Welcome to the Dash Forum!

Please sign up to discuss the most innovative cryptocurrency!

Proposal: The Dash Hardware Wallet - Phase 1

Discussion in 'Pre + Budget Proposal Discussions' started by roland, Oct 9, 2017.

  1. roland

    roland New Member

    Joined:
    Sep 5, 2017
    Messages:
    38
    Likes Received:
    26
    Trophy Points:
    18
    Dear all!

    Some of you might remember discussing on the pre-proposal of a Dash Hardware Wallet with me some time ago. I have taken all the feedback, seriously refined the proposal, split it into several phases, created a working hardware prototype, and now I'm happy that we have a budget proposal live:

    https://www.dashcentral.org/p/dash-hardware-wallet-phase1

    Since the proposal description is quite long (13 pages), I'll not paste it here completely. You might want to read the (somewhat shortened) online version on Dash Central (link above), or the whole proposal here (PDF):

    https://www.haenel.me/files/dash-wallet/proposal-the-dash-hardware-wallet.pdf

    Now it's time to see whether the community really likes the idea or not. At least I hope you will see from the content that we worked on this with a lot of passion.

    Greetings,
    Roland
     
    • Like Like x 4
    • Useful Useful x 1
  2. demo

    demo Active Member

    Joined:
    Apr 23, 2016
    Messages:
    2,035
    Likes Received:
    145
    Trophy Points:
    133
    Dash Address:
    XnpT2YQaYpyh7F9twM6EtDMn1TCDCEEgNX
  3. qwizzie

    qwizzie Well-known Member

    Joined:
    Aug 6, 2014
    Messages:
    1,072
    Likes Received:
    597
    Trophy Points:
    183
    Let me start by saying i think this is a great idea, a Dash specific hardware wallet is exactly what we need.

    I would like to see some form of testing of this hardware wallet by someone of the Dash Core-Team and i would also like to know how much collaboration/partnership there is between
    the developer of this hardware wallet and the Dash Core-Team as there is talk about implementing certain aspects of Dash Evolution.
    Also i wonder if this hardware wallet will be opensource ?
     
    • Like Like x 1
  4. roland

    roland New Member

    Joined:
    Sep 5, 2017
    Messages:
    38
    Likes Received:
    26
    Trophy Points:
    18
    Hello demo,

    To the best of my knowledge, there is no way to "formally verify" a hardware design (i.e., schematic, layout/Gerber) as we have presented it here. Formal verification is something that you might apply on some abstraction layer to chip design (VHDL, Verilog). Hardware vendors use this to formally prove that their CPU chip design behaves "correctly" (i.e., according to the instruction set they defined). But even then, it's still a model that doesn't take into account some aspects of the real world, hence all the silicon errata we're dealing with every day.

    So, we're obviously going with an industry standard SoC (NXP KW41Z) that might have some formal verification of its internal gate design. But this doesn't formally guarantee the Dash Hardware Wallet features in any sense.

    As for the software (firmware), I think a system like this (including a lightweight real-time operating system, Bluetooth stack) is far too complex to be completely formally verified.

    Greetings,
    Roland
     
    • Like Like x 1
  5. roland

    roland New Member

    Joined:
    Sep 5, 2017
    Messages:
    38
    Likes Received:
    26
    Trophy Points:
    18
    For details on the status of the prototype, the planned features and also the open source plans, please have a look at the detailed proposal here:

    https://www.haenel.me/files/dash-wallet/proposal-the-dash-hardware-wallet.pdf

    In essence: the prototype that we have built is "just a piece of hardware" right now that was tested to fulfil all the basic functions such a hardware needs to to (i.e., run the display, read the keypad, run the operating system, run the radio communication stack (Bluetooth)). The firmware hasn't been done by now, that is (among many other things) the development effort we propose for Phase 1.

    As for open source, the short answer is: yes we will make this open source, but only after the project is finished, to ensure that the Dash community gets a "head start" here. We wouldn't release open source on a day-to-day basis to enable others to copy the work on a day-to-day basis. The approach is similar to the Dash core software itself.

    Greetings,
    Roland
     
    • Informative Informative x 2
    • Like Like x 1
  6. demo

    demo Active Member

    Joined:
    Apr 23, 2016
    Messages:
    2,035
    Likes Received:
    145
    Trophy Points:
    133
    Dash Address:
    XnpT2YQaYpyh7F9twM6EtDMn1TCDCEEgNX
    As far as I know, there is some hardware that it is formally verified. For example this. Furthermore there are some languages that facilitate formal verification (for example the ML family languages) and some people are trying to formally verify firmware.

    Anyway, I just asked, and your answer is obviously "No" to my question. Thanks for your answer. I know that what I have asked is not an easy thing, and I appreciate the straight answer you gave me.
     
