[ANN] Krogothmanhattan x Polymerbit: Customer DIY key generation with Trezor

[polymerbit]

Customer DIY key generation with Trezor


During brunch in NYC, Krog and I were discussing issues faced by the collectible community.  The fact that a buyer has to inherently trust the keymaker to remain honest is a flaw. Polymerbit attempted to test how the market reacts to an alternative by releasing those DIY triangle notes in A4 format. Our findings were clear; only one buyer actually reported adding keys on the note. The fact that most people do not have an air gapped printer, meant that few were willing to go ahead with DIY keys. This stopped the DIY project dead in its tracks, forcing us to scrap the rest of the series. Korg suggested to try something new that may be useful to various coin makers. All coin makers are welcome to test this as well. In theory, this should allow Trezor holders to easily request custom keys for works issued by Polymerbit and others.



A unique test print was made using this process, with the note being shipped to Korg. These notes would not be resold, but would be useful as gifts or for a personal collection.

-------








WARNING: Run a malware and antivirus program prior to starting.

Reset a Trezor hardware wallet.
      Write down the 12- or 24-word seed clearly on a piece of paper in the right order
       Create a long passphrase, at least 16 characters long using letters, numbers and symbols. The longer the better.


       Copy the public address given for the passphrase hidden wallet. Copy the QR code as well by using a screenshot if need be.

      To verify correct transcription, you can confirm the backup via the Trezor “CHECK BACKUP” option or reset the Trezor, and input the seed and then the passphrase. If the correct seed and passphrase are input, then the same public address you have copied will be shown again. If not then you made a mistake and need to try again to confirm that what you wrote down is correct. There can be no errors in this procedure. Once they match, then send the public key to Polymerbit.


                          Sending the SEED and the PUBLIC KEYS to POLYMERBIT
 
             A different device should be used to send the seed to Polymerbit. This is so in the event the computer where the Trezor passphrase is being created is infected or has a keylogger, the only item the hacker will get is the passphrase, which will be useless without the seed.

For additional security, the seed could also be mailed physically.


ADDITIONAL INFO:

      So, as a precaution the seed should be uploaded to Polymerbit’s website via a different device. The passphrase and the seed should never be seen on the same computer at all to ensure there is no vulnerability.


   In the event the seed is compromised, it will be useless without the passphrase and the same if the passphrase is compromised, it is useless without the seed.

The passphrase should be made of alphanumeric/symbols and be at least 16 characters long. Customer should be made aware to never share it and to place in secure spot. As the only way to be able to redeem the notes is with that passphrase and without it, then the Bitcoin will be lost forever.

[1714275259]

1714275259

[1714275259]

1714275259

[1714275259]

1714275259

[1714275259]

1714275259

[1714275259]

1714275259

[Suzuki Matt]

This is intresting. I might buy a trezor just to try. 😂

[geophphreigh]

Sounds great. Glad to see some thought put into this from respected creators. Reminds me of the process Ballet uses to create their wallets on their cards. Requiring both key and validation phrase to use, with each created independently.

I would love to test this out, have plenty of Trezors laying around that could be reset or dedicated to this process for me.

Personally, I would put the pasphrase under a second hologram on the note so it is secure and not lost. Might be nice to include space on the note for this along with a second hologram. Becomes a new form of DIY.

Curious to see what comes of this. Great work.

Geo

[krogothmanhattan]

 Hi all.....Initially I did suggest using BIP38 like I used on my online stamp in 2017...its been loaded with 0.02 BTC since then and also the private keys exposed and the BTC still not stolen!

     http://www.crypto-stamps.com/private3.html

   But in order to do that...The person would need to get a program to create the BIP38 keys and also have an airgapped computer as well.
That program can also be created maliciously by the coinmaker so you are vulnerable.

   So this new idea dawned on me....the buyer would never need to have an airgapped computer at all or download any program and trust the coinmaker.

   By using a well known wallet like Trezor, this will make a physical loaded item completely trustless!
 
