BIP idea for Trezor and more

[Coin-Keeper]

I know what I am describing here would be a BTC BIP protocol and not something Trezor could do on its own!

I have been reading about various BTC hacks that have happened.  Fortunately I am very careful and move slowly triple checking things before clicking Send and by confirming everything on my Trezor screens.  But I still have some concerns because Damn hackers are getting good and creative as can be.

I am not sure my idea can be implemented but math is math and I think it could be done. Bear with me while I describe my thoughts.  My BIP would be to create a needed BTC BIP protocol where a Trezor (or any other HD hardware wallet) has the address displayed to which you intend to send your coins.  My proposed BIP would be that the transaction is mathematically constructed in a way where the math contained would only compute accurately IF the transaction was sent to the EXACT and only the EXACT address displayed on the Hardware Wallet.  Such a BIP would invalidate ANY software/suite infections (accidental or intentional).  In other words there would MATHEMATICALLY be no exceptions and any middle man bullshit would be summarily invalidated.  Clearly the current use of a private key to permit the control of YOUR send from address would not change.  I know the miners would have to accept the transaction but wouldn't it be possible to REQUIRE this level of computational math before making it to the blockchain?

This has been a recurring thought in my head so I thought I would come here and lay it out there.  Don't worry about offending me, because I would love to hear your thoughts on this.

These hacks are really hurting the public's perception of Crypto.  I just want all of us to be safe if we are doing things correctly.  You will never be able to protect "stupid" but that is not what I am talking about here.

[She shining]

If I'm not mistaken you speaking about a protocol that would set an address as a constant destination when making transfers?
Well the protocol doesn't accommodate miners verifying intent but only care cryptographic intent (if the transaction is properly signed).

I see no issue using few minutes of your time to cross check your address and if you pushing for more security. You can try an airgapped signing or multisig ( quite time consuming if I may add).

And incase of a mistake, Bitcoin uses a base58check encoding to prevent accidental errors.

But I still have some concerns because Damn hackers are getting good and creative as can be.

no matter they can't hijack your Bitcoin after it has been sent. So the best currently to me is to always check and compare address before sending.

[satscraper]

My proposed BIP would be that the transaction is mathematically constructed in a way where the math contained would only compute accurately IF the transaction was sent to the EXACT and only the EXACT address displayed on the Hardware Wallet.

Can not get it. Malware seated inside machine may substitute for your destination address  its own one to sign it. Hardware wallet i^{n this case} will reveal you that substituted address ^{that is why it is strongly recommended to check twice what you sign by HW}. How  do you suggest to  cope with this  with mathematics?

[Pmalek]

Is this proposal limited to when you send coins to yourself and to addresses generated from the seed stored in the hardware wallet? I am asking because how would your hardware wallet know what is the correct address if you want to send BTC to me, for example?

These hacks are really hurting the public's perception of Crypto.  I just want all of us to be safe if we are doing things correctly.

I agree with the first statement, but at the same time if we want to stay safe, we have to take the time to doublecheck what we are doing. That includes verifying the destination address that we want to send coins to. Mistakes happen because people are lazy to check the transaction information. Even if you get infected with clipboard malware, you would notice it if you checked the destination address in your software and compared that to the source showing where you are supposed to send your coins to.

[Coin-Keeper]

So then I am trying to ascertain the consensus of the group here.  Are we saying that if a user is looking directly at their Trezor and confirms the BTC address is perfectly correct on the display, that the transaction can ONLY go to that displayed address?  When I read about many "high end" hacks it causes me to wonder if somehow the software could pull a switch address a nano-second after I confirm on my Trezors.  I am just trying to think out of the box here.  I have been using Trezors since early on with the T1 and several T's as well.  I triple check the display and have never had any issues at all.

[Pablo-wood]

So then I am trying to ascertain the consensus of the group here.  Are we saying that if a user is looking directly at their Trezor and confirms the BTC address is perfectly correct on the display, that the transaction can ONLY go to that displayed address?  When I read about many "high end" hacks it causes me to wonder if somehow the software could pull a switch address a nano-second after I confirm on my Trezors.  I am just trying to think out of the box here.  I have been using Trezors since early on with the T1 and several T's as well.  I triple check the display and have never had any issues at all.

Expect the Trezor was purchased from an untrusted source or the computer is compromised. Possibly there have been a random download from the web that could contain some malware but otherwise if I carefully crosscheck the address and everything is perfectly correct I should relax and wait for confirmation on the network.

Though on rare occasion do we have issues of bugs or outdated  firmware. So I might not consider this but it's still nice to always check the version and also check for updates to completely stay safe.

