Idea for a hardware-based Bitcoin savings account

[bitcoin_idea]

A post 2 days ago drew attention to how one can easily lose massive amounts of Bitcoins quickly if proper precautions aren't taken.  I read through most of the posts yesterday and there's quite a disconnect between tech-savvy users and the rest.  I believe that this mentality will hold Bitcoin back as a currency, so I'm reposting an idea I put up on reddit's r/bitcoin. (Original post here)

Proposed Solution: create an arduino bitcoin wallet to serve as a hardware wallet for a savings account. The arduino will:

• generate a new public/private keypair so that the private key is never seen by a computer (multiple posts suggest that the private key is unencrypted in your computer's RAM for ~100 ms, which may be enough time for an already installed virus/trojan to grab it.)
• display public and private keys
• perform an encryption/transaction in 2 steps:
•     1.  generate the transaction (use the public/private keypair along with a (user-inputted) destination public key address)
•     2.  publish this transaction to an external device (I.E. usb key, wifi network, ethernet connection)

To use:

• When your (computer's) bitcoin wallet becomes too fat: make a transfer to the arduino public key. The arduino doesn't even need to know how much is in the account, the transactions just need to be published to the bitcoin network
• The arduino can generate transaction hashes when you want to transfer money out of the arduino savings account. The user would then have to publish this transaction hash to the bitcoin network. Overspending will simply be rejected by the bitcoin network.  (Technical note: this avoids a trojan/virus stealing the user's private key, unless the arduino can be compromised)

While this account hack was terrible for the account owner, allinvain, it was bound to happen eventually to someone.  The silver lining here is that many people will want to address this potential security hole with the currency.  This is both a business problem and a bitcoin problem. I see two directions for this idea:

closed source: write the arduino code and offer the finished arduino project as a product

benefits:

• more profit for the developer
• higher entry-cost for would-be competitors

open source: arduino code is published online and peer-reviewed

benefits:

• more collaboration will generally offer better security
• will help the bitcoin community grow more by offering a low-cost method for easy security (which also generates more trust for the bitcoin currency)
• can still support a private business model where someone loads an arduino (or orders a mass-production fabrication for even lower costs) and offers a simple out-of-the-box product for users who want to do no configuration (this is the Redhat Linux model)

For anyone that wants to take this idea and run with it, it's yours. I'd personally like to see an open source solution developed, so users can
1.  buy an arduino
2.  review the code (if desired)
3.  transfer the code to an arduino to have a secure, physical wallet

Step 2 is an important optional step, IMO, as open source code is harder to hide backdoors.  However, even a blackbox-type product would still benefit the community, as it will introduce more confidence in bitcoin.

[1713970570]

1713970570

[1713970570]

1713970570

[1713970570]

1713970570

[1713970570]

1713970570

[1713970570]

1713970570

[casascius]

This is a sound idea and a good direction to go.  Can the arduino perform the crypto functions?  There would also ideally be a way to back up the private keys and/or accept imports of private keys for users who know what they're doing.

[optimusprimal]

I like this idea, and even better if you could make the micro do it all over USB and then also be about the size of a credit card with a USB plug that would be ideal.

I'd love to help with this, but wouldn't know where to start when it comes with an open source idea like this... I'd need more help on the organizing side than the actual "doing side"....

[bitcoin_idea]

This is a sound idea and a good direction to go.  Can the arduino perform the crypto functions?  There would also ideally be a way to back up the private keys and/or accept imports of private keys for users who know what they're doing.

An arduino, as a turing machine, should be able to perform the crypto functions.  Your question does lead to this one though: "Can the arduino perform the crypto functions in a reasonable amount of time?"  On that, I don't have an answer.

I'm not sure about the specifics of the bitcoin public/private key address generation.  So someone with more knowledge of the Bitcoin implementation would be required here.  I could also look through the source when I have more free time and report back when I find out.  I've spent some time looking for documentation and I couldn't find anything about the public/private key address algorithm (not to be confused with the hash confirmation algorithm, which is based on elliptic curve cryptography).

[bitcoin_idea]

I like this idea, and even better if you could make the micro do it all over USB and then also be about the size of a credit card with a USB plug that would be ideal.

I'd love to help with this, but wouldn't know where to start when it comes with an open source idea like this... I'd need more help on the organizing side than the actual "doing side"....