    #6 demo, Oct 9, 2017
    Last edited: Oct 9, 2017
  7. tungfa

    tungfa Administrator
    Dash Core Team Foundation Member Moderator

    Joined:
    Apr 9, 2014
    Messages:
    7,837
    Likes Received:
    6,166
    Trophy Points:
    1,283
    as said before
    i think this is a bad idea
    why reinvent the wheel when 2-3 working / verified solutions are out there ?
    TREZOR is a 100% solid - so are keepass and ledger (depending on taste and style).
    well maintained , trusted and verified by communities across the crypto space !

    to invest time and money into a new solution ... because why ?
    to have Dash sticker on it ? any available HW wallet can be “Dashified” or changed in appearance (if people are really worried about being stopped by a boarder guard with their Trezor in pocket)

    “verified by core team “
    there it comes , the responsibility for this obviously from a safety side lies with core , they have more than enough other things to do than verify a new HW ! ask the (tech pros) if we really need one - and they will tell u as everybody else that they are happy with their HW x y z and have no interest in verifying something new when solid solutions already exhist !

    sorry to be the party pooper but i really do not understand the need for this !
     
    • Agree Agree x 1
  8. Name3

    Name3 New Member

    Joined:
    Jun 23, 2017
    Messages:
    21
    Likes Received:
    4
    Trophy Points:
    3
    Hey Roland!

    I really like this idea and I like the changes you have made since your previous proposal.

    My main concern with this project is one of practicality, I worry people won't want to carry around what amounts to a second phone. Have you done any research into a slimmer prototype that would fit more easily in a pocket?
     
    • Agree Agree x 2
  9. demo

    demo Active Member

    Joined:
    Apr 23, 2016
    Messages:
    2,035
    Likes Received:
    145
    Trophy Points:
    133
    Dash Address:
    XnpT2YQaYpyh7F9twM6EtDMn1TCDCEEgNX
    Are TREZOR, keepass or ledger formally verified?

    To the best of my knowledge no part of Trezor has been formally verified.

    A solution (like BitKey) which you don't need to trust is inherently more secure than a system that you do need to trust (like Trezor). If you don't trust me as an authority in this matter, read what Satoshi Nakamoto has to say about this: Trusted third parties are security holes.

    To use Trezor I have to trust it on many levels. Opening up the code and hardware on your end doesn't prevent me from ending up using an evil version of Trezor that steals my Bitcoin.

    I think that's more likely to happen because Trezor by its nature is an enciting attack target and hence a central point of failure. I need to trust Trezor developers. I need to trust your production line. I need to trust every single entity on the shipping route incuding your fulfillment company, the mail carrier, my mail man.
     
    #9 demo, Oct 10, 2017
    Last edited: Oct 10, 2017
    • Disagree Disagree x 1
  10. tungfa

    tungfa Administrator
    Dash Core Team Foundation Member Moderator

    Joined:
    Apr 9, 2014
    Messages:
    7,837
    Likes Received:
    6,166
    Trophy Points:
    1,283
    well ok
    but i prefer to trust a known company with thousands of HW device out there
    than a brand new single developer with an idea for a devise
    TREZOR has proven itself over many years - why start from scratch ?
     
  11. demo

    demo Active Member

    Joined:
    Apr 23, 2016
    Messages:
    2,035
    Likes Received:
    145
    Trophy Points:
    133
    Dash Address:
    XnpT2YQaYpyh7F9twM6EtDMn1TCDCEEgNX
    Thats why I asked our friend @roland to formally verify his device.
    This is something that even TREZOR cannot achieve yet!
    And as long as there is no hardware wallet that is formally verified, I prefer bitkey solution.
     
    #11 demo, Oct 10, 2017
    Last edited: Oct 10, 2017
    • Like Like x 1
  12. tungfa

    tungfa Administrator
    Dash Core Team Foundation Member Moderator

    Joined:
    Apr 9, 2014
    Messages:
    7,837
    Likes Received:
    6,166
    Trophy Points:
    1,283
    look look i gave u my 1st
    [​IMG]
    ;)
     
    • Funny Funny x 3
    • Friendly Friendly x 1
  13. TroyDASH

    TroyDASH Well-known Member
    Masternode Owner/Operator

    Joined:
    Jul 31, 2015
    Messages:
    920
    Likes Received:
    641
    Trophy Points:
    163
    I wish you success with this product, but I don't support funding this from the Dash network. In short, I think whatever the convenient features you develop are, the big name companies are probably going to be able to do it even better.
     
