Bitcoin Forum
October 16, 2018, 03:59:34 PM *
News: Make sure you are not using versions of Bitcoin Core other than 0.17.0 [Torrent], 0.16.3, 0.15.2, or 0.14.3. More info.
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: GSSSA - Hide your wallet in shares  (Read 877 times)
Chillance
Sr. Member
****
Offline Offline

Activity: 307
Merit: 250


View Profile
September 03, 2017, 02:00:45 PM
 #1

Hi!

I came over this post: https://bitcointalk.org/index.php?topic=2096081.0 and was inspired to make this command line tool to be able to hide text in plain sight. I just love the idea of splitting something up in parts, and where you need a certain amount of parts to be able to get a secret back. So, perfect for a bitcoin wallet. Do like 10 minimum needed, and 50 shares and put them all around. Nobody has any idea what they are for. And you need 10 of them to get the secret. Or something. Smiley

I'm working on another larger project (which I will post about very soon), and thought to include this tool there. However, I figured, why not start with giving this away for free to show that I'm a giving person. Smiley And also, to start building up trust and hope that as many as possible can join my larger project later. I can't wait to open it up to the public! Anyway, more about that later. Now more about this tool.

In the spirit of trust, I put the code up here: https://github.com/Chillance/gsssa
Not perfect, as it was just thrown together in a short period of time. But it should work. Please go ahead and test it out.

I've also build binaries for your convenience:
gsssa_linux_amd64 - https://virustotal.com/#/file/be5c05c3a36e4d9602f33252c3666356c4d8d550d8d0979d6671d0d3dc37f3af/detection
https://ufile.io/uf17v

gsssa_windows_amd64.exe - https://virustotal.com/#/file/a60617be6745fc8b23987a25a42271373a9474dd7eaf740c74fce84fcc4d1799/detection Ok, so this one reports TrojanDropper.Dapato.yae for some reason. I run Ubuntu and the binaries are build through Docker, so I'm guessing it's a false positive. Same file here using another service: https://virusscan.jotti.org/en-US/filescanjob/n4g4r7ulq6
I asked in IRC and someone said:

"Cylance often triggers when it sees binaries it's never seen before"
"also, we're now seeing some Go malware in the wild, so it's likely picking up on common strings across all Go compiled executables for windows"

I will skip this for now. You can build from the source code, or let me know if you want me to put the binary online.


Here is an example run. I use the defaults of 2 minimum, 3 amount of shares, but you can change this with the --min and --amount parameters. After creating the shares, I remove "Share 2". And as you can see, it still works to get back the "secret". For now, a new line in the share there is important. And yes, there will be more words on longer secret. I know, it might be a pain to write it all down by hand which I would have preferred myself too. Oh well, might be something to solve in the future.
Quote
~$ ./gsssa create "my secret sentence"
# Share 1
assume another atom adjust attract believe athlete attitude ball bulb base apple boss blossom bulk broccoli blossom abuse bring acquire betray brass blur bacon above amateur blind bachelor bomb bench any artefact
board answer birth budget barrel basic bird become banana bring alcohol banner boat absurd assume anxiety ankle aspect angle before arrest boss animal around bring alone alone area aerobic avoid buzz baby

# Share 2
broccoli author boil acquire budget budget because aunt between abstract auction apology blind actual black alert arrive action already balance brother brush bubble boring board address bleak balcony area brain bench bundle
ball brother battle apart blind bless believe about attitude bleak bounce age age busy addict cabbage act balcony assault alter breeze bring bottom battle around balance atom absorb awake across brief attend

# Share 3
anchor album accident cabbage barrel brain allow alien april address brass arch addict among bundle become asthma beach axis arch busy axis april any arctic away bind brother because affair august air
bamboo angle attend artefact auto blood broken arrow boy alpha before brother below body balcony absurd attract arrest barely abuse assist aspect blast bicycle bachelor behind bench balance average acquire buffalo awkward

# You need 2 shares out of these 3 shares to be able to get your secret back.

 The file "shares.txt" is now created with above shown information.

