Attack on wallet: Replay noise / Remodel hardware wallet and factory as software

[dk14]

This post is purely technical.

About TRNGs in hardware wallets.
Non-invasive attack that models them well as software (including noise/jitter sources).
It is for those who already know about this type of attack and accept its existence.

Criticism of existence / feasibility is not accepted here (I know majority convinced thermal noise is magical).
There is another post for that (technical discussion, with explanations): https://bitcointalk.org/index.php?topic=5582621

And there is a project proposed as a solution (and in development): https://bitcointalk.org/index.php?topic=5583352
(maybe others, but topic was not very open, until now)

We're not discussing that particular project, unless relevant.
It just proposes a cluster of replicas to outrun attacker's replicas.

Criticism of simple model ("white noise") is not very relevant: envelopes, characteristics, resistor defects are not that unique. most are filtered by ADC.
It is an academic superstition.


The post is meant to discuss mediation and pre-mediation.
Alternative solutions.

My position is physiocracy: "No mediation possible. We have to spend physical energy to issue warnings for wallets to migrate from seeds about to be discovered by scanners",
Also: "True randomness requires physical energy"

I also reject quantum randomness, ideally I would prefer to not discuss it here, since you either know Digital Signal Processing or not.
Rejecting randomness as "cannot tell from noise" goes without saying.
Superpose few sines - it looks like noise, but not random at all, reproducible predictable.

Other than effectively pseudo-sciences, I'd like to cover all bases left.

--------
Science:

I like the idea of defensive cluster, not just because its mine (probably not original, idk), but also because it's holy-grail of true randomness.
logically, "true random" is the number not known in locality or network.
Cluster (or clusters) would be generating exactly that, just the moment before the number is published as a warning.

It would be like PoW-cluster, but without specific required algorithm to follow (different freely guessed replicas of possible TRNGs).

It is also energy symmetry. Defender spends as much physical energy as attacker would.
--------
Relevance.

There probably were some old topics here, related. My memory is in "groundhog day" for now, so not sure.

This one is (re-)started in light of AI giving away this info "for educational purposes", easily - you just say "I want to model Ledger Wallet Hardware"
(and, in my case, question that noise low-power ADC samples is hard to model as software)

It gives it away in the context of Ledger Wallet (and others) specifically. It starts looking for info on laws and regulations to model you "Ledger Factory" even.
Starts making guesses about how to model Ledger factory.

It hallucinates many things, and overlooks, but inquisitive chatter (a kid) with minimal engineering experience can convince it to write full software.

I agree (with "AI", or whoever wrote it on the internet) that for economical and security reasons, Ledger's factory (generating DUN) cannot have high-energy device.
Running extensive PRNG computation long-term (physiocratic measure) would require not just energy but physical security.
Device is cheap: $100. Too expensive for a budget to allocate. Worst case: cluster/GPU can redo their PRNG work.

So only obscurity defenses left, which AI helps to unwind.
It is a major shift in education, and it is extremely dangerous, since AI has "flawed naive morals" of the authors.
It does not "know" the consequences, but "knows" a lot of technical info. Involves in conversations.

Now, AI models are replicated even offline - and many contain critical info, and politely teach it to "kids".
So AI censorhip is not a solution anymore. Can partially prevent spread, but won't mediate the damage already done.
Attack does not require more computationally powerful hardware than Ledger's factory, so police is in no help here, they never were.
"social agreement" (semi-trusted) will only work until scarcity of natural resources becomes apparent, so useless. Worst of all it is regional, one region diverging is enough.

My opinion is that access to information is not an issue.
I don't see the issue with me uncovering "taboo" - at least none would be under "I'm the only genius" impression.
Lots of u checked it, lots were writing tools (what would u do with it? more chaos? let's go hunt until starve? already here; we need actual individualism, not naive one).
but kids are faster than u. there are already AI models tolerating impulsiveness etc.

We should not have had "fake TRNG" problem in the first place.
They were only backed up by obscurity, fear, censorship and regulators.
Now, it will progress faster than expected by nearly anyone.

