Bitcoin Forum
November 11, 2024, 09:49:03 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Majority Protected Wallet Storage  (Read 2414 times)
TierNolan (OP)
Legendary
*
Offline Offline

Activity: 1232
Merit: 1104


View Profile
June 26, 2011, 03:21:52 AM
 #1

A wallet.dat file could be split over multiple USB keys, such that as long as you have more than half of them, you can recover the file.

For long term storage, you could have USB at different locations.  

This isn't just for theft, data loss could occur due to damage to the files.  Assuming nobody else gets access to more  than half of them, the file is safe.

If you had 3 USB sticks you would store

USB 1
File 1: A
File 2: B

USB 2
File 1: A^W
File 2: C

USB 3
File 1: B^W
File 2: C^W

^ = XOR

W = wallet.dat file
A, B, C are random files of the same length

If you have any 2 USB sticks, you can regenerate the wallet.dat file.

This can be generalised to any number of locations.

USB 1 + 2: (A)^(A^W) = W
USB 2 + 3: (C)^(C^W) = W
USB 1 + 3: (B)^(B^W) = W

1LxbG5cKXzTwZg9mjL3gaRE835uNQEteWF
AntiVigilante
Member
**
Offline Offline

Activity: 98
Merit: 10



View Profile
June 26, 2011, 03:41:07 AM
 #2

This is so good it put a price on your head from the banksters.

Lol I had similar notion just the other day using the symlink metaphor.

Go go go.

Proposal: http://forum.bitcoin.org/index.php?topic=11541.msg162881#msg162881
Inception: https://github.com/bitcoin/bitcoin/issues/296
Goal: http://forum.bitcoin.org/index.php?topic=12536.0
Means: Code, donations, and brutal criticism. I've got a thick skin. 1Gc3xCHAzwvTDnyMW3evBBr5qNRDN3DRpq
JoelKatz
Legendary
*
Offline Offline

Activity: 1596
Merit: 1012


Democracy is vulnerable to a 51% attack.


View Profile WWW
June 26, 2011, 05:00:22 AM
 #3

While this would work, it's not a particularly good algorithm to use. The problem is if you want to store it in 13 places such that any 3 are needed, figuring out what you need to store in all 13 places gets really ugly. There are a number of algorithms that allow you to easily pick any N and any M, divide something into N pieces such that any M work, where the pieces are no larger than the original input. Excellent algorithms for this purpose are Shamir's secret sharing and Vandermonde matrices.

I am an employee of Ripple. Follow me on Twitter @JoelKatz
1Joe1Katzci1rFcsr9HH7SLuHVnDy2aihZ BM-NBM3FRExVJSJJamV9ccgyWvQfratUHgN
X68N
Hero Member
*****
Offline Offline

Activity: 672
Merit: 500


View Profile
June 27, 2011, 08:05:34 PM
 #4

Nice idea,
but where can i download this A^W-Programm ? ;-)

YOBIT IS SCAM , YOBIT IS SCAM , YOBIT IS SCAM meine Steuerdatei:
https://bitcointalk.org/index.php?topic=612741.msg19244732#msg19244732
zellfaze
Full Member
***
Offline Offline

Activity: 141
Merit: 101


Security Enthusiast


View Profile WWW
June 27, 2011, 08:10:29 PM
 #5

Nice idea,
but where can i download this A^W-Programm ? ;-)

You can't.  This was all just in theory.  Someone would need to implement it and as JoelKatz pointed out, it could probably be done better too.

A+, CCENT, CCNA
Security Enthusiast
PHP Coder

Not that I expect anyone to, but should you like my post, please donate:
Donate: 1BRbfqii6Sm9tEUE8A16H7QeDmYFjyBZ7V
ben-abuya
Sr. Member
****
Offline Offline

Activity: 323
Merit: 250



View Profile WWW
June 27, 2011, 09:26:58 PM
 #6

While this would work, it's not a particularly good algorithm to use. The problem is if you want to store it in 13 places such that any 3 are needed, figuring out what you need to store in all 13 places gets really ugly. There are a number of algorithms that allow you to easily pick any N and any M, divide something into N pieces such that any M work, where the pieces are no larger than the original input. Excellent algorithms for this purpose are Shamir's secret sharing and Vandermonde matrices.

For Shamir's secret sharing there's ssss. Is there a good implementation of Vandermonde matrices?

http://lamassubtc.com/
Lamassu Bitcoin Ventures
SgtSpike
Legendary
*
Offline Offline

Activity: 1400
Merit: 1005



View Profile
June 27, 2011, 09:32:12 PM
 #7

How about....