To get started with the open source option, you'd want to set up an online repo.  I've done some basic development on github.com, which offers free source hosting for open source projects.  Sourceforge is another option.  I like github as it integrates with git very nicely.  I don't *believe* that there are language restrictions for github projects, so an arduino project should be fine.

After that, I think this comes down to acquiring an arduino and determining what add-ons will be needed.  Starter ideas:
-usb interface
-some sort of keyboard/keypad?  a usb port to accept a keyboard?
-an adequate display, maybe

The remainder is developing the basic functionality
-generating a public/private key on an arduino
-generating a transaction hash (i.e. signing a transaction)

I can help with reading, research and documentation.  Eventually I can help with testing and development, but as I'm unemployed I'd like to limit my spending to what's necessary to live.  If only I could eat arduinos  .

[lachesis]

An Arduino isn't needed for this; just boot to a live CD to generate your keys, put the wallet.dat on a brand new, freshly opened (and maybe encrypted) flash drive or SD-card, and generate an address. Reboot into your primary OS and send some coins to that address. Maybe reboot again to test that they were received.

Are there any ECDSA smart cards out there? It'd be pretty cool to use a smart card for Bitcoin crypto.

[ben-abuya]

An Arduino isn't needed for this; just boot to a live CD to generate your keys, put the wallet.dat on a brand new, freshly opened (and maybe encrypted) flash drive or SD-card, and generate an address. Reboot into your primary OS and send some coins to that address. Maybe reboot again to test that they were received.

Are there any ECDSA smart cards out there? It'd be pretty cool to use a smart card for Bitcoin crypto.

This is pretty safe, although for large bitcoin accounts I'd still be wary of using your day-to-day, internet-connected computer. The original post is going to be a big breakthrough in managing wallets. Everybody with a sizable account is going to have one of these devices.

The next question is how to keep your secret. Ultimately you need to have a pass phrase or little USB drives that have to be read in tandem, or some combination of those. The problem with a pass phrase is you can forget it, or something can happen to you, and your coins are lost forever. The problem with USB keys is you can lose them, something could happen to them, they can be stolen, or you could have to skip town suddenly. Having both is probably a good tradeoff.

I think to make this happen, a couple of extensions have to be written for the standard bitcoin client:

1. Export an unsigned send transaction.
2. Import a signed transaction and send it out to the network.

If you have those two, the arduino device can easily generate Bitcoin keypairs and sign transactions offline. Note that you don't need a keyboard if you go with the USB drive keys. The main computer would never get anywhere near the private keys. This is about as safe as you're going to get. I intend on doing a patch, but I've got some other stuff to do first. I hope someone beats me to it.

[bitcoin_idea]

An Arduino isn't needed for this; just boot to a live CD to generate your keys, put the wallet.dat on a brand new, freshly opened (and maybe encrypted) flash drive or SD-card, and generate an address. Reboot into your primary OS and send some coins to that address. Maybe reboot again to test that they were received.

Are there any ECDSA smart cards out there? It'd be pretty cool to use a smart card for Bitcoin crypto.

This is basically the inspiration for my idea.  If you go look at allinvain's post (the guy who lost 25k BC), there's this back-and-forth between people who say how simple the solution is (i.e. linux, separate machine, etc) and the others.

I'm not proposing this arduino solution for everyone, certainly not the former group as they're already aware.  It's meant for the latter.  That group might include our parents or grandparents, maybe people who are somewhat tech-savvy but for one reason or another can't or won't spend time learning about linux.  It could also be for the tech-savvy who just want something "that works (tm)".

An Arduino isn't needed for this; just boot to a live CD to generate your keys, put the wallet.dat on a brand new, freshly opened (and maybe encrypted) flash drive or SD-card, and generate an address. Reboot into your primary OS and send some coins to that address. Maybe reboot again to test that they were received.

Are there any ECDSA smart cards out there? It'd be pretty cool to use a smart card for Bitcoin crypto.

This is pretty safe, although for large bitcoin accounts I'd still be wary of using your day-to-day, internet-connected computer. The original post is going to be a big breakthrough in managing wallets. Everybody with a sizable account is going to have one of these devices.

The next question is how to keep your secret. Ultimately you need to have a pass phrase or little USB drives that have to be read in tandem, or some combination of those. The problem with a pass phrase is you can forget it, or something can happen to you, and your coins are lost forever. The problem with USB keys is you can lose them, something could happen to them, they can be stolen, or you could have to skip town suddenly. Having both is probably a good tradeoff.