   Also it being a hierarchical deterministic wallet, you can actually create an infinite sets of keys as well.

    
  The whole idea with this is as follows…

 

    If polymerbit or any coinmaker came out with a certain note or coins….say 1 limited edition of 100…then they can still be created with my idea…the owner can still display his loaded physical item…in a limited edtion polymerbit…or coin and never ever have to worry his BTC will be swept!

   Also the items can be loaded to face value by the maker as well…making the item loaded by creator and keys generated by owner!

     Below is a sample made....all the seeds here are exposed and the addy is loaded with $200 worth of BTC. SO take it if you can crack it!

     In a sold version the seed would be under a security hologram.

     Another amazing thing is, you can then reset your Trezor and use it for another note or to use for your personal BTC stash.

            

            

[MoparMiningLLC]

How is this affected by the recent development showing where trezors can be easily hacked if they have physical custody? Would that put any of these seeds/keys at risk? Or is the passphrase sufficient? I simply dont trust hardware wallets.

[krogothmanhattan]

How is this affected by the recent development showing where trezors can be easily hacked if they have physical custody? Would that put any of these seeds/keys at risk? Or is the passphrase sufficient? I simply dont trust hardware wallets.

  Very good question....First of all, the hacker needs to have custody of your Trezor...THEN...the attacker must possess a specialized hardware tool, strong technical knowledge, and physical access to bypass the protection! How many have that knowledge and tools!

    So there is a way around it....that is guaranteed that even if your trezor falls in a person with all this knowledge and tools....Simply, reset your Trezor!
This will wipe away your seed and passphrase you have generated for your physical collectable device!  Its like it never existed at all! And you can then generate a new seed and use the wallet in whichever way you please!

   BUT, for arguments sake...LETS SAY....you did not do that and the right people and equipment stole your trezor.

     Even though they get your seed, they will not get your passphrase for your hidden wallet. They cannot tell if you ever had a hidden wallet as the seed only gets them to the first wallets that are used with passphrases. And the passphrases I am talking about is for the hidden wallets not the passcode to open the Trezor!

        SO as per Trezor below...

      How does it work?
As part of the initialization process, your Trezor device generates a random number which is converted into a recovery seed and stored in the memory. Your Trezor uses this string of standard English words to generate your private keys, serving as a kind of 'master access key'  for unlocking access to your Bitcoin funds.

By default, the Trezor Model One creates a wallet with a 24-word seed phrase, whereas the Trezor Model T generates a wallet using a 12-word seed. This is referred to as your 'Standard wallet' in Trezor Suite.

By using a passphrase, you're effectively adding an extra word to the seed phrase, creating a brand new 'Hidden wallet'.

In fact, you can generate as many passphrase-protected hidden wallets as you like, but you must be extremely careful not to lose any of your passphrases. Remember, if you lose a passphrase, you lose access to any funds stored in the hidden wallet!

Essentially, whenever a Trezor device is used, it derives a cryptocurrency wallet using the following (extremely simplified) formula:   

       recovery seed + passphrase = hidden wallet

which can be summarized using the following schematic:

 

[MoparMiningLLC]

I guess I dont trust hardware - why not just create your own seed phrase and pass phrase without any hardware to rely upon? That could work as well in this scenario right?

[owlcatz]

I guess I dont trust hardware - why not just create your own seed phrase and pass phrase without any hardware to rely upon? That could work as well in this scenario right?

Of course, but I think it's more about making "Loaded" collectibles "easier" to trust. (?)  Most people don't feel comfortable making their own keys/paper wallet I think too... 🤷‍♂️

It's not that I don't trust the hardware, it does put an extra barrier in place at least from your keys getting exposed, but this kind of thing also relies on Trezor itself being around forever essentially, am I correct?  (I don't know enough about key generation there sorry, but I do know there are a lot of different things you can do with a trezor.

