Doomsday Explorer - protect TRNGs from hackers

[dk14]

Presentation:

https://github.com/dk14/crypto/blob/main/chats/btc-audit/PRESENTATION_PDF.pdf


Technical discussion (and code):

https://bitcointalk.org/index.php?topic=5582621

----

AI suggests critically dangerous non-invasive TRNG exploits to anyone (who wants to "simulate" TRNG), and writes code for it.
Quite sure, it is already used in scanners, hackers just did not chat enough with AI yet.

(TRNGs are True-Random Number Generators - that are used to create seed phrase, aka mnemonic)  to users.
So even paper wallets are at stake.

I proposed to build a cluster outrunning the hackers, reporting risk to wallet users, allowing them to migrate ahead.
And Explorer showing users estimated and evaluated risks.

-----
I've built a tool which runs loose replica of Ledger Wallet, without dangerous details - since cluster has to be built first.
Designed architecture for cluster, and features.
Designed flexible funding with profit sharing, since project is long-term.

-----

Feel free to support the tool - there is flexible funding.
"white-hat" usage of the tool will be rewarded (by wallet users); there is also a profit-sharing feature for donors.
"black-hat" for better TRNG replicas, will be prevented by the cluster in development.

-----

Feel free to comment here if you're interested in:

- supporting the project
- running tool in cluster (reports publicly to IPFS)

[Vod]

Suggestion:  Sign a message from the wallet holding the funding.   People don't like to do technical work for free.   Also, I believe your tool will quickly become obsolete if you are dealing with professional hackers using AI. 

[dk14]

Valid suggestion - will do that on github. And thanks for quick reply.

On the second note - I don't think you understand the technical part and value of the tool.
I have to write a wall of text.

TLDR - we compete with kids, coz OpenAI wanted SciFi, so kids now have better instruments more suited to them than professionals (see screenshot with AI in my README on git), AI explains them how to use it. But does not explain consequences at all.

It's a matter of time they'll chat enough to shut down the whole Bitcoin and crypto.
(I know how it sounds, but there are multitude of historical precedents, that can be correlated with change in educational policy)

Wall of text (apologies for mistakes):
----

This is non-invasive TRNG scanners we're talking about (zero access required, absolutely).

If hackers execute this attack successfully. Bitcoin is gone completely, and all crypto.
(that is why it is hard, but possible, to find any papers on this type of attack - they constantly hidden and removed, but AI finds them and indexes them)

It's "guessing every random number in the world" attack (or on any Ledger for a starter), since devices are low-entropy. There is no remedy for devices.

Thermal noise, as low-power, low-res ADC samples is reproducible trivially, deterministically (noise generator on your phone does) and quite enumerable (12-bit 48kHz ADC - spectra is not dense). That's ADC on Ledger. Even good ADC's (expensive ones) are not that precise for security.
officially, we say - we whiten, but kids are not that naive nowadays - they know you can replay.

Good engineer knows that and keeps quiet (for everyone's best), until he discovers that AI teaches anyone after a little role play.

Undocumented parts of Ledger (or any other secure device) architecture, especially factory parts harder to reproduce (by guessing). They obscured.

But AI navigates not just Ledger documentation, but NIST and regulations, and even reasons a little (by chance) - so it can guess it all, if you chat enough.
"regulations necessitate small chip on a factory" GPT-OSS
So we're not talking about "professional hackers" anymore.

We're talking about KIDS - engineering students, who same as me, questioned that thermal noise is random

(it isn't, it only appears so to the eye, see my github and technical conversation here; that definition of randomness is soviet misconception that NIST went along with).

Kids! Especially in places full of engineering (mining cities etc), where they also angry and motivated.

They also more efficient than "professional hackers" since the latter are essentially on government payroll: the "professional ones" read officially published exploits, they're not inventive.

I was a professional engineer for 10 years (big sector, even "big crypto" like ADA), FP educator, "good code style" - did not invent anything, overconfident in my ability.
Cardano let me publish useless paper about big standardization of financial contracts on their big serious blockchain. I worked with solvers and provers even (useless stuff, coverage test better).

I went off the grid, took risks - that's where novelty started. Now I'm better engineer, a bit more crazed though. But so are the kids!
So, imagine what bunch of younger people can do - when AI gives them instrument they can use, but cannot understand the consequences.

We already seen hacks exploiting software by replay timer (https://thecyberexpress.com/bitcoin-keys-exposed-via-libbitcoin-explorer/), imagine AI giving power to exploit hardware logic stupidly, replay noise.

Undocumented DUN is likely last defense Ledger has, but it is only psychological. Good randomness is more expensive than $100.