I think to make this happen, a couple of extensions have to be written for the standard bitcoin client:

1. Export an unsigned send transaction.
2. Import a signed transaction and send it out to the network.

If you have those two, the arduino device can easily generate Bitcoin keypairs and sign transactions offline. Note that you don't need a keyboard if you go with the USB drive keys. The main computer would never get anywhere near the private keys. This is about as safe as you're going to get. I intend on doing a patch, but I've got some other stuff to do first. I hope someone beats me to it.

Wow 1 and 2 really simplify things.  This is why I like the idea of open source!

For the public/private key backup, there are many routes to go.  One could program a single button, button combination (hold 2+ together) or a button sequence to write a file to the usb drive.  If someone wants to get really fancy, integrate some identity check like a fingerprint reader, but I say make the barebones functionality first.

An alternative approach is to use an SD card for its memory store, though the memory card and reader would ultimately add to the cost of the unit.  As an open source project, this could still be developed as a fork or plugin and buyers (or businesses) could offer a different variety with simpler backup.

Edit: how do you see a password/usb backup working together if the unit doesn't support a keyboard? Pre-programmed codes that differ for each unit?

[ben-abuya]

Edit: how do you see a password/usb backup working together if the unit doesn't support a keyboard? Pre-programmed codes that differ for each unit?

The arduino generates a random passphrase, say 256 bits of random characters. You encrypt the private keys using this passphrase, and split the passphrase into 2 (or more) parts. You put one part on each usb key, and you put the encrypted file wherever you want. You might as well just put it on those usb drives, because if you lose one of them you're through anyway. When you need the private keys, you put both usb drives into the device, it concatenates the random bits into the passphrase and decrypts the private keys.

You don't need anything pre-programmed, it can all be done with random streams.

[bitcoin_idea]

That's a very solid way of doing it.  Any ideas what subforum or site would have the most arduino programmers?

I conceived of this idea with the arduino since I know about it from my friends, but there could be other platforms that would make this simpler or faster to develop.  I'd probably want to stay away from mobile devices since they're non-dedicated and I'm guessing that trojans/rootkits can be written for them to target BC users

[frutza]

Very interesting idea! Any prototypes?

[ben-abuya]

That's a very solid way of doing it.  Any ideas what subforum or site would have the most arduino programmers?

I conceived of this idea with the arduino since I know about it from my friends, but there could be other platforms that would make this simpler or faster to develop.  I'd probably want to stay away from mobile devices since they're non-dedicated and I'm guessing that trojans/rootkits can be written for them to target BC users

You don't need to know much for the arduino part. Arduino is very easy to program for and the device won't do very much. Anybody who knows C should be able to get it going. I think the harder part is patching the bitcoin client to do the transaction import and export, and getting that accepted and integrated into the GUI. I did see some guys on the forum here who said they have Arduino experience. Some google searches would probably find them all.

[bitcoin_idea]

You don't need to know much for the arduino part. Arduino is very easy to program for and the device won't do very much. Anybody who knows C should be able to get it going. I think the harder part is patching the bitcoin client to do the transaction import and export, and getting that accepted and integrated into the GUI. I did see some guys on the forum here who said they have Arduino experience. Some google searches would probably find them all.

If someone can get a hardware prototype running, I could just look through the Google bitcoinj source for the implementation details of how they store a signed transaction and push it to the network.  From there, it's just adapting their code to make a mini script.  Once a proof of concept works and can add transactions to the network, then it'll be easier to propose an addition to the bitcoin client.

Thanks for the search idea, it should've occurred to me 

[ukbitco.in]

I've worked with arduino. All of this is very doable and i'd loe to be involved!

Linux idea is great if your a geek but a small, simple and intuitive way of storing coins securely will really help the mainstream feel comfortable.

 

[Littleshop]

I have a few arduinos because I sell them for bitcoin at my store.  I would be willing to try out code if anyone has any.

They are $34.99 in BTC at mtgox.com rate.  So less then two BTC shipped in the USA. 

http://www.cryptoanarchy.us/store/index.php?route=product/product&product_id=64

There are common small LCD displays for the Arduino that might be nice with this as well.

[Bert]

What happens when the flash inside the arduino hits 10,000 writes and dies ?

Nothing is backed up, unless you have at least 3 copies of it. One physically at a different location (fire,flood,volcano,earthquake,...)

Another thing is what happens when the owner of the wallet.dat file ultimately dies (through accident or natural causes) and brings the security pass phrase with them to the grave ?
Yes the value of bitcoins increases for everyone else as there are fewer coins, but that is of no help to the remaining living family who are broke.