~$
~$ vim shares.txt
~$
~$ cat shares.txt
# Share 1
assume another atom adjust attract believe athlete attitude ball bulb base apple boss blossom bulk broccoli blossom abuse bring acquire betray brass blur bacon above amateur blind bachelor bomb bench any artefact
board answer birth budget barrel basic bird become banana bring alcohol banner boat absurd assume anxiety ankle aspect angle before arrest boss animal around bring alone alone area aerobic avoid buzz baby

# Share 3
anchor album accident cabbage barrel brain allow alien april address brass arch addict among bundle become asthma beach axis arch busy axis april any arctic away bind brother because affair august air
bamboo angle attend artefact auto blood broken arrow boy alpha before brother below body balcony absurd attract arrest barely abuse assist aspect blast bicycle bachelor behind bench balance average acquire buffalo awkward

  ~$
  ~$ ./gsssa reveal
RESULT: my secret sentence

Thank you.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1539705574
Hero Member
*
Offline Offline

Posts: 1539705574

View Profile Personal Message (Offline)

Ignore
1539705574
Reply with quote  #2

1539705574
Report to moderator
1539705574
Hero Member
*
Offline Offline

Posts: 1539705574

View Profile Personal Message (Offline)

Ignore
1539705574
Reply with quote  #2

1539705574
Report to moderator
Chillance
Sr. Member
****
Offline Offline

Activity: 307
Merit: 250


View Profile
September 04, 2017, 06:05:21 PM
 #2

Anyone here tried this yet? Would love to hear some feedback.

Thanks!
gmaxwell
Moderator
Legendary
*
qt
Offline Offline

Activity: 2534
Merit: 1545



View Profile
September 05, 2017, 07:24:13 AM
 #3

Almost everyone I've ever seen link to their own binaries on virus total was in fact distributing malware.  Virustotal is worthless for the kind of custom malware that is often posted on this forum and gives people a false sense of security.

There are many programs out there for shamir secret sharing, such as http://point-at-infinity.org/ssss/  most implementations I've seen leave a lot to be desired, including insecure random number generation which doesn't grant full information theoretic security, to incorrect share splitting such that sub threshold collections are sufficient to recover most of a key, to just gross timing sidechannels which any secret key handling software should avoid.

It is my view that In general, secret sharing is largely snake oil in practice because you must have a computer to split and join keys and if that computer is compromised your security is gone.  If you really had a compromise immune computer, just leave your key there and avoid the pointless ritual.

Bitcoin has multisignature which allows split keys without any single point of failure. Anyone considering secret sharing should first have a darn good reason they aren't using multisig.

Bitcoin will not be compromised
pebwindkraft
Full Member
***
Offline Offline

Activity: 251
Merit: 232


View Profile
September 05, 2017, 09:07:27 AM
 #4

I have some concerns with this post:  Huh
The post is "a bit pushy", also the question why noone is answering - so soon? What is the offer? It is unclear. And some "I have a big project in my mind, which I cannot tell you at this point in time" creates more doubts than questions on the reputation of the post.

Usually it is not recommend to download software/libraries from untrusted sources.
As such it is good to have the sources on github.
Compiled executables can have too many negative impacts, and we don't know yet, what it gives. We'd need a reference with checksums first, so this can be verified on some systems with users from the community, to raise level of trust.

That said, I like the sharing idea, I see it like steganography. Also it is similiar to the seeds we have in use. What makes your approach different from the existing solutions? What improves their security or handling? Can you elaborate a bit?

Chillance
Sr. Member
****
Offline Offline

Activity: 307
Merit: 250


View Profile
September 05, 2017, 05:04:54 PM
 #5

Almost everyone I've ever seen link to their own binaries on virus total was in fact distributing malware.  Virustotal is worthless for the kind of custom malware that is often posted on this forum and gives people a false sense of security.

There are many programs out there for shamir secret sharing, such as http://point-at-infinity.org/ssss/  most implementations I've seen leave a lot to be desired, including insecure random number generation which doesn't grant full information theoretic security, to incorrect share splitting such that sub threshold collections are sufficient to recover most of a key, to just gross timing sidechannels which any secret key handling software should avoid.

It is my view that In general, secret sharing is largely snake oil in practice because you must have a computer to split and join keys and if that computer is compromised your security is gone.  If you really had a compromise immune computer, just leave your key there and avoid the pointless ritual.

