitcointalk.org/index.php?topic=74615.0


Casascius Bitcoin POS system
 - http://bitcointalk.org/index.php?topic=46366.20

So obviously ... there is demand for such an item if it were to exist and be commercially available.

Unichange.me

            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █


casascius
Mike Caldwell
VIP
Legendary
*
Offline Offline

Activity: 1386
Merit: 1135


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW
October 08, 2012, 02:36:00 AM
 #13

If you're interested in learning ECC, Certicom has a lot of information that is reasonably easy to understand. It isn't really as complex as it may sound. Just a lot of equations.

http://www.certicom.com/images/pdfs/WP-ECCprimer.pdf
http://www.certicom.com/index.php/10-introduction

If you can come up with a console app that will run under Linux, perhaps takes some entropy or a 32-byte private key and prints a single bitcoin address to the console, I can convert it to run on the credit card machine.  I can also provide the part that sends QR codes to the printer, given just the string to encode.
How would one get entropy on such a device? Creating a standalone console app that can create an address from a private key is relatively simple. It might be something I would be up to.

It would require a standalone implementation of SHA256, RIPEMD160, EC math and BIGNUMs.

EDIT: Looking at OpenSSL's BIGNUM implementation, this depends on things as stdio.h and assert.h. What is actually available on this credit card machine?

stdio.h, string.h, stdlib.h, math.h should all be available.

Entropy has to come from a combination of the keypad and timer.  In addition to scraping system-specific data, during initialization we have the user mash the keyboard to initialize the entropy pool.  Using the key scan codes of the key strokes as well as the precise timing between them (system tick counter with resolution in the millisecond range) as well as the system clock, we get enough entropy to start generating keys.  Each keypress is used to add entropy to the pool, and we persist the entropy to the file system (which is saved as battery-backed RAM).

It is a whole lot like what bitaddress.org does to acquire entropy when you first load it, other than we can a) do it for longer because b) given persistent storage, we only have to exhaustively do it once.

Finally, as you might notice in my bitcoin address utility:  I prefer to generate private keys by using the SHA256 hash of a string that is partly system generated, and partly provided by the user.  The system generates a long random string (80+ characters) and then the user is invited to insert keyboard mash into the middle of it.  SHA256 is done on the resulting string plus n, where n is an incrementing number.  This provides simple auditability that the RNG isn't rigged (or if it somehow is, it won't be harmful), and allows the user a decent chance to "cut the deck", without too much worry that the user's gibberish won't have enough entropy.

Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper or hardware wallets instead.
runeks
Legendary
*
Offline Offline

Activity: 980
Merit: 1008



View Profile WWW
October 08, 2012, 05:22:10 AM
 #14

^ How much storage space and memory is available on the device? Perhaps one could compile libcrypto and libssl and statically link them with the program. libcrypto.a and libssl.a are 5.1 MB in total.
casascius
Mike Caldwell
VIP
Legendary
*
Offline Offline

Activity: 1386
Merit: 1135


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW
October 08, 2012, 05:40:30 AM
 #15

A device like this on the lowest end typically has 1-2 MB RAM and 1-2 MB Flash.

It's not constructed like a typical computer though.  The CPU can execute programs directly from flash without copying them into RAM, and the RAM is battery-backed and is the main file system.

Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper or hardware wallets instead.
runeks
Legendary
*
Offline Offline

Activity: 980
Merit: 1008



View Profile WWW
October 08, 2012, 06:36:24 AM
 #16

I can get an executable statically linked to libcrypto down to 2.3 MB. But I can't get it to compile without depending on libdl.so.
capn noe
Member
**
Offline Offline

Activity: 98
Merit: 10


View Profile
October 08, 2012, 06:44:32 AM
 #17

I'm pretty sure we have a half-dozen or so credit card machines in stock. Love to find you some dev equipment....
casascius
Mike Caldwell
VIP
Legendary
*
Offline Offline

Activity: 1386
Merit: 1135


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW
October 08, 2012, 06:46:47 AM
 #18

Whatever ended up being the successful result would have to be a module consisting strictly of code plucked from the libraries so nothing is in there that isn't called.  Sort of how bitaddress.org works.  I figure it must be possible - it's got a minimal bignumber and EC point doubling/adding and it fits in mere kilobytes.

Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper or hardware wallets instead.
runeks
Legendary
*
Offline Offline

Activity: 980
Merit: 1008



View Profile WWW
October 08, 2012, 07:09:11 AM
 #19

It seems I got it to work without libdl. The executable is now 2.2 MB. Though I'm not sure how to test if it's completely self-contained.

You're right that it must be possible to get it below 1 MB, but it's not easy when I use OpenSSL, as far as I can figure out. I've researched it a bit, and the general consensus is that you have to manually edit Makefiles, headers and possibly source files to not include unneeded functions.

I haven't been able to find an open source bignum, SHA256, RIPEMD160 and EC math implementations for C either. Let me know if you know any.
runeks
Legendary
*
Offline Offline

Activity: 980
Merit: 1008



View Profile WWW
October 08, 2012, 07:13:53 AM
Last edit: October 08, 2012, 08:08:34 AM by runeks
 #20

Haha! Doh! I was using the Debug build. The Release build is 1.1 MB.

EDIT: Hmm. I see references to .so files when I check the executable via strings:

Code:
rune@rune-desktop:~/.workspace/sbag/Release$ strings sbag|grep "\.so"
/lib64/ld-linux-x86-64.so.2
libc.so.6

Pages: [1] 2 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!