Bitcoin Forum
March 28, 2024, 07:26:16 PM *
News: Latest Bitcoin Core release: 26.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1] 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 ... 265 »
  Print  
Author Topic: [ESHOP launched] Trezor: Bitcoin hardware wallet  (Read 965784 times)
slush (OP)
Legendary
*
Offline Offline

Activity: 1386
Merit: 1097



View Profile WWW
November 05, 2012, 01:45:11 PM
Last edit: August 04, 2014, 02:07:22 PM by slush
Merited by o_e_l_e_o (2), OgNasty (1), vapourminer (1), TheBeardedBaby (1)
 #1


TREZOR finally for sale!

TREZOR The Bitcoin Safe is ultimately secure
and easy to use hardware bitcoin wallet.



TREZOR FAQ






Original post:

Hello all!

Today we'd like to announce a project I and stick have been working on for the last couple of weeks. We decided that we want to keep the development open since the beginning.

We are creating a hardware bitcoin wallet, basically a device that is a secure place to store private keys to your bitcoin addresses. Because all transactions are signed in the device itself, the keys never leave the device and thus cannot be stolen by a virus, malicious code or an attacker.

We believe that this project is very improtant for the bitcoin world, because it gives the ability to use the highest possible security measures, which were only available for geeks until now, for all bitcoin users, even the non-technical savvy ones.

There will be two versions of the wallet available:
1) A shield for Raspberry Pi (for DIY hackers)
2) Custom hardware based solution (for common consumers)

Both versions will be open-source (both hardware and software!) and will provide the same functionality, like for example:

* Deterministic BIP 0032 compatible wallet algorithm (=unlimited count of addresses)
* No need for periodic backups, writing down the seed to paper during the device initialization will be enough forever
* Unlimited count of inputs and outputs in transaction (transaction streaming API)
* Plug & Play - no driver installation on a desktop computer required
* Unauthorized physical access to wallet protected by PIN
* Optionally wallet will require one-time-passwords for important actions

Custom hardware version will have these extra features:

* Impossibility to obtain private keys from the device in a case of theft
* Impossibility to re-flash the device with malicious code
* Possibility to do paper-backup of private keys only once during wallet initialization
* iPod Shuffle sized aluminium case for durability and robustness
* Variety of colors to tell the wallets apart by simply looking at them

We believe that we have enough knowledge and experience to succesfully finalize this product. Stick is a hacker and he has been involved in development for quite some time. He's also one of the founders of Brmlab hackerspace, which you may know from Prague Bitcoin conference 2011. We've already done arrangements with a hardware manufacturer who has confirmed that he's able to deliver casings for our custom solution.

Sneak peek preview of our hardware:

Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
slush (OP)
Legendary
*
Offline Offline

Activity: 1386
Merit: 1097



View Profile WWW
November 05, 2012, 01:46:01 PM
Last edit: July 08, 2014, 09:50:43 PM by slush
 #2

22.11.2012: Display shield for Stellaris Launchpad prototype.

19.11.2012: First preview of the design. Dimensions are 60x40x10 mm 50x35x10mm (edited 22.11.2012).


19.11.2012: First prototype of Raspberry Pi shield.


22.11.2012: First batch of displays received. OLED, 128x64 pixels.


22.11.2012: First casing prototype has been printed out! How it has been made:
http://www.youtube.com/watch?v=-uYW3ks0WwA


29.11.2012: Second casing version printed (it is bit smaller than previous one):


04.01.2013: First succesfully CNC'ed and assembled casing!


19.01.2013: First eloxed (colored) prototypes.


04.02.2013: First design of PCB


11.02.2013: PCBs just arrived!


18.03.2013: Trezor Shield performing some Unit Tests. Ethernet connection is used just for debugging purposes, main communication is done over USB cable with final protocol which will be used in the final product. Computer doesn't need any drivers, Trezor Shield is acting as USB HID device (like keyboard or mouse).
http://youtu.be/p1qnwKbZBVA

01.04.2013: Celebrating $100 while working on Trezor!


