This post is purely technical.
About TRNGs in hardware wallets.
Non-invasive attack that models them well as software (including noise/jitter sources).
It is for those who already know about this type of attack and accept its existence.
Criticism of existence / feasibility is not accepted here (I know majority convinced thermal noise is magical).
There is another post for that (technical discussion, with explanations):
https://bitcointalk.org/index.php?topic=5582621And there is a project proposed as a solution (and in development):
https://bitcointalk.org/index.php?topic=5583352(maybe others, but topic was not very open, until now)
We're not discussing that particular project, unless relevant.
It just proposes a cluster of replicas to outrun attacker's replicas.
Criticism of simple model ("white noise") is not very relevant: envelopes, characteristics, resistor defects are not that unique. most are filtered by ADC.
It is an academic superstition.
The post is meant to discuss mediation and pre-mediation.
Alternative solutions.My position is physiocracy: "No mediation possible. We have to spend physical energy to issue warnings for wallets to migrate from seeds about to be discovered by scanners",
Also: "True randomness requires physical energy"
I also reject quantum randomness, ideally I would prefer to not discuss it here, since you either know Digital Signal Processing or not.
Rejecting randomness as "cannot tell from noise" goes without saying.
Superpose few sines - it looks like noise, but not random at all, reproducible predictable.
Other than effectively pseudo-sciences, I'd like to cover all bases left.
--------
Science:
I like the idea of defensive cluster, not just because its mine (probably not original, idk), but also because it's holy-grail of true randomness.
logically, "true random" is the number not known in locality or network.
Cluster (or clusters) would be generating exactly that, just the moment before the number is published as a warning.
It would be like PoW-cluster, but without specific required algorithm to follow (different freely guessed replicas of possible TRNGs).
It is also energy symmetry. Defender spends as much physical energy as attacker would.
--------
Relevance.
There probably were some old topics here, related. My memory is in "groundhog day" for now, so not sure.
This one is (re-)started in light of AI giving away this info "for educational purposes", easily - you just say "I want to model Ledger Wallet Hardware"
(and, in my case, question that noise low-power ADC samples is hard to model as software)
It gives it away in the context of Ledger Wallet (and others) specifically. It starts looking for info on laws and regulations to model you "Ledger Factory" even.
Starts making guesses about how to model Ledger factory.
It hallucinates many things, and overlooks, but inquisitive chatter (a kid) with minimal engineering experience can convince it to write full software.
I agree (with "AI", or whoever wrote it on the internet) that for economical and security reasons, Ledger's factory (generating DUN) cannot have high-energy device.
Running extensive PRNG computation long-term (physiocratic measure) would require not just energy but physical security.
Device is cheap: $100. Too expensive for a budget to allocate. Worst case: cluster/GPU can redo their PRNG work.
So only obscurity defenses left, which AI helps to unwind.
It is a major shift in education, and it is extremely dangerous, since AI has "flawed naive morals" of the authors.
It does not "know" the consequences, but "knows" a lot of technical info. Involves in conversations.
Now, AI models are replicated even offline - and many contain critical info, and politely teach it to "kids".
So AI censorhip is not a solution anymore. Can partially prevent spread, but won't mediate the damage already done.
Attack does not require more computationally powerful hardware than Ledger's factory, so police is in no help here, they never were.
"social agreement" (semi-trusted) will only work until scarcity of natural resources becomes apparent, so useless. Worst of all it is regional, one region diverging is enough.
My opinion is that access to information is not an issue. I don't see the issue with me uncovering "taboo" - at least none would be under "I'm the only genius" impression.
Lots of u checked it, lots were writing tools (what would u do with it? more chaos? let's go hunt until starve? already here; we need actual individualism, not naive one).
but kids are faster than u. there are already AI models tolerating impulsiveness etc.
We should not have had "fake TRNG" problem in the first place.They were only backed up by obscurity, fear, censorship and regulators.
Now, it will progress faster than expected by nearly anyone.
