Bitcoin is not enough: we need open source hardware

[Lionel]

When you say that your private key is in your hands, you mean that it is stored in a device you trust.
Or if it is on paper,  you assume that when you will import/use the PK on a device to make a payment/transfer, you trust that device.

What if the NSA asks hardware manufacturers to integrate spy chips in their devices?
Your PC may have a spy controller chip that reads your PK from your HD and sends it over to the NSA via your network card.

I'd like many open source computer and phone projects to pop up, but there are just a few of them and don't seem to get traction.
Maybe the people is still not concerned enough with their privacy. ... but hey we are talking about our life's savings here!

[1714938528]

1714938528

[1714938528]

1714938528

[RocketSingh]

You can create a Private Key just by pen, paper and a dice. 3 letter agencies can do a f**k about that.

[DooMAD]

It's not the easiest problem to solve.  Even if there was some sort of online repository where you could view the code for your firmware, you would also need the hardware itself to broadcast something like an MD5 checksum so you could check the integrity of your firmware on any given device and ensure it matches exactly what is in the repository.  

And the bigger question, even if you could get hardware to do that, how many people would actually bother to check it matches?  Is the average user really that security-conscious?

[butka]

You are right in that having a closed source hardware, like Intel or AMD, can be a potential liability. I'm not overly familiar with this subject, but I think there are independent hardware manufacturer you can switch to, like Raspberry pi.  

Alternatively, if you use an air-gapped computer, you can get by even with closed source hardware, as discussed in this thread:

https://bitcointalk.org/index.php?topic=2690001.0

[...]

Even if I moved all of my private keys into an airgapped laptop which has never seen the internet after being formatted, when I wanted to sign an offline transaction into the online node... the node is still connected to the internet, could somehow a exploit happen in the process?

Signing an offline transaction with an airgapped device won't compromise your private keys, since the online device that transmits the transaction has no access to the private keys on the airgapped device.

However, the following possible exploits still prevail, regardless of Meltdown and Spectre:

-) A compromised USB stick could still grab your private keys from the airgapped device while copying the signed transaction for later transmission using the online device.

-) Simply moving a private key from an online device to an airgapped device will do little for your security. The private keys should be generated by the airgapped device itself.

-) Make sure your device is indeed airgapped and doesn't try to connect to any open Wifis that may be around.


Basically, every offline approach to wallet security still holds. Hot wallets are more susceptible to attacks than ever, at least until the security updates are out.

[Lionel]

You are right in that having a closed source hardware, like Intel or AMD, can be a potential liability. I'm not overly familiar with this subject, but I think there are independent hardware manufacturer you can switch to, like Raspberry pi.  

Alternatively, if you use an air-gapped computer, you can get by even with closed source hardware, as discussed in this thread:

https://bitcointalk.org/index.php?topic=2690001.0

[...]

Even if I moved all of my private keys into an airgapped laptop which has never seen the internet after being formatted, when I wanted to sign an offline transaction into the online node... the node is still connected to the internet, could somehow a exploit happen in the process?

Signing an offline transaction with an airgapped device won't compromise your private keys, since the online device that transmits the transaction has no access to the private keys on the airgapped device.

However, the following possible exploits still prevail, regardless of Meltdown and Spectre:

-) A compromised USB stick could still grab your private keys from the airgapped device while copying the signed transaction for later transmission using the online device.

-) Simply moving a private key from an online device to an airgapped device will do little for your security. The private keys should be generated by the airgapped device itself.

-) Make sure your device is indeed airgapped and doesn't try to connect to any open Wifis that may be around.


Basically, every offline approach to wallet security still holds. Hot wallets are more susceptible to attacks than ever, at least until the security updates are out.

Very smart solution ! +5 merit

About the USB stick, what about if you don't use it: just generate a QR code of the signed tx on the airgapped PC, and you take a pic of the QR with a phone.
That eliminates the need to plug untrusted devices/sticks to the airgapped PC

The only thing left is mining. If you have a mining pool or are mining solo ( maybe a minor altcoin ) , you still need a fully synced node with the PK in its folder, and internet connection.

[butka]

Very smart solution ! +5 merit

Thanks I appreciate it very much, but all the credit goes to @HeRetiK

About the USB stick, what about if you don't use it: just generate a QR code of the signed tx on the airgapped PC, and you take a pic of the QR with a phone.
That eliminates the need to plug untrusted devices/sticks to the airgapped PC

Yes, that's an excellent solution and as far as I can remember, it has been suggested before in this context of transferring signed transactions between the cold and hot wallets.

The only thing left is mining. If you have a mining pool or are mining solo ( maybe a minor altcoin ) , you still need a fully synced node with the PK in its folder, and internet connection.

Yes, that's right. I have no idea how this might be solved.

[hosseinamin]

FPGA can be a possible solutions for more controlled transaction signing. Since these devices are made for engineers to build chips.

[domob]

The only thing left is mining. If you have a mining pool or are mining solo ( maybe a minor altcoin ) , you still need a fully synced node with the PK in its folder, and internet connection.

Why is mining a problem?  At least for Bitcoin and alts that work similarly, you do not need the private key at all for constructing a block.  So you can create the private key and its corresponding address on your offline device, and then just use that in your online mining computer.

Two more things to be aware of when using an airgapped computer:

• If the device is compromised, it could try to manipulate the transaction you are signing (i.e. change it to one that sends all your coins to the attacker).  As soon as the transaction gets onto your online computer, it could be broadcast.  So to be really secure, you need to verify the signed transaction independently and before putting it onto an insecure device connected to the internet.
• A compromised airgapped computer could still try to leak your private key through the transaction signatures it generates.

