Bitcoin is not enough: we need open source hardware

Lane

New member
When you say that your private key is in your hands, you mean that it is stored in a device you trust.
Or if it is on paper, you assume that when you will import/use the PK on a device to make a payment/transfer, you trust that device.

What if the NSA asks hardware manufacturers to integrate spy chips in their devices?
Your PC may have a spy controller chip that reads your PK from your HD and sends it over to the NSA via your network card.

I'd like many open source computer and phone projects to pop up, but there are just a few of them and don't seem to get traction.
Maybe the people is still not concerned enough with their privacy. ... but hey we are talking about our life's savings here!
 

Ivan

Member
You can create a Private Key just by pen, paper and a dice. 3 letter agencies can do a f**k about that
 

Kingston

Member
It's not the easiest problem to solve. Even if there was some sort of online repository where you could view the code for your firmware, you would also need the hardware itself to broadcast something like an MD5 checksum so you could check the integrity of your firmware on any given device and ensure it matches exactly what is in the repository.

And the bigger question, even if you could get hardware to do that, how many people would actually bother to check it matches? Is the average user really that security-conscious?
 

Juan

Member
FPGA can be a possible solutions for more controlled transaction signing. Since these devices are made for engineers to build chips
 

Ashton

Member
You can create a Private Key just by pen, paper and a dice. 3 letter agencies can do a f**k about that
You seems not to understand the concern of the OP cause he was not talking about the creation of private keys but people privacy which might leak now or in the future if NSA tell computers and phone manufacturer company to integrate a spy chip and we both know that everything about crypto currency have to do with phones or computers
 

Kaiden

Member
When you say that your private key is in your hands, you mean that it is stored in a device you trust.
Or if it is on paper, you assume that when you will import/use the PK on a device to make a payment/transfer, you trust that device.

What if the NSA asks hardware manufacturers to integrate spy chips in their devices?
Your PC may have a spy controller chip that reads your PK from your HD and sends it over to the NSA via your network card.

I'd like many open source computer and phone projects to pop up, but there are just a few of them and don't seem to get traction.
Maybe the people is still not concerned enough with their privacy. ... but hey we are talking about our life's savings here!
I never thought of this kind of thing happening this before, I understand and respect your opinion. We definitely need an open source hardware because the possibility that the NSA will make this kind of move in the future is high but how can we this happening when we barely have the right link to achieve it
 

Giovanni

Member
Perhaps the OP concern regarding NSA or some other USA agencies is justified by the fact that NSA is working for years on methods of monitoring and identification of bitcoin users. But I would bet that the Chinese in this matter are even more dangerous. Few years ago it was discovered they spy almost all American big companies, included even secret agencies and the ministry of defense.

I am not sure how we can protect our private keys in such world, Ledger or Trezor are too small to resist such challenges. Regardless of the methods we use for storage, nothing is 100% safe
 

Jesus

Member
It exists: the RISC-V ISA

The Bitcoin developers are ahead of the game somewhat, Bitcoin core 0.18.0 release will have RISC-V binaries
 

Calvin

Member
It exists: the RISC-V ISA

The Bitcoin developers are ahead of the game somewhat, Bitcoin core 0.18.0 release will have RISC-V binaries
RISC-V is hardly relevant, it is open cpu design mainly with focus on the interface, i.e. instruction set. What op is worried about is manufacturer's malicious behavior not design flaws
 

Camden

Member
What if someone:

1. Uses a hardcore cold storage setup.

2. Has a Faraday cage to ensure that there's no transmissions at all.

3. Generates private keys physically, for example with dice.

Would this be enough to defeat backdoored hardware?
 

Jayce

Member
RISC-V is the only open instruction set out there, or at least the only modern design (the older MIPS stuff was open sourced recently if I remember rightly)

The only way to get total control of an open ISA as an end-user is to validate the chip design all by yourself, then fabricate the chip yourself in your garden shed. Presumably that's what you intend to do?
 

Rowan

Member
@hatshepsut93 If the "hardcore cold storage setup" is just a formatted PC with Linux, it's not a bulletfproof solution. It still suffers from the issue pointed out by @domob. The cold storage device in the Faraday cage may have a malicious memory controller chip that messes up the transaction script generated by your wallet, to put the attacker's receiving address in it.

@Carlton Banks Doing it the hard way ( by yourself from scratch) is obviously a solution. But i hoped it was not necessary.
But why would you build a hardware chip that fully implements a general-purpose ISA, like RISC-V ?
You don't need the complexity of a general purpose ISA, when the functionality you need is just generating transactions.
Why don't design an ASIC chip just for that function? Should be simpler.
 

Diego

Member
But why would you build a hardware chip that fully implements a general-purpose ISA, like RISC-V ?
You don't need the complexity of a general purpose ISA, when the functionality you need is just generating transactions.
Why don't design an ASIC chip just for that function? Should be simpler.
Like hatshepsut93 said, you can go the pencil and paper route to create the private/public keypairs. And like I said, if you want to use an open chip design, you still have to trust the manufacturer of the chip to produce the design according to the open spec
 
Top