08.09.2013: First Metallic arrived!


21.11.2013: PCBs for preorders are ready


20.02.2014: Product package design


22.02.2014: Metallics on table ready to ship


08.07.2014: Trezor likes Club Mate

slush (OP)
Legendary
*
Offline Offline

Activity: 1386
Merit: 1097



View Profile WWW
November 05, 2012, 02:01:50 PM
 #3

At this stage we have only internal codename for the project. For this reason I just opened the bounty for final product name: https://bitcointalk.org/index.php?topic=122440.0

Belkaar
Full Member
***
Offline Offline

Activity: 177
Merit: 100


View Profile WWW
November 05, 2012, 02:20:40 PM
 #4

Would you describe how a standard transaction would take place?
Do I have to plug it into a PC? Do I need extra software? Is it Web-Service based?

bitcoinCodes.com: Get XBox live, PSN and WoW game time codes fast and anonymously
Android RPC client: Bitcoiner
Bitmessage: BM-GtcxVju35PGuD6es9vrF1SXtCVxScbjB
Jutarul
Donator
Legendary
*
Offline Offline

Activity: 994
Merit: 1000



View Profile
November 05, 2012, 02:38:07 PM
 #5

Nice! Are you planning on creating a company to sell these products? Do you need seed money for prototype development?

The ASICMINER Project https://bitcointalk.org/index.php?topic=99497.0
"The way you solve things is by making it politically profitable for the wrong people to do the right thing.", Milton Friedman
jim618
Legendary
*
Offline Offline

Activity: 1708
Merit: 1066



View Profile WWW
November 05, 2012, 02:49:03 PM
Last edit: November 05, 2012, 03:03:24 PM by jim618
 #6

Would you describe how a standard transaction would take place?
Do I have to plug it into a PC? Do I need extra software? Is it Web-Service based?

There is quite a lot of coding to make it all work, but MultiBit is planning to support these devices.

You would have a watch only wallet in your desktop client with all the transactions in it. When you want to do a send MultiBit creates the transaction and passes it to the device for signing via USB.  The transaction comes back and the MultiBit sends it off to the network.

Slush has also created a fork of Electrum where he is coding up the wire protocol etc. This is in protobuf format so anything like python, C++, Java can use it.

Edit: Java devs who are interested in helping please PM me !


MultiBit HD   Lightweight desktop client.                    Bitcoin Solutions Ltd   Bespoke software. Consultancy.
VeeMiner
Hero Member
*****
Offline Offline

Activity: 752
Merit: 500


bitcoin hodler


View Profile
November 05, 2012, 02:53:04 PM
 #7

sounds great, looking forward to seeing more information!
2weiX
Legendary
*
Offline Offline

Activity: 2058
Merit: 1005

this space intentionally left blank


View Profile
November 05, 2012, 02:53:51 PM
 #8

Wasn't there a project that was announced a year ago that failed miserably... "ellet"?
I for one wish you the best of luck.
slush (OP)
Legendary
*
Offline Offline

Activity: 1386
Merit: 1097



View Profile WWW
November 05, 2012, 02:55:48 PM
 #9

Quote
Do I have to plug it into a PC? Do I need extra software? Is it Web-Service based?

It will be USB device (micro USB connector like phones). You won't need to install any drivers, everything you'll need is to have desktop Bitcoin wallet (like Electrum or Multibit) capable to talk with the device. At this stage I'm in touch with Multibit developers and I'm working on Electrum...

Would you describe how a standard transaction would take place?