I have both models, but don't actively use them anymore myself, so am now looking at https://www.blocknative.com/blog/custom-derivation-paths#1 to try and understand more about what else can be done with a Trezor, even perhaps programmatically.

[MoparMiningLLC]

I guess I dont trust hardware - why not just create your own seed phrase and pass phrase without any hardware to rely upon? That could work as well in this scenario right?

Of course, but I think it's more about making "Loaded" collectibles "easier" to trust. (?)  Most people don't feel comfortable making their own keys/paper wallet I think too... 🤷‍♂️

It's not that I don't trust the hardware, it does put an extra barrier in place at least from your keys getting exposed, but this kind of thing also relies on Trezor itself being around forever essentially, am I correct?  (I don't know enough about key generation there sorry, but I do know there are a lot of different things you can do with a trezor.

I have both models, but don't actively use them anymore myself, so am now looking at https://www.blocknative.com/blog/custom-derivation-paths#1 to try and understand more about what else can be done with a Trezor, even perhaps programmatically.

This process looks quite a bit more difficult than a diy pk with BIP39 seed and passphrase

But maybe that is because I dont know trezor very well - I personally have 2 of them but wont use em - part of me feels that all hardware wallets leak out your information/keys/seed phrase/pass phrases etc thats just me though.

[owlcatz]

This process looks quite a bit more difficult than a diy pk with BIP39 seed and passphrase

But maybe that is because I dont know trezor very well - I personally have 2 of them but wont use em - part of me feels that all hardware wallets leak out your information/keys/seed phrase/pass phrases etc thats just me though.

I suppose unless the code used on "xxx" device is actually open-sourced so can be vetted, who knows, so you could be right.

Hell, I may have one of these systems running, I still have to check..   https://www.theregister.com/2023/06/02/gigabyte_uefi_backdoor/

You really cannot trust anything not open-source, so I have to agree with you in principle there, however, any reputable company would not do that I would think, especially in this business. Or I hope at least.

[krogothmanhattan]

I guess I dont trust hardware - why not just create your own seed phrase and pass phrase without any hardware to rely upon? That could work as well in this scenario right?

   I am aware of creating your own BIP39 mnemonic phrase from a list of 2048 words.....the question then is to convert them to the keys to go with the chosen 12 or 24 words. I do not think that many users out there would opt to go with this if it becomes too technical.

   Also then when it comes to generating a passphrase for the hidden wallet.
 
   It should work but the question is again would the average Joe want to go thru this and be technical savvy enough to do it.

[krogothmanhattan]

This process looks quite a bit more difficult than a diy pk with BIP39 seed and passphrase

But maybe that is because I dont know trezor very well - I personally have 2 of them but wont use em - part of me feels that all hardware wallets leak out your information/keys/seed phrase/pass phrases etc thats just me though.

I suppose unless the code used on "xxx" device is actually open-sourced so can be vetted, who knows, so you could be right.

Hell, I may have one of these systems running, I still have to check..   https://www.theregister.com/2023/06/02/gigabyte_uefi_backdoor/

You really cannot trust anything not open-source, so I have to agree with you in principle there, however, any reputable company would not do that I would think, especially in this business. Or I hope at least.

   Trezor is 100% open source unlike some other wallets. Also any BIP39 wallet seed can be used on any other wallet that is BIP39...regardless if the company goes bust or not.

    As per Trezor..

    Trezor hardware wallets use open-source designs so security experts and researchers can audit every process. This means your device is kept updated against threats, both real and theoretical.

When security is transparent, backdoors and potential exploits have nowhere to hide. Trezor is trust-less and decentralized, exactly like Bitcoin.

       In the unexpected event that the company Trezor becomes insolvent, your device will continue to be the safest place for your coins.

      This means that you can recover your cryptoassets on any BIP39 compatible wallet. For example, if you have cryptoassets on a Trezor One and the Trezor One gets lost or damaged, then you can enter in the recovery seed from the Trezor One into a Trezor Model T or a Ledger Nano S and recover all of your cryptoassets.