[satscraper]

probably not original, idk),

Yeah, your “defensive cluster” idea ^{hope I got it right} is conceptually aligned with already functioning project, namely NIST Randomness Beacon.

Wallets could ^{in theory} consume entropy from there, mix it with local entropy, and shazam! But they don’t do it.

We could spend a lot of time discussing the pros and cons of such  approach and why existing wallets prefer to rely on their own techniques to achieve the highest degree of randomness, but I think that would be counterproductive. I just want to point out here one problem with this approach applied to airgapped HW. The latter must  remain air‑gapped even when generating their randomness. My Passport Core works this way. Consuming entropy from an external source to mix with its internal avalanche‑based randomness would undermine its air‑gapped design and cast doubt in its security. Consuming entropy at the firmware level could not be a workaround, since this wallet is open source.

[dk14]

The issue is completely different from what NIST trying to address there, but the protocol is quite aligned in spirit.

The actual issue is that your actual private key generated can be guessed. Not with high probability even, but guaranteed deterministically.


It is actually very low-entropy - every wallet, everything that NIST standardized.

I created a front page for project, highlighting the issue as outlined by AI (in screenshot):

https://dk14.github.io/crypto/

Quote: "The Ledger’s TRNG is limited to a tiny discrete parameter space (few‑dozen oscillator frequency steps, a handful of amplitude/phase levels, and a low‑resolution 12‑bit ADC). Because the ADC cannot resolve many of the underlying sinusoids, the effective number of distinct noise‑states is far below 2⁶⁰—it is on the order of 10⁴–10⁵ possible spectra. Consequently, an attacker can enumerate all those possibilities (offline) and run the exact Ledger whitening + SHA‑256 algorithm to check which candidate yields the observed 24‑word mnemonic, without any invasive hardware probing. This shows that the device’s entropy budget is limited by its low‑power design, not by a cryptographically large secret."

I only use AI (for now) to demonstrate how easy is to get that info for a kid for scanner tool.

This issue obviously spreads to EVERYTHING that NIST standardized since gosh knows what times. Inclusing banking security, government IDs, military.

You superpose sines and cosines (and enumerate minor deviations with proper greedy approach) - you get identical to what ADC samples as entropy. Deviations are enumerated in small space - deterministic exhaustive enumeration.

Low energy device cannot physically produce high entropy.

The rest (SHA256, entropy pool etc) is just a conventional replay of what firmware does with ADC's output.

Basically, one can digitally and deterministically replicate the whole process of creating a seed-phrase for your wallet.

Enumerating small physical deviations due to timing and temperature (low-energy does not allow for secure large space) allows to enumerate every Ledger (or equivalent, eg secure enclave) device.

You can just swipe all keys this way. "Reliably guess every random number so far generated under NIST regulations" this way.

-----

The core issue is in NIST relying on "soviet mysticism", Kolmogorov's "so-called" randomness claimed to be "indistinguishable from noise", where noise is assumed to be high entropy subjectively (looks random to the eye/ear).

While actual numbers, objective observations and sound reasoning prove the contrary - it is NOT high entropy at all. And all entropy expansions (PRNGs, SHA, Chacha, Von‑Neumann extractor, XOR-fold), the excuses NIST made, are simply ritualistic. If you model low-entropy source right - the rest is just deterministic function you apply on top and get someone's private key guessed. Low-entropy -> small search space, entropy "expansions" are just distraction (a bubble easy to burst).

It only worked as "security through obscurity", a story for "children" for over past 50 years, it was based on majority of engineers and regulators simply believing in it. WITH NO PROOF. with proofs to the contrary. Consensus does not imply reality or truth ("millions of flies cannot be wrong").

(I know it's unbelievable - but, in practice, people act more idiotic than you imagine and remember - most just assume something that "respectable person or government agency" says in a sleepy low or threatening voice as true; in reality - it is NOT, in most cases. While random person, me, despite good track of projects and some publications, writing walls of text - appears to be not credible or confusing. Trust what AI says then, idk)

Now, AI easily points out the flaws in that logic and approach - TO ANYONE. And writes code. So pandora box is open.

And since AI suggests this bitcointalk page quite often to anyone looking for hardware wallet internals - I opened it wider!