    • Agree Agree x 2
  14. TigerZEN

    TigerZEN New Member

    Joined:
    Aug 16, 2017
    Messages:
    22
    Likes Received:
    17
    Trophy Points:
    13
    • Agree Agree x 1
  15. roland

    roland New Member

    Joined:
    Sep 5, 2017
    Messages:
    38
    Likes Received:
    26
    Trophy Points:
    18
    tungfa, thanks for your valuable input during the pre-proposal phase. Because of that, I created the "why do we need another hardware wallet? there are products ont the market already!" section in the proposal. Probably I can't change your mind, which is OK for me.

    Yes you are perfectly right, you can put a sticker telling "Blue Energy" on your gasoline car. So why invest time and money into building an elecric car? Which will in effect only move us from A to B, right? Gasoline cars are 100% solid, well maintained, trusted and verified by millions of customers. No need for some silicon valley company to try to disrupt that space, right?

    OK, back to being serious. These are the key points that none of the current solutions have:

    * compatible with smartphone and tablet use cases, due to the use of Bluetooth LE
    * support for the unique Dash features (PrivateSend, InstantSend, new Evolution features).
    * branded for Dash in the first place, marketed with and for Dash in the first place
    * designed for a retail price point of less than $50

    I don't know exactly why you put the quotation marks there. I certainly didn't claim this is "verified by the core team". Because I agree with you, the core team can't be held responsible for all development activities done by "third parties" like us. But is that a reason not do to any third party developments?

    I tried my very best to explain why we think this is a sound design, why we think we're able to handle this. How we're going to make this open source to invite everyone to have a look. If the core team approaches us and wants to have a look, we'll support them to our very best. But we cannot guarantee this happens, nor have we claimed it will.
     
    • Like Like x 1
    • Funny Funny x 1
  16. roland

    roland New Member

    Joined:
    Sep 5, 2017
    Messages:
    38
    Likes Received:
    26
    Trophy Points:
    18
    I get the point. However I have to disappoint you - I still think it is impossible to formally verify a whole system like a hardware wallet. That's the reason why Trezor doesn't have it, Keepkey doesn't have it, and we also won't have it. Take a look at the paper you sent me, they claim it's a big deal to formally verify the gate design of an AES-128 encryption. From a complexity standpoint, that's probably much less than 0.1% of a whole system we're talking about here.

    I think you can't compare a formally designed hardware and the bitkey solution. Bitkey is also not formally verified (and will never be able, because it is a Debian system, which is again way more complex than every hardware wallet). Don't get me wrong, bitkey is a nice system. But if accidently insert a USB stick will malware in your bitkey system, you're screwed immediately.
     
    • Useful Useful x 1
  17. roland

    roland New Member

    Joined:
    Sep 5, 2017
    Messages:
    38
    Likes Received:
    26
    Trophy Points:
    18
    Yep, I know the coolwallet, and I know people like it for being thin.

    I don't like to say negative things about other products, and you won't hear anything bad about Trezor, Keepkey and the like because I really think they're good products.

    However with coolwallet, this is a seriously flawed design. They offer security options which completely defy the purpose of a hardware wallet: as a user, you need to check the amount and destination address of an outgoing transaction on the wallet. With a screen as tiny as they have, that's not really practical (for the destination address), so they pretty much left this option out by default.

    Our goal was to have a clear, reasonably sized screen. As for batteries, we have chosen batteries that are available everywhere (AAA), and we aim for a runtime of 1-2 years. Yes you can make that thing very thin with a LiPo cell, but then you'll have to recharge every week. We think that's not practical.
     
    • Like Like x 2
  18. roland

    roland New Member

    Joined:
    Sep 5, 2017
    Messages:
    38
    Likes Received:
    26
    Trophy Points:
    18
    Yes we have done some research on this one. Probably you could make it slimmer by using different batteries, make other trade-offs in the go (less battery lifetime, frequent re-charging), ... But it'd still amount to "size of a second phone". Solutions that are credit card sized won't have the features which we think are essential to a hardware wallet (compare Coolwallet, looks nice bit is a fail).
     
  19. roland

    roland New Member

    Joined:
    Sep 5, 2017
    Messages:
    38
    Likes Received:
    26
    Trophy Points:
    18
    TroyDASH, thanks for your open words.

    I'd be somewhat disappointed if this is the majority opinion. Today, Dash is #6 in market cap. Don't we have the ambition to get to #1? Just waiting for the "big name companies" won't do the job. If big name companies will join this space, guess what crypto currency the first solutions will be aimed at? Not at Dash in the first day, that's for sure. But the Dash treasury gives us the opportunity to do these things even in a stage were it might not be economically viable to do it without any external funding.

    If we succeed with this proposal and create a great product, even if a "big name company" later joins in, does everything better and launches a competitor product, I'd personally consider this project a win for Dash.
     