[SwissCrab]

I guess I dont trust hardware - why not just create your own seed phrase and pass phrase without any hardware to rely upon? That could work as well in this scenario right?

   I am aware of creating your own BIP39 mnemonic phrase from a list of 2048 words.....the question then is to convert them to the keys to go with the chosen 12 or 24 words. I do not think that many users out there would opt to go with this if it becomes too technical.

   Also then when it comes to generating a passphrase for the hidden wallet.
 
   It should work but the question is again would the average Joe want to go thru this and be technical savvy enough to do it.

 
One could roll dice to determine the first 23 words or use something like Entropia Seed Tablets and use SeedSigner (or other hw) to calculate 24 word.

Talking about average Joe :

What will happen when average Joe (who is not tech savvy) creates password that looks complicated to him but in reality can be easily brute forced ?
I'm talking about the reputation of the company here... IMO It would be hard to explain to non tech savvy people why it's not Polymberbit fault.

[krogoth]

I guess I dont trust hardware - why not just create your own seed phrase and pass phrase without any hardware to rely upon? That could work as well in this scenario right?

   I am aware of creating your own BIP39 mnemonic phrase from a list of 2048 words.....the question then is to convert them to the keys to go with the chosen 12 or 24 words. I do not think that many users out there would opt to go with this if it becomes too technical.

   Also then when it comes to generating a passphrase for the hidden wallet.
  
   It should work but the question is again would the average Joe want to go thru this and be technical savvy enough to do it.

  
One could roll dice to determine the first 23 words or use something like Entropia Seed Tablets and use SeedSigner (or other hw) to calculate 24 word.

Talking about average Joe :

What will happen when average Joe (who is not tech savvy) creates password that looks complicated to him but in reality can be easily brute forced ?
I'm talking about the reputation of the company here... IMO It would be hard to explain to non tech savvy people why it's not Polymberbit fault.

  You don't have to be tech savvy to create the recommended
Password of 16 characters or more. Examples of what a password should look like will be given....example
658%-@_#'$;$8387363-&+DFhsjdie&-@#

   Try an crack that jack....I just punched it in randomly. Not a hard thing to do at all.

 According to this strength Password website
https://www.passwordmonster.com/

it will take
3 thousand trillion trillion trillion years

   Create a long passphrase, at least 16 characters long using letters, numbers and symbols. The longer the better.

    And this way it's a 100% better than trusting the maker with keys.

[SwissCrab]

I guess I dont trust hardware - why not just create your own seed phrase and pass phrase without any hardware to rely upon? That could work as well in this scenario right?

   I am aware of creating your own BIP39 mnemonic phrase from a list of 2048 words.....the question then is to convert them to the keys to go with the chosen 12 or 24 words. I do not think that many users out there would opt to go with this if it becomes too technical.

   Also then when it comes to generating a passphrase for the hidden wallet.
  
   It should work but the question is again would the average Joe want to go thru this and be technical savvy enough to do it.

  
One could roll dice to determine the first 23 words or use something like Entropia Seed Tablets and use SeedSigner (or other hw) to calculate 24 word.

Talking about average Joe :

What will happen when average Joe (who is not tech savvy) creates password that looks complicated to him but in reality can be easily brute forced ?
I'm talking about the reputation of the company here... IMO It would be hard to explain to non tech savvy people why it's not Polymberbit fault.

  You don't have to be tech savvy to create the recommended
Password of 16 characters or more. Examples of what a password should look like will be given....example
658%-@_#'$;$8387363-&+DFhsjdie&-@#

   Try an crack that jack....I just punched it in randomly. Not a hard thing to do at all.

 According to this strength Password website
https://www.passwordmonster.com/

it will take
3 thousand trillion trillion trillion years

   Create a long passphrase, at least 16 characters long using letters, numbers and symbols. The longer the better.

    And this way it's a 100% better than trusting the maker with keys.

That does not answer my question...

