Bitcoin Threat Model - State Actors and HW Security - Chip Supply Chain Attacks

[BobbysTransactions]

And those hardware wallets will use various multi-purpose chips and we are back to zero.

No, because if the chips can only perform basic functions then they are much harder to back door, especially if you can swap them out with other basic-purpose chips.

If we start believing everything is a threat, we shouldn't use computers, phones, smart devices, and 99% of other gadgets equipped with chips that can do anything.  

Again you have missed the point I'm trying to make. The things you listed are already within the control of governments and state actors. These items are not a "threat" because the are part of a system that they have command over. The whole point about Bitcoin is that it is supposed to be immune from attacks by state actors.  What you are tacitly admitting is that Bitcoin, as a system, is not independent and immune from manipulation from state actors via the hardware. That's fine by me if this is readily admitted, but it seems to be we are being told that this is a system that is truly independent.

And then don't forget if you are talking government money how hard is is really to just create a device that looks like your hardware wallet and take yours and replace it with theirs. All theirs is, is a transmitter that when you turn it on it sends the pin you type to them. And since they already have your wallet it does not matter.

True, but this type of attack will not scale well.

Out of all the things to be worried about with crypto this is still on the bottom of the list.

Out of interest, what are these other things?  Is there no value to implementing hardware that is better immune from supply chain attacks?

[Pmalek]

The whole point about Bitcoin is that it is supposed to be immune from attacks by state actors.

It is but only on a software level. Making it independent hardware-wise is impossible. Like I said, you will need a chain of companies that will build the hardware components from scratch and experts capable of verifying that they are doing it properly. I don't see that ever happening, not just in Bitcoin and Crypto, but any industry. 

What you are tacitly admitting is that Bitcoin, as a system, is not independent and immune from manipulation from state actors via the hardware.

It isn't because the hardware is built by others and not the manufacturers of bitcoin and crypto devices like those selling hardware wallets. We can never have a 100% bulletproof system where state actors can't interfere. Even if you did, there would be other ways to attack bitcoin. For example, through the mining industry. Countries A, B, C, etc. could come together and declare bitcoin mining illegal and start confiscating mining gear asap. It doesn't matter how realistic or unrealistic such a scenario is. What matters is that it's possible.   

[BobbysTransactions]

Making it independent hardware-wise is impossible. Like I said, you will need a chain of companies that will build the hardware components from scratch and experts capable of verifying that they are doing it properly. I don't see that ever happening, not just in Bitcoin and Crypto, but any industry. 

I'm not sure I share your pessimism 

Let's not make perfection the enemy of the good. There are ways that hardware can be open-sourced to an extent that would make it much harder to insert a backdoor e.g. the use of FPGAs. Stateless and airgapping and also multisig approaches.

My concern is the seemingly increasing centralisation of the HW industry. I think it's worth keeping an eye on.

[Pmalek]

Let's not make perfection the enemy of the good. There are ways that hardware can be open-sourced to an extent that would make it much harder to insert a backdoor e.g. the use of FPGAs. Stateless and airgapping and also multisig approaches.

Still, you wouldn't get rid of all potential attack vectors. If hardware wallet manufacturers created their own chips, yes, you would get rid of the threat of someone in China or Taiwan inserting backdoors into it. But those backdoors can now be inserted by the people working on the production line, employed by those hardware wallet manufacturers. You are just transferring the risk from A to B.

Most people don't like overcomplicated systems. They want to spend as little time as needed on configuring and setting something up and get straight to using it for the purpose they bought it. DIY is a niche market. It's not big or attractive enough for you to see hundreds and thousands of companies offering such products. Imagine if the only way you could drive a car or live in a house was if you built them yourself? People would look for other alternatives.

FPGAs allow you to program the chip yourself. 9/10 people don't want to bother with that. They might not have the skills and would rather use their free time on other activities. Ask yourself this, how much of the things you see in your home have you created/built yourself? Maybe you are an exception to the rule, it's possible. Then, ask your neighbors how much of what they use in their daily lives were built with their own hands.