1. You connect the device into the USB and run Bitcoin wallet software
2. It automatically recognizes the device (by matching VendorID and ProductID of USB bus)
3. Software ask for master public key. Then it will be able to show your addresses and their balances.
4. When you want to send some coins, software creates template of bitcoin transaction and send it to wallet device.
5. Device displays transaction summary on its display and ask you to confirm transaction by pressing hardware button
6. Device signs transactions using private key stored in the device and sends signed transaction to desktop software.
7. Desktop software sends signed transaction to the bitcoin network.

slush (OP)
Legendary
*
Offline Offline

Activity: 1386
Merit: 1097



View Profile WWW
November 05, 2012, 03:01:07 PM
 #10

Wasn't there a project that was announced a year ago that failed miserably... "ellet"?

I know about ellet. The problem was that they took quite a bigger challenge than they could handle.

slush (OP)
Legendary
*
Offline Offline

Activity: 1386
Merit: 1097



View Profile WWW
November 05, 2012, 03:12:15 PM
 #11

Nice! Are you planning on creating a company to sell these products? Do you need seed money for prototype development?

Project is in too early stage to tell this. For now we're focused to creating the device. We already have enough money for make device prototypes. We'll discuss detailed plan for funding and selling final product later.

2112
Legendary
*
Offline Offline

Activity: 2128
Merit: 1060



View Profile
November 05, 2012, 03:24:25 PM
 #12

* Impossibility to obtain private keys from the device in a case of theft
Everything looks very nice, with the exception of this one point.

Probably an average pirate TV-decoder-card vendor would be able to retrieve the private keys.

Slush, would you kindly ask Mr. stick for additional information to substantiate the above claim?

Thanks.

Please comment, critique, criticize or ridicule BIP 2112: https://bitcointalk.org/index.php?topic=54382.0
Long-term mining prognosis: https://bitcointalk.org/index.php?topic=91101.0
slush (OP)
Legendary
*
Offline Offline

Activity: 1386
Merit: 1097



View Profile WWW
November 05, 2012, 03:34:12 PM
 #13

Slush, would you kindly ask Mr. stick for additional information to substantiate the above claim?

http://www.nxp.com/documents/application_note/AN10968.pdf

Chapter 3 (page 4) describes security level of the chip we currently want to use. Do you know about some cheap and quick solution how to skip this protection and read the seed from the device?

It is probably possible to read memory with high level laboratory equipment, but purpose of seed protection is that attacker need some time to read memory, so original owner can reload the seed to another device and send his coins out of compromised seed.

2112
Legendary
*
Offline Offline

Activity: 2128
Merit: 1060



View Profile
November 05, 2012, 03:59:49 PM
 #14

http://www.nxp.com/documents/application_note/AN10968.pdf

Chapter 3 (page 4) describes security level of the chip we currently want to use. Do you know about some cheap and quick solution how to skip this protection and read the seed from the device?

It is probably possible to read memory with high level laboratory equipment, but purpose of seed protection is that attacker need some time to read memory, so original owner can reload the seed to another device and send his coins out of compromised seed.
I'm personally out of the hardware design business for many years now.

But people like http://www.mcu-reverse.com/ could give an estimate.

Now that you've given the intended part number interested people can look up the information about various side-channel attacks on those chips. From a brief description of your intended deterministic wallet design I presume that it will be sufficient to exfiltrate only 512 bits to empty the whole wallet.

Thank you very much for your disclosure.

Edit: I'm adding a link to my earlier post about how to strenghten an USB-powered device against side-channel attacks. I know that your chip of choice lacks NEON, but please read it to the end.

https://bitcointalk.org/index.php?topic=78614.msg931995#msg931995


Please comment, critique, criticize or ridicule BIP 2112: https://bitcointalk.org/index.php?topic=54382.0
Long-term mining prognosis: https://bitcointalk.org/index.php?topic=91101.0
Andreas Schildbach
Hero Member
*****
Offline Offline

Activity: 483
Merit: 501


View Profile
November 05, 2012, 04:20:16 PM
 #15

Very nice project!

If this hardware would be designed as an ADK (Android Accessory Development Kit) device, it could be connected to virtually every phone with at least Android 2.3.3 installed and be used with Bitcoin Wallet.