An application for P2P storage of all wallet files, such that you set yours for upload, and it is automatically downloaded by all other P2P users.  Of course, wallet files would be truecrypted.

Unless a way is found to break truecrypt encryption, then the wallets are very safe from accidental destruction, and very secure from those that would do harm with backups.
TierNolan (OP)
Legendary
*
Offline Offline

Activity: 1232
Merit: 1104


View Profile
June 27, 2011, 09:35:31 PM
 #8

Unless a way is found to break truecrypt encryption, then the wallets are very safe from accidental destruction, and very secure from those that would do harm with backups.

It is possible to add data directly to the block chain.  You send a coin to yourself and encode info in the script.

The new problem becomes forgetting your password, rather than losing your wallet Smiley.

1LxbG5cKXzTwZg9mjL3gaRE835uNQEteWF
SgtSpike
Legendary
*
Offline Offline

Activity: 1400
Merit: 1005



View Profile
June 27, 2011, 09:41:39 PM
 #9

Unless a way is found to break truecrypt encryption, then the wallets are very safe from accidental destruction, and very secure from those that would do harm with backups.

It is possible to add data directly to the block chain.  You send a coin to yourself and encode info in the script.

The new problem becomes forgetting your password, rather than losing your wallet Smiley.
In my opinion, that is a better problem to have.  Smiley
Dirt Rider
Member
**
Offline Offline

Activity: 111
Merit: 10


View Profile
June 27, 2011, 11:18:54 PM
 #10

How about....

An application for P2P storage of all wallet files, such that you set yours for upload, and it is automatically downloaded by all other P2P users.  Of course, wallet files would be truecrypted.

Unless a way is found to break truecrypt encryption, then the wallets are very safe from accidental destruction, and very secure from those that would do harm with backups.

I like this idea! 

Only part that makes me nervous is "Unless a way is found to break truecrypt encryption...".  If a way is found, POOF!!  All coins are lost.  Or, maybe if the wallet is broken into many chunks and the p2p network had no knowledge of which chunks go together but the client would be able to figure that out based on passwords/key files/etc and some algorythm, and then retrieve the needed chunks from the network in order to rebuild the wallet?  Or something along these lines.  Interesting!!
SgtSpike
Legendary
*
Offline Offline

Activity: 1400
Merit: 1005



View Profile
June 27, 2011, 11:32:54 PM
 #11

How about....

An application for P2P storage of all wallet files, such that you set yours for upload, and it is automatically downloaded by all other P2P users.  Of course, wallet files would be truecrypted.

Unless a way is found to break truecrypt encryption, then the wallets are very safe from accidental destruction, and very secure from those that would do harm with backups.

I like this idea! 

Only part that makes me nervous is "Unless a way is found to break truecrypt encryption...".  If a way is found, POOF!!  All coins are lost.  Or, maybe if the wallet is broken into many chunks and the p2p network had no knowledge of which chunks go together but the client would be able to figure that out based on passwords/key files/etc and some algorythm, and then retrieve the needed chunks from the network in order to rebuild the wallet?  Or something along these lines.  Interesting!!

Yeah, I would have no idea how to actually go about coding something to support an "everyone's wallet" P2P storage system, but I think it's a good idea.  The risk of 2048 bit encryption being cracked is relatively slim.  Even if it was cracked, the perp would only have access to one wallet, since each wallet was encrypted separately.  And you'd probably hear about it before too many more wallets were cracked, giving you plenty of time to create a new local wallet and transfer all your coins to it (and then create the obligatory "I've been hacked, please donate!" thread just for kicks).

One potential problem is that of bruteforcing the password, but with sufficient length, it would be impractical for an attacker to go after yours.  Just make sure it will outpace that computing law (that states a doubling of power every 18 months) for your lifetime, and you should be fine.
o_dima
Full Member
***
Offline Offline

Activity: 179
Merit: 100


View Profile
June 28, 2011, 07:47:56 PM
 #12

How about....

An application for P2P storage of all wallet files, such that you set yours for upload, and it is automatically downloaded by all other P2P users.  Of course, wallet files would be truecrypted.

Unless a way is found to break truecrypt encryption, then the wallets are very safe from accidental destruction, and very secure from those that would do harm with backups.

You are talking about p2p encrypted backup system Wuala! (128 bit AES and 2048 bit RSA and SHA-256 and bla bla bla) - go and get it. It even more secure as nobody will guess that your wallet is stored in clouds with all other encrypted gargbage of the world.
 
