What if the wallet was you.

[trcwhale]

Hi,

I was thinking about an idea today. Everyone talks about storing bitcoins securely. Some print of paper wallets, others store on usb keys. There are so many way but all of them are not so secured.

What if BTC or any other crypto key pair (Private/Public) were generated based on unique biometrics. That way the private key can be you. That way you will never would have to carry anything with you.

What do you think of that?

[1714987309]

1714987309

[1714987309]

1714987309

[1714987309]

1714987309

[Automatic]

And then get mugged in the street?
Have to pay for special hardware to be able to decode this stuff?
Only have a limited amount of seeds per-person?
Being able to be tracked by any entity that can force you to validate yourself?

I'm good.

[bitpop]

,

[trcwhale]

And then get mugged in the street?
Have to pay for special hardware to be able to decode this stuff?
Only have a limited amount of seeds per-person?
Being able to be tracked by any entity that can force you to validate yourself?

I'm good.

We are already getting tracked when carrying mobile phones. So tracking here is not even an issue anymore. Now the same thing can be said about asking to reveal your passphrase, pin for your card or a password to your phone  by someone in the dark alley. Private key storage is a big issue. You don't necessary have to tell anybody that you generated your key pair based on your own biometrics but i think combined that with password this can be really good way of storing it. Meaning it can always be extracted back. That way you never loose it sort of thing.

[oleganza]

Apple does it already to decrypt the keychain on iPhone 5s with your fingerprint. You just have to drop your keys in the keychain and the OS will take care of securing it for you.

[bitpop]

Apple does it already to decrypt the keychain on iPhone 5s with your fingerprint. You just have to drop your keys in the keychain and the OS will take care of securing it for you.

They also the care of backing it up with the nsa for you so they can seize them

[DanielVG]

bad idea, i prefer anonymity and privacy over security.

[DeathAndTaxes]

The issue is that biometrics are not deterministic.  

When you "login" using a biometric it compares the stored "good" biometric with the login attempt and if it is close enough you get logged in.  If you think about this from a wallet perspective this means the biometric is not used to create (or unlock) the wallet it is only used for authentication of the attempted use.  The wallet already has the ability to spend the coins independently of the biometric.  If a hacker doesn't have the biometric data (stolen wallet) they would quickly figure out ways to hack the device itself. 

The OP seems to suggest creating an HD wallet from a biometric seed.  There are two issues with this.  The first is that biometrics are never exact matches.  If you scan the same fingerprint multiple times and convert it into a number, the output will be different each time.   A deterministic seed needs to be deterministic, this means the seed generated is always the same.  Although I don't like the risk of brain wallets if you hash a given passphrase it will always produce the same seed.  It couldn't work if sometimes it produced a different seed.

The other issue is that most biometric samples have little entropy because high precision scanners are expensive (and if you are just doing a "close enough" match serve no purpose).  They lack sufficient entropy to prevent an attack from brute forcing all possible seeds that can be produced from the device and then stealing the ones which are funded.  Biometrics are good as a SECOND (or third) FACTOR (something you know, something you have, something) not for producing a deterministic seed.

[drrussellshane]

Now Bitcoin detractors will really think bitcoiners are bringing on the "Mark of the Beast"!

[oleganza]

Apple does it already to decrypt the keychain on iPhone 5s with your fingerprint. You just have to drop your keys in the keychain and the OS will take care of securing it for you.

They also the care of backing it up with the nsa for you so they can seize them

That's the implementation detail. Also, your hardware is always a trusted counterparty.

[cbeast]

Apple does it already to decrypt the keychain on iPhone 5s with your fingerprint. You just have to drop your keys in the keychain and the OS will take care of securing it for you.

I wonder how many have had a finger stolen along with their iphone?

[trcwhale]

The issue is that biometrics are not deterministic.  

When you "login" using a biometric it compares the stored "good" biometric with the login attempt and if it is close enough you get logged in.  If you think about this from a wallet perspective this means the biometric is not used to create (or unlock) the wallet it is only used for authentication of the attempted use.  The wallet already has the ability to spend the coins independently of the biometric.  If a hacker doesn't have the biometric data (stolen wallet) they would quickly figure out ways to hack the device itself. 

The OP seems to suggest creating an HD wallet from a biometric seed.  There are two issues with this.  The first is that biometrics are never exact matches.  If you scan the same fingerprint multiple times and convert it into a number, the output will be different each time.   A deterministic seed needs to be deterministic, this means the seed generated is always the same.  Although I don't like the risk of brain wallets if you hash a given passphrase it will always produce the same seed.  It couldn't work if sometimes it produced a different seed.