So if my tool becomes obsolete - so is the "human world", since everything is on TRNGs - just architectures differ.
(large enough cluster can outrun military)

-----

So, if the "white-hat cluster" does not outrun "kids" - we won't be able to-regenerate new seeds and migrate funds in time.
We're on the run already - gotta admit it .

Besides, speaking of psychology, kids don't need that much money - so offering reward for reporting generated seeds to warn that wallet is at risk (easy to verify proof) - could be a better deal.
Since it's clean BTC, easy to explain to friends when they grow up.

I would not panic-sell BTC (conventional money vulnerable too - and I'll never convince government/banks to build an explorer for their TRNGs), but the issue is critical and reasonably urgent.
There is time - but hard to predict how much.
Especially accounting for current world's situation (Mr. Robot tendencies, to me a fiction, but not to kids).

P.S. It is not only kids, obviously, in this info disorder no one knows what situation they might end up in.
Many freelancers wait for AI-fag to pass for instance, so they could start fixing bugs, or rewriting software from scratch .
Some might choose to not do a moral thing.

I figured that saving blockchain is more stable profit (I convinced a 22yo spoiled kid that I'm messiah once).
So moral suites me in this particular situation - not anyone does figure.

If I was 14 - I would be running a tool, send everyone back to "hunt and gather until starve", lol.

[dkbit98]

Is this going to be applied to all hardware wallets or only for ledger devices?
Some hardware wallets are using multiple sources for creating entropy, and it's questionable if something can really generate TRNG if chips generating this are closed source.

[Vod]

Valid suggestion - will do that on github. And thanks for quick reply.

I love it when people can back up what they claim.  Instantly you are above most others.

[dk14]

Is this going to be applied to all hardware wallets or only for ledger devices?
Some hardware wallets are using multiple sources for creating entropy, and it's questionable if something can really generate TRNG if chips generating this are closed source.

Ledger is just a start - coz it's most popular. The principle extends beyond bitcoin (or cryptocurrency) even - it works on military, government IDs etc. Bitcoin is easiest to defend, because user can migrate funds easily if warned by the network. This attack can shut down governments and military and conventional money - all depend on quality of entropy, even historically, before silicon computers ("secret rituals"). Even physical money printing (casas de monedas) requires entropy to authorize - it is not like in that Korean show at all - no need to physically invade a place. Wars, nukes, human decisions even, depend on quality of entropy. Nature depends on it - low-entropy prey is more likely to get eaten (nature has high quality entropy though) or suffer (human case).

I wrote a long write-up in README about it - might sound crazy (rather shocking in reality), but it is literally how much modern privacy/security worth - it is based on pseudo-science!

Bitcoin's PoW was huge progress towards physiocracy, but Satoshi (Microsoft?) overlooked historical flaws of cryptography - soviet para-normal pseudo-sciences ("white noise" magic) creeping into NIST since space race fiasco. Those people were just scared by noise subjectively, so they imagined it is as secure. Then some other people decided to scale it, impulsively. Many warned them that noise can be simply replayed and ADCs (converters) are bound to be low-resolution for low-energy investment, but it simply got forgotten as usual - until better times that never come.

Actual (physical-energy) TRNGs we aiming at here would make YOU a new Trent Reznor (NIN) or David Lynch, no need for idols anymore .

-------

Ledger is not closed-source - it is publicly audited. AI even found me firmware code. Now, Ledger maybe hiding it from AI - but too late. That's the key danger - AI caches everything and makes it too available. Don't have to lurk on github even.

Worst of all, AI hallucinations have good chance of guessing the right or close-enough curcuit/code right after several attempts. AI outruns humans in imagination (fiction writing). It cannot guess reality (only original observer, human, can), but can guess what engineers bound by regulations and low-cost restrictions would design.

On more fundamental level (when we speak of something more complex than Ledger), there is exhaustive search for a circuit (or even for an algorithm). Given limited energy and hardware budget of such circuit - search becomes quite feasible. Plus don't have to search for every possible circuit - can combine greediness and heuristics ("there should be SHA256 or ChaCha or fastexp or PRNG somewhere" and then maybe few XORs and few recursive repetitions - that limits search space drastically).

Reminder: PRNGs and secure hashes (entropy expansions) have to be compliant with certain properties, so not every circuit fits. Even worse - uniformity of bits on the output of let's say SHA256 is not actually proven inductively - it is just claimed. Which means that vendors cannot simply invent new curcuit/algorithm - they have to use what they "heard" about (what NIST standardized), that's a super-drastic limitation: regulations are public. Now, even naive AI (like GPT5, GPT-OSS) navigates them easily - it is a disaster simply.