[suzanne5223]

You can create a Private Key just by pen, paper and a dice. 3 letter agencies can do a f**k about that.

You seems not to understand the concern of the OP cause he was not talking about the creation of private keys but people privacy which might leak now or in the future if NSA tell computers and phone manufacturer company to integrate a spy chip and we both know that everything about crypto currency have to do with phones or computers.

[posi]

When you say that your private key is in your hands, you mean that it is stored in a device you trust.
Or if it is on paper,  you assume that when you will import/use the PK on a device to make a payment/transfer, you trust that device.

What if the NSA asks hardware manufacturers to integrate spy chips in their devices?
Your PC may have a spy controller chip that reads your PK from your HD and sends it over to the NSA via your network card.

I'd like many open source computer and phone projects to pop up, but there are just a few of them and don't seem to get traction.
Maybe the people is still not concerned enough with their privacy. ... but hey we are talking about our life's savings here!

I never thought of this kind of thing happening this before, I understand and respect your opinion. We definitely need an open source hardware because the possibility that the NSA will make this kind of move in the future is high but how can we this happening when we barely have the right link to achieve it.

[Lucius]

Perhaps the OP concern regarding NSA or some other USA agencies is justified by the fact that NSA is working for years on methods of monitoring and identification of bitcoin users. But I would bet that the Chinese in this matter are even more dangerous. Few years ago it was discovered they spy almost all American big companies, included even secret agencies and the ministry of defense.

I am not sure how we can protect our private keys in such world, Ledger or Trezor are too small to resist such challenges. Regardless of the methods we use for storage, nothing is 100% safe.

[ABCbits]

While i agree with your opinion, it's tall-order because :
1. Maintain open-source software is expensive and difficult, many companies don't bother do it especially because they obtain security through obscurity
2. Open-source isn't guarantee there's no spy or backdoor. For example, firmware on one of Bitmain's ASIC (i think it's Antminer S9) had a backdoor for remote shutdown.
3. One people simply can't verify all source-code of software/hardware he uses, he must trust others at some point.

While it's a bit off-topic, have you tried using computer for everyday usage only with open-source software/driver?
I tried it for a bit, but it's extremely difficult. There weren't any free/open-source driver for my wi-fi card and it's GPU driver isn't good enough is crap for 3D gaming.

I'm not overly familiar with this subject, but I think there are independent hardware manufacturer you can switch to, like Raspberry pi.  

Unfortunately, not all parts of Raspberry Pi is open source. Some hardware parts, especially it's SoC (System-on-a-chip) is closed source and it's open source GPU driver isn't as good as Proprietary GPU driver.

[butka]

Unfortunately, not all parts of Raspberry Pi is open source. Some hardware parts, especially it's SoC (System-on-a-chip) is closed source and it's open source GPU driver isn't as good as Proprietary GPU driver.

I see. Thanks for correcting me. Despite not all parts being open source, do you still consider using Raspberry Pi a better option security-wise than using Intel/AMD hardware?

[Carlton Banks]

It exists: the RISC-V ISA

The Bitcoin developers are ahead of the game somewhat, Bitcoin core 0.18.0 release will have RISC-V binaries

[aliashraf]

It exists: the RISC-V ISA

The Bitcoin developers are ahead of the game somewhat, Bitcoin core 0.18.0 release will have RISC-V binaries

RISC-V is hardly relevant, it is open cpu design mainly with focus on the interface, i.e. instruction set. What op is worried about is manufacturer's malicious behavior not design flaws.

[hatshepsut93]

What if someone:

1. Uses a hardcore cold storage setup.

2. Has a Faraday cage to ensure that there's no transmissions at all.

3. Generates private keys physically, for example with dice.

Would this be enough to defeat backdoored hardware?

[Carlton Banks]

RISC-V is the only open instruction set out there, or at least the only modern design (the older MIPS stuff was open sourced recently if I remember rightly)

The only way to get total control of an open ISA as an end-user is to validate the chip design all by yourself, then fabricate the chip yourself in your garden shed. Presumably that's what you intend to do?

[Lionel]

@hatshepsut93 If the "hardcore cold storage setup" is just a formatted PC with Linux, it's not a bulletfproof solution. It still suffers from the issue pointed out by @domob. The cold storage device in the Faraday cage may have a malicious memory controller chip that messes up the transaction script generated by your wallet, to put the attacker's receiving address in it.

@Carlton Banks Doing it the hard way ( by yourself from scratch) is obviously a solution. But i hoped it was not necessary.
But why would you build a hardware chip that fully implements a general-purpose ISA, like RISC-V  ?
You don't need the complexity of a general purpose ISA, when the functionality you need is just generating transactions.
Why don't design an ASIC chip just for that function? Should be simpler.

[Carlton Banks]

But why would you build a hardware chip that fully implements a general-purpose ISA, like RISC-V  ?
You don't need the complexity of a general purpose ISA, when the functionality you need is just generating transactions.
Why don't design an ASIC chip just for that function? Should be simpler.

Like hatshepsut93 said, you can go the pencil and paper route to create the private/public keypairs. And like I said, if you want to use an open chip design, you still have to trust the manufacturer of the chip to produce the design according to the open spec

[Lionel]

FPGA can be a possible solutions for more controlled transaction signing. Since these devices are made for engineers to build chips.

That would be a good compromise.
I am not into FPGAs, so i ask you: is it easy to verify there aren't suspicious components in there?

For motherboards  it is not easy to check.
See https://tech.slashdot.org/story/17/11/07/1041236/minix-intels-hidden-in-chip-operating-system
or https://itsfoss.com/fact-intel-minix-case/

Or even for CPU cores: https://www.tomshardware.com/news/x86-hidden-god-mode,37582.html