The other issue is that most biometric samples have little entropy because high precision scanners are expensive (and if you are just doing a "close enough" match serve no purpose).  They lack sufficient entropy to prevent an attack from brute forcing all possible seeds that can be produced from the device and then stealing the ones which are funded.  Biometrics are good as a SECOND (or third) FACTOR (something you know, something you have, something) not for producing a deterministic seed.

This is very interesting.

What do you propose then?  What is the best solution of storing private key without worrying about having it lost? If this not solved BTC and other cryptos will never get much traction with general population. Most people would just be afraid of having any significant sum of money stored in crypto.

[sb1412a]

By utilising the option to do this: http://en.wikipedia.org/wiki/Mind_uploading

I think that anyone would be stupid to suggest that this won't be possible in the future. People will be uncomfortable with it and it won't be widely adopted for along time, but within 1000 years (perhaps more than half that timeframe) I believe all personal digital assets will be stored in the mind.

Either: regulations will mean that you can't escape it, like in Minority Report, or it will just be so normal to people by then that it won't be an issue, and people see it as the preferable method of storage and usage.

Mind recognition would be available for transactions. This could still be an anonymous act - no machine would actually need to know who you are, because it will just be matching your brain composition to your wallet, very much like a fingerprint. Your brain would just be an HD but with a unique structure, but an anonymous unique structure. You would not be giving up your details, you are simply another number to the network and it recognises your brain pattern on its database, which is synced to your wallet (which happens to be stored in your brain).

Way way into the future though...

[piotr_n]

Hi,

I was thinking about an idea today. Everyone talks about storing bitcoins securely. Some print of paper wallets, others store on usb keys. There are so many way but all of them are not so secured.

What if BTC or any other crypto key pair (Private/Public) were generated based on unique biometrics. That way the private key can be you. That way you will never would have to carry anything with you.

What do you think of that?

FWIK, there isn't any known biometrics method that would be secured enough for protecting huge amounts of money.
Everything that you can measure about your body can be copied - and that's the problem.

I personally think that the best solution is a wallet based on a seed password, which you just hide in your head.
Exactly the one I developed and have been using successfully for over half a year already.

[trcwhale]

Hi,

I was thinking about an idea today. Everyone talks about storing bitcoins securely. Some print of paper wallets, others store on usb keys. There are so many way but all of them are not so secured.

What if BTC or any other crypto key pair (Private/Public) were generated based on unique biometrics. That way the private key can be you. That way you will never would have to carry anything with you.

What do you think of that?

FWIK, there isn't any known biometrics method that would be secured enough for protecting huge amounts of money.
Everything that you can measure about your body can be copied - and that's the problem.

I personally think that the best solution is a wallet based on a seed password, which you just hide in your head.
Exactly the one I developed and have been using successfully for over half a year already.

This is all good for us geeks. However people can't even remember simple passwords. For average person the password is not a good solution. For now I think there will be for trusted party who will store your bitcoins somewhere online. Of course with another party act as insurance. I think there is a service need here.

[piotr_n]

This is all good for us geeks. However people can't even remember simple passwords. For average person the password is not a good solution.

When they know that by forgetting this password they will loose a lot of money, they will never forget it - doesn't matter whether they are geeks, or not.

Unless they are stupid, of course - in which case there is no reliable method, for securing their cache, anyway.
So then indeed, in such case, the best they can do is give their money to someone else to watch it for them.
E.g. they can deposit it on MtGox, because MtGox has the best security of all the exchanges / online wallets, with yubikey and stuff...

[rmines]

Currently most popular biometric security systems are fingerprint based.
Think about what would happen if you would lose a hand or severely burn your finger tips..

[bloss]

This already exists. A brainwallet based on a truly random and memorized 160+ bits of entropy passphrase.

[oleganza]

Here's a second draft: http://oleganza.com/blind-ecdsa-draft-v2.pdf

The algorithm is the same, but presentation is made clearer.

[chris56a]

Hi,

I was thinking about an idea today. Everyone talks about storing bitcoins securely. Some print of paper wallets, others store on usb keys. There are so many way but all of them are not so secured.

What if BTC or any other crypto key pair (Private/Public) were generated based on unique biometrics. That way the private key can be you. That way you will never would have to carry anything with you.

What do you think of that?

i herd about someone working on a usb drive that can only be open with your own personal heart beat