"Security through obscurity" is based on fiction (beliefs, not science), and "AI" as detached from reality as it is, still outruns human limited imagination - it can easily guess what humans imagined before. Even Claud Shannon's ngrams and transform grammars (high 30s 40s 50s) could do it well in the past (they work deterministically and better than neural networks - even GPT-OSS admits), but nowadays - all data is consolidated and actively extracted and public.

Human imagination entropy converted to curcuit (or firmware code) design entropy = low entropy.


-------

Multiple sources of entropy are not an issue - Ledger itself uses two sources of entropy: avalanche noise to generate DUN/DUK per device (on first power-on) to seed the entropy pool and diode jitter (derived from thermal noise) to generate wallet seeds from the pool. Both noises are different modes of white-noise.

It is still forward replay, regardless of architecture: you model sources of (low) entropy - then replay whole pipe (circuit) of xors, SHA256, ChaCha, PRNGs etc.

All happens deterministically and on software level in a tool - so no need to go and sample anything inside hardware/enclaves. Non-invasive approach. All security enclaves are hiding are imaginary things - there is no magic under enclave. Hardware components are well-known and deviations between devices are either negligible or trivially enumerable.

(Tech note: mix-in of sources gives Cartesian product, but low*low=low; plus avalanche runs for limited time once; you still bound by energy spent on creating and sampling all the noise together, which is low)

IO events (let's say ones Apple Secure Enclave mixes in) are low entropy too: it is re-coded thermal/white noise as well. low-frequency band. Less secure than diode/resistor.

Human-generated entropy from gyro - re-coded thermal/white noise. Less secure than IO even (since IO timing affected by electricity spikes at least, humans are among most low-entropy species on this planet)

Human paswords/passphrases (25th word in BIP-39 or whatever). Low entropy - comes from birth-dates, names, government IDs, repetitive memes, predictable special symbols and trivial alterations. Took me less than 1 hour to brute-force my old password on Trezor - and this is discriminate attack (on myself), non-discriminate would be faster per person.

There are more details in README on my github. There is first approximation code (for Ledger) too, and Explorer Network Protocol v0 designed, and profit sharing code draft. I'll integrate it all when get funds.

The most challenging part here - is to replicate pipelines accurately, and greedily enumerate deviations of spectra from perfect white/thermal noise (space of deviations is bound to be small for low-energy devices). That's it.

I'm going into too much details, lol - AI already picks up this topic, lol.

Catch 22: I have no choice but to explain the project, but explanations make it more urgent to develop the defense tool, since "kids" are reading bitcoin-talk, lol.

Worst of all - if I develop perfect deterministic replica (since not a kid), I would be able to outrun even a cluster, only the fact that "hacking everything" will cause chaos backfiring on myself, common sense, would be last defense. Cannot even develop too perfect (have to develop one that fits a cluste and current hardware/networking capabilies) - it is a matter of balance to profit.

Time is ticking nevertheless - the same way it takes time to me to explain how dangerous situation is for your wallets, it takes time for hackers to figure out best replication approach. You'll get the issue eventually, but so will they.

Note: I'm traveling, so replies might be delayed. Feel free to send something to the fund in the meantime . If I run out of my own funds - it will be LOL-apocallyptic.

-------

P.S. I added signed message to README. Repeating it here.

Message: "Doomsday Explorer Project for Bitcoin: https://github.com/dk14/crypto/tree/main/chats/btc-audit"

Address: bc1qekvmkczge3hxrvwdf2lj3yyvgjnparn3fdf9lg

Signature: IHdq/tIQtQeimfF92NOyOOdz2/iq2YR6qjD8vLgHWK3GGGETKX76L0e4Tvgtb1fOHrbLiW87QYIuOdCKYbSvmpA=

Tracking: https://www.blockchain.com/explorer/addresses/btc/bc1qekvmkczge3hxrvwdf2lj3yyvgjnparn3fdf9lg

(see README about cautions of signing low-entropy messages - SHA256 does not help as much as u might think)

(I used Electrum to sign and verify)

--------

Salesman speech: If you invest even small amount now, you'll save a lot on paying to explorer network (PoW-like cluster running the tool and its alternatives) in the future, explorer network will be cheaper.

The earlier the cluster is built and replicas made - the better, you profit more from higher security of your existing funds (lower risk of getting hacked).

This is HUUGE initiative, especially for Bitcoin, so grants are appropriate too.

This project puts Bitcoin on top of financial system - Btc would be ready to defend against kids (of all ages) waay before governments, military, altcoins.