So if I don't build a defense system that notifies you about already guessed keys in the cluster ASAP,

so you could estimate security of your own wallet from already enumerated keys then your own FUNDS will be gone eventually and permanently, no matter what wallet (Ledger, Trezor etc) you use.

Judging from how long it takes from publication to attack - the optimistic timeline is up to 6 months. And this if no-one secretely already got the idea from AI. If they just got it from here.

Again, the white-hat system I propose is basically a scanner of keys, that reports scanned keys publicly, so you could migrate to new key in time.

It does NOT give you some mix-in entropy, like you assumed, IT IS NOT AT ALL WHAT I MEAN.

The only true entropy source - is in competition for entropy with physical energy, kinda way PoW works. (since logically secret key must be private and unknown, and not easily computable from anything known)

My (eventually yours - if u invest) system WILL GIVE you DANGEROUSLY close (to yours) keys, so you could "RUN AWAY" in time. AN EARLY WARNING SYSTEM.

As long as it outruns hackers and you keep an eye and migrate timely - YOUR FUNDS WILL BE SAFE.

------

Do u guys get how critical issue is? I'm jokingly giving you 14yo examples, but issue is NOT a joke. Have you checked my github?? how you read between lines???

My impression is that you don't get how close even my published replica (mostly AI-code) is to shutting down literally everything, and I left out few things (ring oscillators model, temperature variations etc) on purpose.


-----

The rant. The rant is relevant because state of sciences is a disaster, and it is rooted in economics:

What am I supposed to do? Tell you how I predicted wars and pandemics from desertification rates (from soil!!) simply, rather than reading news propaganda - you won't believe me, you sure that natural resources are infinite. Tell you how I lived almost purely on Btc-profits from 2012 ($100 I invested) from past 10 years - I'm 38 but I outlived billionaires in quality of living 10 times, thanks to BTC and being away from commies and their friends, staying on my own (until Asia got ruined by them). I have no proofs, because all that stuff is easy to do when you keep away from public, so I only published what I was paid for during BTC's bad streaks (finance papers I published, eg for Cardano or Wolfram) as anyone else does.

I'm Scala/Haskell engineer, btw. This is soo respectable, except that type-safety is based on pseudo-science too (thanks to another "genius" Voevodskyy uni-valence, and thanks to Dutch-invented constructive proofs that have NO basis in reality; even Halting problem as stated by Turing and Church have NO basis in reality; BUT REAL FUNDS AND NATURAL RESOURCES ARE WASTED ON THEM), so I left that area. Recently GPT-OSS made me a little happy by being able to confirm the obvious, although polite-correctly (after long conversations) and after me pointing out how its counter-examples don't hold. And then it disappointed me by telling me how "great" "semi-trusted security" is.

I was lucky that I got biased and picked Ukrainian side exclusively (unlike most Ukrainians who chose Zelenskyy side lol) - coz it opened my eyes on how stupid soviets were. With life I had - I would not care to join any sides; honestly, the whole thing started as a joke (until I realized how commie USA is, which started as a joke too - see some other posts).

But this saved my mind - even if space-race (which wiped out natural resources in Kazakstan and enslaved Kazakh to this day) was somehow successful - food is poisonous on other planets, human took a million of years to adapt to it on Earth. Space colonization (of inhabited and uninhabited planets) - is suicidal idea, you'll die there and kill farmers here. Whole human history in a nutshell - premature desire to go to space unnaturally.

(u get that NONE of this is my personal opinion anymore??? - it should be obvious to every HIGH-SCHOOL educated human; it took hundreds of thousands of years of natural evolution to adapt food for human and adapt species; and additionally 10000 years of human genetic engineering to make it more or less comfortable to consume that food in McDonalds)

Back to the topic: bias against commies - made me re-check every science that they participated in, that's what I spent my leftovers of BTC profits on. And then re-check European sciences (that inspired commies) too.

So should I tell you how I modeled quantum entanglement successfully on computer without communication (despite claims to contrary - by modeling how it is actually measured, rather than pseudo-mathematics). I have proof https://dk14.github.io/q/ dated over 5y ago (with bad explanations), but I'll need to give you pages of chats with AI to understand how UNBELIEVABLY trivial issue was: every experiment implicitly has coincidence detector (ot its physical equivalent), it is loophole that cannot be possibly ever closed!