[krogoth]

I guess I dont trust hardware - why not just create your own seed phrase and pass phrase without any hardware to rely upon? That could work as well in this scenario right?

   I am aware of creating your own BIP39 mnemonic phrase from a list of 2048 words.....the question then is to convert them to the keys to go with the chosen 12 or 24 words. I do not think that many users out there would opt to go with this if it becomes too technical.

   Also then when it comes to generating a passphrase for the hidden wallet.
  
   It should work but the question is again would the average Joe want to go thru this and be technical savvy enough to do it.

  
One could roll dice to determine the first 23 words or use something like Entropia Seed Tablets and use SeedSigner (or other hw) to calculate 24 word.

Talking about average Joe :

What will happen when average Joe (who is not tech savvy) creates password that looks complicated to him but in reality can be easily brute forced ?
I'm talking about the reputation of the company here... IMO It would be hard to explain to non tech savvy people why it's not Polymberbit fault.

  You don't have to be tech savvy to create the recommended
Password of 16 characters or more. Examples of what a password should look like will be given....example
658%-@_#'$;$8387363-&+DFhsjdie&-@#

   Try an crack that jack....I just punched it in randomly. Not a hard thing to do at all.

 According to this strength Password website
https://www.passwordmonster.com/

it will take
3 thousand trillion trillion trillion years

   Create a long passphrase, at least 16 characters long using letters, numbers and symbols. The longer the better.

    And this way it's a 100% better than trusting the maker with keys.

That does not answer my question...

    Again I will repeat....there will be samples given as examples.

    At the end of the day it's up to the buyer to educate themselves a bit and do it right.

    And no it will not be Polymerbit or the coin makers fault if they make a password that is too weak.

    Just like its not a online companies fault when people use very weak passwords that can easily be guessed or brute forced.

[cygan]

i also find this idea very interesting and have already talked about it with polymerbit, how we could implement this in Icarus and when exactly.
it would also be very helpful to know if you can do this procedure with other hw-wallets like bitbox2, foundation passport and so on - because not all crypto collectors own a Trezor. but i think there should be no problems here either

i will meet with dan this week, then we can talk/discuss further about bip38 - looking forward to it

[minerjones]

I am confused by the wording in your graphic.
The top part states to get the "public address", yet the bottom part states to "public key" and that you should send this "public key" to Polymerbit.

Isn't this wrong? From what I have been told, the public key or xpub should never be given out to a 3rd party

[aoluain]

Sounds great. Glad to see some thought put into this from respected creators. Reminds me of the process Ballet uses to create their wallets on their cards. Requiring both key and validation phrase to use, with each created independently.

I would love to test this out, have plenty of Trezors laying around that could be reset or dedicated to this process for me.

Personally, I would put the pasphrase under a second hologram on the note so it is secure and not lost. Might be nice to include space on the note for this along with a second hologram. Becomes a new form of DIY.

Curious to see what comes of this. Great work.

Geo

Yes I like this and commend both Polymerbit and krogothmanhattan working through a
solution to a problem which has been looming and brought to light by Yogg.

i also find this idea very interesting and have already talked about it with polymerbit, how we could implement this in Icarus and when exactly.
it would also be very helpful to know if you can do this procedure with other hw-wallets like bitbox2, foundation passport and so on - because not all crypto collectors own a Trezor. but i think there should be no problems here either

i will meet with dan this week, then we can talk/discuss further about bip38 - looking forward to it

If this solution works along with other _{open source} HW wallets it will cement the
trust back into loading collectibles. It might also be fitting to have the Icarus project be the
first to impliment a >HW wallet customer DIY key generated collectible<

[MoparMiningLLC]

ok but then how could the collectible ever be sold? If I did one and I knew the Passphrase and the pk and seed are on the collectible in plain sight - does that not render the piece useless for selling?

Maybe that was addressed above but I dont think I saw that.

and would that slow down production? waiting for 200 customers to provide the information?

its like doing every collectible the same way the Ballet Pro series was done.