I think the goal is to develop a solution that would be accessible to
as many people as possible, this means it has to be cheap and easy to
use.
In my experience projects it's rare that projects that set out to
start with the goal of delivering the end all be all in version 1
succeed so I was thinking we would break the project up into phases.
Phase 1 - Basic crypto card solution
Move cryptographic key material to a crypto card, use of keys require
use of a pin. Involves making appropriate changes to the bitcoin
client to allow the wallet.dat to contain references to keys, to
collect pin and pass it to OpenSSL, to use the OpenSSL engine
construct.
At the end of Phase 1 we will have virtually eliminated wallet theft
and reduced the chances of transaction fraud by a making it so that
the card must be present to perform a transaction, we would still be
exposed to transaction modification attacks (host sends 100btc request
to card not the 1btc the UI says.
From a usability standpoint we have added a pin prompt into the
transaction, some ui for dealing with card detection and a card
management experience for:
1. Card initialization and re initialization
2. Admin and user pin change
3. Card unblock
We could also choose to implement a card backup implementation in
phase 1, this could be done by exporting a cipher text blob of ey key
to the filesystem or by cloning the keys from one card to another.
Phase 2 - initial Point of sale solution
In this approach we are basically re implementing the bitcoin client
on a smatcard, we will need to find a cost effective secure pin entry
and secure display solution that is customizable and supports the
crypto we need. Unfortunately this may end up being custom hardware
given the non standard curve the card implements.
We have to work on the existing bitcoin client to create a separation
of the UI from the logic layer so that it is possible for the client
to work in both modes, this is something Gavin is hoping to do in the
next year so we could join that effort and see if we could accelerate
it.
We would need to modify the UI layer in the bitcoin client to probably
have a new transaction UI, that UI would when the card is present deal
with helping the user know how to interact with the external hardware.
We will need to device a card provisioning and updating mechanism here
to, in other words we need to make it so that users can update the
application on the card as it's updated as the bitcoin protocol will
continue to evolve.
In addition we need to do the same card related stuff from the first
phase, though there will likely be some changes.
Wqith this approach we get the benefits of phase 1 plus we get to
address the kernel Malware threat of transaction being modified before
it's sent to the card. Additionally we potentially enable point of
sale transactions if we build a point of sale terminal I addition.
Thoughts?
That goal has been achieved by bitcoin, download, install.
The priority is not "develop a solution that would be accessible to as
many people as possible", but "use peer review and open discussion so
that we can provide a mechanism resistant to a much wider threat model
(your computer (and later on -but not yet- also terminal) has been
compromised), growing user base through trust, not form factor
association!"
I do no understand why phase 2 contains "Unfortunately this may end
up being custom hardware given the non standard curve the card
implements."
this was already necessary in phase 1 (either javacard bytecode, or
crypto coprocessor)
On 25 June 2011 19:01, Smartcard Guy <smartc...@gmail.com> wrote:That goal has been achieved by bitcoin, download, install.
> So based on the recent threads I think I may miss understand what the
> group consensus is so I thought I should write up what I think my
> thinking was, unfortunately I am on an iPad and I am sure wha I am
> about to write will be riddled with mistakes :)
>
> I think the goal is to develop a solution that would be accessible to
> as many people as possible, this means it has to be cheap and easy to
> use.
The priority is not "develop a solution that would be accessible to as
many people as possible", but "use peer review and open discussion
so that we can provide a mechanism resistant to a much wider threat model
(your computer (and later on -but not yet- also terminal) has been
compromised),
growing user base through trust,
not form factor association!"
> With this approach we get the benefits of phase 1 plus we get to
> address the kernel Malware threat of transaction being modified before
> it's sent to the card. Additionally we potentially enable point of
> sale transactions if we build a point of sale terminal I addition.
>
> Thoughts?
>
I do no understand why phase 2 contains "Unfortunately this may end
up being custom hardware given the non standard curve the card
implements." this was already necessary in phase 1 (either javacard bytecode, or
crypto coprocessor)
Regards,
Ugljesa
If I speak up it will either be because I think we did not do enough
market research, or because I see no cryptographic advantage....
that being said, DO go ahead...
Could you send me the exact specification of the card you are getting?
I will be contacting a company developing smartcard solutions here,
one of my colleagues used to work there.
On the note of project I will be working on client (desktop) side, and
as much as i can help with javacard applets (I'm currently Java
machine learning/scalable systems R&D software engineer).
Regards,
Ugljesa
Regards,
Ugljesa