Bitcoin has multisignature which allows split keys without any single point of failure. Anyone considering secret sharing should first have a darn good reason they aren't using multisig.
Thanks for input. I know binaries are not really recommended to download without proper testing and investigation., but I thought virustotal could help out. So, I put the linux binary here to make it more convenient. But I hear you. Who knows what the binary is really doing, right? Well, I totally understand. Go ahead and use the source code. Since I'm using Go, building isn't much of a problem anyway really.

This was just a tool I thought could be handy, and yes, that link pretty much does the same, but here you get a local binary, and also, it generates words (you can also provide your own wordlist to make it even more secure, but you have to use the same again to get the secret back), so it's a bit easier not to mistype. I'm providing another local, offline option. And actually, I did have in mind to also enable web server there (since it's made in Go its easy) and also expand and make a nice GUI for it.

You could print this on paper, cut it up by the shares and different shares in different locations. Nobody would ever know how many would be needed. And maybe not even understand what those random words were for.

But sure, please do use multisig instead. This was just a fun little thing I created. I did actually noticed that you could see part of the secret, depending on what little was changed, but I suppose that is how the algorithm works.
Chillance
Sr. Member
****
Offline Offline

Activity: 307
Merit: 250


View Profile
September 05, 2017, 05:25:48 PM
 #6

I have some concerns with this post:  Huh
The post is "a bit pushy", also the question why noone is answering - so soon? What is the offer? It is unclear. And some "I have a big project in my mind, which I cannot tell you at this point in time" creates more doubts than questions on the reputation of the post.

Usually it is not recommend to download software/libraries from untrusted sources.
As such it is good to have the sources on github.
Compiled executables can have too many negative impacts, and we don't know yet, what it gives. We'd need a reference with checksums first, so this can be verified on some systems with users from the community, to raise level of trust.

That said, I like the sharing idea, I see it like steganography. Also it is similiar to the seeds we have in use. What makes your approach different from the existing solutions? What improves their security or handling? Can you elaborate a bit?


A bit pushy? Sorry about that. I saw the views come in and no comment, so I figured someone must have something to say about this. Smiley

And regarding the "big project", it's just something I've been thinking and worked on long and are a bit excited to finally open up to the public. It suits better in a new post and I'm trying to finish the last necessary touches with it. Maybe I should have waited to mention it. I'm just excited about it and hope it will do well.

I don't recommend downloading software/libraries from untrusted sources either. I thought the links could help getting a view into the binaries, but sure. I highly recommend reading the source code and build yourself to make sure it's not doing anything fonky. Since it's written in Go, building yourself is really not that difficult. One of the good things with Go.

I'm not sure exactly how one would go on about showing that the binary can be trusted. Someone trusted needs to examine and build it and provide the hash of the file I suppose.

How it differs? Well, it's not much different to other solutions I suppose besides generating readable words and being a binary to easily run locally through the command line. I suppose one thing that could increase the security is to also provide your own wordlist. That way, this is also needed to get the secret back. You can do that as it is right now using the --dictionary parameter. Also, note that this is the first version I did. I had in mind also adding a simple webserver (since it's easy to do in Go), and I could add a GUI interface to it too. That way you would have both the GUI or command line way of doing things. And who knows down the road what else could be made with this to improve it. And I suppose using words helps a bit to make sure there is no typo mistake in the share (provided you don't print this on a printer of course). If you for example have "bid aroumd aware blouse artwork", you could guess it's suppose to be "around" instead of "aroumd".
lukaexpl
Full Member
***
Offline Offline

Activity: 148
Merit: 100


View Profile
September 06, 2017, 09:57:44 AM
 #7

Bitcoin has multisignature which allows split keys without any single point of failure. Anyone considering secret sharing should first have a darn good reason they aren't using multisig.

Is there a user friendly, technically not-challenging implementation of this?
Chillance
Sr. Member
****
Offline Offline

Activity: 307
Merit: 250


View Profile
September 08, 2017, 12:47:48 PM
 #8

Bitcoin has multisignature which allows split keys without any single point of failure. Anyone considering secret sharing should first have a darn good reason they aren't using multisig.

Is there a user friendly, technically not-challenging implementation of this?
Might be something I look into too actually. To make it ease that is. But need to see what is out there first...
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!