SgtSpike
Legendary
*
Offline Offline

Activity: 1400
Merit: 1005



View Profile
June 28, 2011, 10:30:42 PM
 #13

I see nothing in Wuala! about P2P... please enlighten me.
o_dima
Full Member
***
Offline Offline

Activity: 179
Merit: 100


View Profile
June 29, 2011, 04:02:37 AM
 #14

Yes, sory it centralised... I just read this:   "You start with 1 GB... If you want more, you can either buy more storage, or trade some space on your hard disk for additional online storage."  and get it as P2P principle.
SgtSpike
Legendary
*
Offline Offline

Activity: 1400
Merit: 1005



View Profile
June 29, 2011, 04:22:49 AM
 #15

Yes, sory it centralised... I just read this:   "You start with 1 GB... If you want more, you can either buy more storage, or trade some space on your hard disk for additional online storage."  and get it as P2P principle.
Ahhh, gotcha.  Pretty neat idea then.  But it's still centralized, which means it MAY not last forever.  The nice thing about a truly decentralized P2P storage system is that it would never die, as long as people kept using it.
TierNolan (OP)
Legendary
*
Offline Offline

Activity: 1232
Merit: 1104


View Profile
June 29, 2011, 09:15:07 PM
 #16

I created a c program that will do the shamir sharing system.

This system generates shares that are the same size as the original secret file.

The secret must be a number from 0 to 65808 (uses 65809 as prime for modulo arithmetic).

However, you can use it over and over again on a file.  Keeping the numbers small means that a big number library isn't needed and it doesn't weaken the scheme.  You still need (file size)*(number of shares) worth of random data.

In fact, there is an implementation which does it one byte at a time.

By using 65809 as the prime, it will be able to encode one byte and 2 byte secrets (65536 + 256) = 65792. 

The next step is to add a file reader and have it generate n secret shares.

1LxbG5cKXzTwZg9mjL3gaRE835uNQEteWF
SgtSpike
Legendary
*
Offline Offline

Activity: 1400
Merit: 1005



View Profile
June 29, 2011, 09:21:47 PM
 #17

Why do you need to generate a bunch of useless data to obscure the original wallet file if the original wallet file is encrypted?
TierNolan (OP)
Legendary
*
Offline Offline

Activity: 1232
Merit: 1104


View Profile
June 29, 2011, 10:36:25 PM
 #18

Why do you need to generate a bunch of useless data to obscure the original wallet file if the original wallet file is encrypted?

This means that you don't need to remember a password.  If you create 5 shares, then you can recover your file directly, as long as you have at least 3 of them.  In fact, the system allows as many shares as you want and any threshold.  You could have 100 shares and only need 2 to decode the file.

In fact, it would be worth doing both.  You could encrypt your wallet.dat file and use this system as a backup.

1LxbG5cKXzTwZg9mjL3gaRE835uNQEteWF
SgtSpike
Legendary
*
Offline Offline

Activity: 1400
Merit: 1005



View Profile
June 29, 2011, 10:59:18 PM
 #19

Why do you need to generate a bunch of useless data to obscure the original wallet file if the original wallet file is encrypted?

This means that you don't need to remember a password.  If you create 5 shares, then you can recover your file directly, as long as you have at least 3 of them.  In fact, the system allows as many shares as you want and any threshold.  You could have 100 shares and only need 2 to decode the file.

In fact, it would be worth doing both.  You could encrypt your wallet.dat file and use this system as a backup.
Couldn't someone just download all 65000 random files to find the one that is an actual wallet file?

I guess I am really confused about how this would work.  If I needed shares to recreate the original file, why wouldn't I just keep the original file to begin with?  What happens if I lose my shares?  The file is gone?  Wouldn't that defeat the purpose of the backup to begin with?
TierNolan (OP)
Legendary
*
Offline Offline

Activity: 1232
Merit: 1104


View Profile
June 29, 2011, 11:50:14 PM
 #20

I guess I am really confused about how this would work.  If I needed shares to recreate the original file, why wouldn't I just keep the original file to begin with?  What happens if I lose my shares?  The file is gone?  Wouldn't that defeat the purpose of the backup to begin with?

The process is

encode file

This generates 5 files
file.1
file.2
file.3
file.4
file.5

you can now delete the original file

You put the shares on 5 different USB drives and spread them out.

If you need to get the file back, you need any 3 of the 5 shares.

decode file.2 file.3 file.5

This generates the original file.

This means that if 1 share gets stolen, you can still recover the original file.

In fact, if any of the 5 are lost/stolen/broken, it is probably worth regenerating all 5.

The way I think it would work is that you would be prompted to insert the USB sticks one at a time.

1LxbG5cKXzTwZg9mjL3gaRE835uNQEteWF
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!