I think ADK support is optional, so the same device could be connected to a PC as originally intended.

I'd be happy to implement the necessary software support on the Android side!
slush (OP)
Legendary
*
Offline Offline

Activity: 1386
Merit: 1097



View Profile WWW
November 05, 2012, 04:24:29 PM
 #16

Edit: I'm adding a link to my earlier post about how to strenghten an USB-powered device against side-channel attacks. I know that your chip of choice lacks NEON, but please read it to the end.

Afaik these attacks are more teoretical than in daily use. I'm not saying that it is impossible to get seed with unrestricted physical access to the wallet and good laboratory equipment. But still wallet owner have enough time to send his coins outside the seed.

Even with those teoretical attacks, real safety of such wallet is much higher than any existing solution.

slush (OP)
Legendary
*
Offline Offline

Activity: 1386
Merit: 1097



View Profile WWW
November 05, 2012, 04:28:24 PM
 #17

I'd be happy to implement the necessary software support on the Android side!

C codes for the device will be open source, so you'll be more than welcome to play with it. At this point, we're focusing to get prototype alive, so make code able to cross-compile for ADK isn't on top of our priority list.

2112
Legendary
*
Offline Offline

Activity: 2128
Merit: 1060



View Profile
November 05, 2012, 04:38:54 PM
Last edit: November 05, 2012, 04:49:29 PM by 2112
 #18

Afaik these attacks are more teoretical than in daily use. I'm not saying that it is impossible to get seed with unrestricted physical access to the wallet and good laboratory equipment. But still wallet owner have enough time to send his coins outside the seed.

Even with those teoretical attacks, real safety of such wallet is much higher than any existing solution.
The good laboratory equipment is required only to design the attack. Once you have the attack developed it takes very cheap equipment to implement it, because you already know how and where to look on the chip-pin waveform.

Maybe if people develop a habit of frequently connecting it their mobile phone or otherwise involve it in their daily routines their reaction to physical theft will be quick enough to prevent the logical theft of bitcoins.

Edit: Actually I recalled a bit. I believe you are located in Prague, Czechia. There's a company there called BLADOX and there was a guy called Deian or Deyan that had found some very creative ways to abuse their products.

Please comment, critique, criticize or ridicule BIP 2112: https://bitcointalk.org/index.php?topic=54382.0
Long-term mining prognosis: https://bitcointalk.org/index.php?topic=91101.0
Jutarul
Donator
Legendary
*
Offline Offline

Activity: 994
Merit: 1000



View Profile
November 05, 2012, 05:15:46 PM
 #19

Afaik these attacks are more teoretical than in daily use. I'm not saying that it is impossible to get seed with unrestricted physical access to the wallet and good laboratory equipment. But still wallet owner have enough time to send his coins outside the seed.

Even with those teoretical attacks, real safety of such wallet is much higher than any existing solution.
The good laboratory equipment is required only to design the attack. Once you have the attack developed it takes very cheap equipment to implement it, because you already know how and where to look on the chip-pin waveform.

Maybe if people develop a habit of frequently connecting it their mobile phone or otherwise involve it in their daily routines their reaction to physical theft will be quick enough to prevent the logical theft of bitcoins.

Edit: Actually I recalled a bit. I believe you are located in Prague, Czechia. There's a company there called BLADOX and there was a guy called Deian or Deyan that had found some very creative ways to abuse their products.

As long as the attacker needs physical access to the chip, the keys are as secure as the dollar bills in your pocket.

The ASICMINER Project https://bitcointalk.org/index.php?topic=99497.0
"The way you solve things is by making it politically profitable for the wrong people to do the right thing.", Milton Friedman
mc_lovin
Legendary
*
Offline Offline

Activity: 1190
Merit: 1000


www.bitcointrading.com


View Profile WWW
November 05, 2012, 05:20:43 PM
 #20

omg this is better than the "September announcement"!!!!
Pages: [1] 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 ... 265 »
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!