[satscraper]

if somehow the software could pull a switch address a nano-second after I confirm on my Trezors.  I am just trying to think out of the box here.  I have been using Trezors since early on with the T1 and several T's as well.  I triple check the display and have never had any issues at all.

Not possible to infiltrate the signed transaction and keep the signature valid  at the same time.

As soon as Trezor ^{or any other HW}will sign transaction with eligible destination address there is no way for any software client ^{no matter if the latter  is infiltrated or not} to switch that address ^{or any other details of this transaction}. If the client will manage to change ^somehow the destination address in transaction signed by Trezor ^{or any other HW} the relevant signature will be invalid. ^{This ensures the transaction can't be tampered with after signing.}

[Coin-Keeper]

if somehow the software could pull a switch address a nano-second after I confirm on my Trezors.  I am just trying to think out of the box here.  I have been using Trezors since early on with the T1 and several T's as well.  I triple check the display and have never had any issues at all.

Not possible to infiltrate the signed transaction and keep the signature valid  at the same time.

As soon as Trezor ^{or any other HW}will sign transaction with eligible destination address there is no way for any software client ^{no matter if the latter  is infiltrated or not} to switch that address ^{or any other details of this transaction}. If the client will manage to change ^somehow the destination address in transaction signed by Trezor ^{or any other HW} the relevant signature will be invalid. ^{This ensures the transaction can't be tampered with after signing.}

Satscraper,

This was a great and clear answer.  It is what Trezor users expect.  I/we have always suspected what you posted is spot on.  However; I would love to read a "paper/link" clearly showing why this is so.  I would love to dissect and see the transaction torn apart to better visualize how a swapped destination address (after a Trezor confirm) invalidates the entire transaction.  I am not losing sleep over this but I feel like with me being a Crypto person for over 10 years I should be able to nail this in my mind.  I cannot.  I believe it and I know Trezor (and others) were designed for this to be true.  I would love to spend the time to rip this apart and learn something beyond basic here.  Just saying!!

[satscraper]

if somehow the software could pull a switch address a nano-second after I confirm on my Trezors.  I am just trying to think out of the box here.  I have been using Trezors since early on with the T1 and several T's as well.  I triple check the display and have never had any issues at all.

Not possible to infiltrate the signed transaction and keep the signature valid  at the same time.

As soon as Trezor ^{or any other HW}will sign transaction with eligible destination address there is no way for any software client ^{no matter if the latter  is infiltrated or not} to switch that address ^{or any other details of this transaction}. If the client will manage to change ^somehow the destination address in transaction signed by Trezor ^{or any other HW} the relevant signature will be invalid. ^{This ensures the transaction can't be tampered with after signing.}

Satscraper,

This was a great and clear answer.  It is what Trezor users expect.  I/we have always suspected what you posted is spot on.  However; I would love to read a "paper/link" clearly showing why this is so.  I would love to dissect and see the transaction torn apart to better visualize how a swapped destination address (after a Trezor confirm) invalidates the entire transaction.  I am not losing sleep over this but I feel like with me being a Crypto person for over 10 years I should be able to nail this in my mind.  I cannot.  I believe it and I know Trezor (and others) were designed for this to be true.  I would love to spend the time to rip this apart and learn something beyond basic here.  Just saying!!

In general, signing data means the application of cryptographic hash function which ^{is a "one-way-trapdoor" function} to them and subsequent encryption of resulted hash with the signer's private key . Should even one bit of these data changed some how the relevant hash would be changed which in turn would result in the signature alteration .

 The signature itself may be verified with the public key belonging to the given private-public key pair.

If you love to read papers try this "A Method for Obtaining Digital Signatures and Public-Key Cryptosystems".
 
Also you can find a little less technical explanation inside this readings.

Detailed explanation as applied to bitcoin can be found here and here

[Coin-Keeper]

satscraper,

Thank you for the links.  Don't have time today, but maybe this weekend.  I really do want to jump in and get a handle on understanding this.  I think I better bring my thinking hat with me!!

[NotATether]

It sounds like a good idea, but not for a BIP. BIPs are only for Bitcoin Core, or in rare cases for software applications in general. But what you are trying to do is standardize hardware behavior.

Hardware is much more difficult to verify and tinker with than software, fora few reasons.

1. You can't get a lot of it as easily as a lot of software (since it costs money)
2. Often, the designs and the components are not open-source, come with no instructions or manual, or in some cases cannot even opened by the user.

Before this can take sails, what needs to be done is to standardize hardware wallet SoCs. Until then, this is better as a SLIP in my opinion.