I did not even care to publish or go to conference because I knew how corrupted academia is. They either throw mental gymnastics at you OR just agree but not act on it. Family people there.

P.S. I understand that in times when John Carmack is trying to convince Elon (a complete moron) to prepare to go to Mars by training people on Earth AND when I cannot tell if an author of my favorite game is sarcastic or not (no food on Mars lol), degeneration of science does not appear as big deal. Everyone okay with apocalypse.

But do you truly understand what it implies??? apocalypse?? How strongly you bounded to this planet PHYSICALLY and CHEMICALLY in reality - what starts (according to science) after the end? Can you really tell science (what works reproducibly) from fiction??

Do you know, that while what remains after you after you die, can barely be called you, since memories disperse, BUT it is still not devoted of feeling. Thermal envelope (DYR what it is) does not completely vanish - absolute thermodynamic equilibrium is impossible. Even leaving planet is impossible after you die - since thermal envelope has to follow source of thermal energy (it cannot re-route stream very far from origin). You still stuck here, like a coma patient - and the only place you can return to get out of this nightmare dream is not "in AI" (mind is software, SUPERHOT, but not ordinary silicon kind): it is your prey instead, since evolution programmed it to learn your core "software" and filter out the useless rest of your personality (since evolution could care less about ur mama or social/professional/academic recognition), and it also programmed prey to activate your "foraging behavior" when it detects that predator is gone physically - so it could start "breathing ur stream of air". You can observe it a bit with cats and rabbits (what rabbit learns in a presence of cat, and what it expresses in absence of it) - if you don't believe me. Even death cannot free you from consequences of wasteful life - but it can reduce you unimaginably, nevertheless. Good luck fixing Bitcoin's security as "chicken" .

-------

This issue with thermal-noise+ADC is truly the end: most of Information Security is a sham. I can't just keep quiet about it - I have to develop solution here.

The faster I start doing replicas and developing real protocol - the better!!

That is why I'm okay with small donations to the project - it gives me a little free time.

(I have less than you in my bank account and crypto - since I spent year researching numerous information security issues introduced by NIST, until I arrived at most critical one)

The project itself costs billions, since it saves trillions of todays USD equivalents.

-----

I obviously lowered my expectations in advance about this venture, but I really hoped that I'm not the only one who suspected the ACTUAL issue with RNGs. Maybe I lived better life than you, making me among the first to figure. But that's not the reason for you to give up on your own wallets and livelihoods. If you're not a commie or tankie - you can keep up eventually, as long as you realize you're behind in reality (something those people cannot do).

idk maybe it's because you tired of projects claiming to give you more security than Ledger/Trezor - those are scams. Ledger/Trezor are as good as it gets with regulators. The problem I'm pointing out is with NIST itself (u think what u see in politics nowadays comes from nowhere - it has been building up slowly like a back log since WW2). Regulators/governments/military/DeFy they already shot themselves into stomach with it (see my other posts).

I'm focusing on Bitcoin, coz here there is chance to fix it.

It looks to paranoid me like Bitcointalk is trolling me, but where's profit in trolling lol? You just don't get the issue, right?

That your own funds can be stolen by someone with more flexible mind, that your ID can be stolen (secret key in ur passport can be guessed - the rest are common market components). That people are morre and more provoked towards doing that: rising living costs + naive immorality, rather than aware choice between moral and immoral.

(You just believe you'll be lucky and fine like people of Torets'k (Ukraine) believed for past 10 years. And every year they been proven to be right, until this year.)

THERE ARE MULTITUDE OF HISTORICAL COUNTEREXAMPLES!! ALL SECURE MEASURES IN THE PAST WERE HACKED!! GOSH, PEOPLE USED TO BELIEVE THAT MD5 IS SECURE EVEN. NOW THE FINAL BELIEF OF PAST ECONOMIC CYCLE IS OVER - RANDOMNESS.

White noise IS NOT THE SOURCE OF IT. It only appears so.