[bitcoin_idea]

I've worked with arduino. All of this is very doable and i'd loe to be involved!

Linux idea is great if your a geek but a small, simple and intuitive way of storing coins securely will really help the mainstream feel comfortable.

 

Awesome!  I've set up a github page for this: https://github.com/bitcoin-idea/bitcoin-savings

It's just an empty folder with a description right now.  Feel free to push/pull to it.  As I mentioned earlier, I don't have my own Arduino, but I can help with research.  I'm familiar with java (and c++) and I already have the bitcoinJ source on my computer.  I'm going to keep monitoring this thread for ideas to tie into the project.

(as an aside, I may want to move ideas/dialogue about the project there or reddit/r/bitcoin.  The bitcoin.org forum loads insanely slow for me)


Bert:
This idea is a response to a thread I linked to in my first post of this thread.  I've yet to see a thread titled "help, my husband died and I can't access our 25k bitcoins".  When that happens, someone can address that problem then.  Right now the bigger threat to Bitcoin seems to be private key theft via viruses or keyloggers.

[KnuttyD]

What happens when the flash inside the arduino hits 10,000 writes and dies ?

Nothing is backed up, unless you have at least 3 copies of it. One physically at a different location (fire,flood,volcano,earthquake,...)

Another thing is what happens when the owner of the wallet.dat file ultimately dies (through accident or natural causes) and brings the security pass phrase with them to the grave ?
Yes the value of bitcoins increases for everyone else as there are fewer coins, but that is of no help to the remaining living family who are broke.

Use redundant, checksum'd EEPROM (3+ chips with the data written to it in encrypted form).
You can get a good 100,000 writes out of each. Then when the time comes, you get a little warning light that says "Replace me bitch!" and you can swap out the EEPROM chips for new ones. Old data is copied to the new chips, verified, and then the rest of the chips are swapped out and written to with the existing data. Ill make a visual aid in paint real quick....



Whats that? Spelling? I cant hear you lalalala!
Edit: pic

[benjamindees]

Are there any ECDSA smart cards out there? It'd be pretty cool to use a smart card for Bitcoin crypto.

This is pretty much what smart cards were made for.  Even if there are no native ECDSA cards, you can do it on a Javacard.

I would suggest going in this direction with this project.  A smartcard is like $5, and smartcard readers are much more ubiquitous than Arduinos.  You can get SIM versions that will work in your cellphone, for instance.

[ben-abuya]

What happens when the flash inside the arduino hits 10,000 writes and dies ?

Nothing is backed up, unless you have at least 3 copies of it. One physically at a different location (fire,flood,volcano,earthquake,...)

I wouldn't store any data on the arduino. All data would be stored on multiple usb drives. With programs like ssss, you can even design the system so you only need any 3 out 5, for instance.

Another thing is what happens when the owner of the wallet.dat file ultimately dies (through accident or natural causes) and brings the security pass phrase with them to the grave ?
Yes the value of bitcoins increases for everyone else as there are fewer coins, but that is of no help to the remaining living family who are broke.

This is a separate, but important, question. One solution is the Dead Man's Switch:

http://forum.bitcoin.org/index.php?topic=5194.msg147032#msg147032
http://forum.bitcoin.org/index.php?topic=6439.msg96146#msg96146

Are there any ECDSA smart cards out there? It'd be pretty cool to use a smart card for Bitcoin crypto.

This is pretty much what smart cards were made for.  Even if there are no native ECDSA cards, you can do it on a Javacard.

I would suggest going in this direction with this project.  A smartcard is like $5, and smartcard readers are much more ubiquitous than Arduinos.  You can get SIM versions that will work in your cellphone, for instance.

Very interesting. From some googling it seems it might not be trivial to implement ECDSA on a java card, but pulling that off would be awesome. Also, for serious savings accounts it's not enough to have one physical backup. You need some kind of protocol of say, 3 out of 5 physical keys and a long pass phrase. If you implement the Dead Man's Switch, the consequences for forgetting the password or losing the keys is lessened so you can put more of the tradeoff on the security half and less on the loss half.

The arduino still might have advantages. You don't need any card readers, and it might be easier or more secure to generate multiple keys. Also, if the device has a keyboard, or some form of input, you can better protect against keyloggers. I'm sure if Bitcoin continues to thrive, these will be lucrative industries.