Bitcoin Forum

Bitcoin => Development & Technical Discussion => Topic started by: jl2012 on September 23, 2013, 06:22:58 AM



Title: Entropy source for smartphone or HW wallet
Post by: jl2012 on September 23, 2013, 06:22:58 AM
Can we use the accelerometer in smartphone as entropy source (or adding it to HW wallet, costs only about 1 USD)? When generating a new address, or signing, the user is asked to shake the device for a few seconds. That should give plenty of randomness


Title: Re: Entropy source for smartphone or HW wallet
Post by: empoweoqwj on September 23, 2013, 06:45:28 AM
Sound plenty reasonable.


Title: Re: Entropy source for smartphone or HW wallet
Post by: Mike Hearn on September 23, 2013, 08:31:28 AM
In theory devices are already supposed to collect entropy from device driver readings. Whether they do or not is an open question - it would require checking the kernel sources of lots of different shipping devices. It wouldn't surprise me to learn that some cheap devices have poorly done kernels that don't bother collecting entropy.

Rather than only using the accelerometers I think an easier and more robust approach would be to combine accelerometer data with a photo taken by the user (and then hashing the pixel data). A random photo of the users environment at the time they create the wallet should be plenty unpredictable. I filed this bug against the Android wallet some time ago:

   https://code.google.com/p/bitcoin-wallet/issues/detail?id=219

But it requires a lot of fairly boring programming to be completed first:

  • The app has to be changed so it has a "welcome wizard" of some kind that helps the user set up their new wallet. Right now the app boots straight into the main screen and that expects the wallet to be initialised. I'd love to see a welcome screen but in the past Andreas wasn't keen for some reason.
  • We need to switch bitcoinj to using deterministic wallets, and then migrate users who already have wallets over to the deterministic form. That in turn requires some fairly fiddly programming to ensure that memory usage isn't too large even when you've used the wallet for a long time, that it interacts properly with Bloom filters, that the core key management code scales properly and so on.
  • Then we need to make it use deterministic ECDSA signatures as well, so we don't need any randomness to generate them. Otherwise you'd have to take a picture every time you sent a transaction! Or, of course, we'd have to store the seed and iterate it ourselves with a custom PRNG.

All those things are valuable by themselves, but as you can see, it's more work than you might have imagined.


Title: Re: Entropy source for smartphone or HW wallet
Post by: jl2012 on September 23, 2013, 11:18:14 AM
Asking for camera privilege has some privacy concern. Combining other standard Android detectors such as digital compass and light sensor should be good enough


Title: Re: Entropy source for smartphone or HW wallet
Post by: Peter Todd on September 23, 2013, 11:20:29 AM
Asking for camera privilege has some privacy concern. Combining other standard Android detectors such as digital compass and light sensor should be good enough

The Android wallet already has the ability to use the camera to read QR codes.


Title: Re: Entropy source for smartphone or HW wallet
Post by: someone42 on September 23, 2013, 01:53:03 PM
Can we use the accelerometer in smartphone as entropy source (or adding it to HW wallet, costs only about 1 USD)? When generating a new address, or signing, the user is asked to shake the device for a few seconds. That should give plenty of randomness

For HW wallets, there are faster (in raw bits/s) ways to collect entropy for < 1 USD in parts and with no user interaction required. I describe some of them here: https://bitcointalk.org/index.php?topic=127587.msg1434009#msg1434009 (https://bitcointalk.org/index.php?topic=127587.msg1434009#msg1434009), but I am sure there are many more ways. These also have the benefit of being internal, so it is more difficult for an observer to guess the state of your entropy pool.