    • Like Like x 2
  20. Naruto

    Naruto Member

    Joined:
    Dec 26, 2014
    Messages:
    164
    Likes Received:
    89
    Trophy Points:
    88
    To be honest I don't really like the outlook of your HW wallet. And HW wallet for most people is used to secure their crypto. If people want to spend their crypto. They will put some money in mobile wallet. And keep the rest in a safe place. So I don't think your idea of smart phone friendly HW wallet will work........ No offence


    使用Tapatalk 發送
     
    • Agree Agree x 1
  21. TigerZEN

    TigerZEN New Member

    Joined:
    Aug 16, 2017
    Messages:
    22
    Likes Received:
    17
    Trophy Points:
    13
    I do not deny your design, but if you want to carry it, a little smaller is better.
    Your product is really great.
     
  22. alex9

    alex9 New Member

    Joined:
    Feb 4, 2017
    Messages:
    33
    Likes Received:
    3
    Trophy Points:
    8
    Roland,
    What MCU you use?
     
  23. roland

    roland New Member

    Joined:
    Sep 5, 2017
    Messages:
    38
    Likes Received:
    26
    Trophy Points:
    18
    NXP (formerly Freescale) KW41Z Bluetooth LE SoC series.
     
  24. EazyDay

    EazyDay New Member

    Joined:
    Feb 2, 2017
    Messages:
    38
    Likes Received:
    10
    Trophy Points:
    8
    Dash Address:
    XtN1c3dxyHCTu4CtPi7z3U7pSTbLShupce
    I do not think the features you are solving are problems...YET? Maybe the stakes are not high enough yet? Would we feel the same way when DASH has a 1T market cap? Maybe you are too early with this idea, everything is timing and our velocity will give us feedback when the wheels start shaking. Maybe you should rebrand as a skunk works project? Check out Rivetz and Fuzo in the meantime, there might be some gold in them hills.
     
  25. demo

    demo Active Member

    Joined:
    Apr 23, 2016
    Messages:
    2,035
    Likes Received:
    145
    Trophy Points:
    133
    Dash Address:
    XnpT2YQaYpyh7F9twM6EtDMn1TCDCEEgNX
    I have not a bitkey system, because I have not too many cryptocurrencies. My whole fortune is 1.5 Dash and 1.5 PIV.

    But suppose I build one day a bitkey system. This system resides into a usb stick. How possible is to boot a system with the bitkey usb, then insert a second unsafe usb ? This is very impossible to happen as mistake, and you must be tottaly nuts if you are doing this. As long as I am not insane, I consider the above senario impossible to happen to me.

    Additionally, If I were unable to compile a bitkey system, I would ask/pay a person who I trust to compile it, sign it and send it for me. For example @UdjinM6 and his team, who you trust already, when they code your masternode system. The core team writes things you can only trust, as long as you are unable to understand. And the trust the dash community puts to them, worths almost the whole Dash coins, and not only the few dash coins you are going to put into your bitkey system.

    Asking persons you know and trust to compile, sign and digitally send you a safe system, is a much better tactic, than trusting all the below custody.
    I always trust persons much more than I trust companies.
     
    #25 demo, Oct 12, 2017
    Last edited: Oct 12, 2017
  26. roland

    roland New Member

    Joined:
    Sep 5, 2017
    Messages:
    38
    Likes Received:
    26
    Trophy Points:
    18
    Well, what you describe as "happen as a mistake" is the official and supposed way to use bitkey.

    I suppose you might wan t ot use bitkey in "high security" mode (let's forget about "medium security" mode here, because this mode means to run a full online browser within bitkey, which is not much better than run a native Linux installation anyway). In "high security mode", if you want to create a transaction, you create the (unsigned) transaction on your normal PC, copy this transaction to a USB stick. Then you boot up bitkey (from the bitkey USB). You remove the bitkey USB stick, then you insert your second USB stick (the one with the unsigned transaction). You sign that with your wallet within bitkey, then broadcast it (via scanning a QR code).

    Taken straight from their documentation https://bitkey.io/, click on "Usage".
     
    • Useful Useful x 1
  27. demo

    demo Active Member

    Joined:
    Apr 23, 2016
    Messages:
    2,035
    Likes Received:
    145
    Trophy Points:
    133
    Dash Address:
    XnpT2YQaYpyh7F9twM6EtDMn1TCDCEEgNX
    I meant insert a second UNSAFE usb.
    Because the bitkey system always consists of TWO SAFE usb sticks, which are ALWAYS kept TOGETHER in a keyport.

    [​IMG]
     
    #27 demo, Oct 12, 2017
    Last edited: Oct 12, 2017
  28. GrandMasterDash

    GrandMasterDash Well-known Member
    Masternode Owner/Operator

    Joined:
    Jul 12, 2015
    Messages:
    1,732
    Likes Received:
    650
    Trophy Points:
    183
    You've come back with a more refined proposal but I wish you had submitted it again for discussion instead of diving right in, assuming you had it perfected.

    In my mind, your competitor is crypto debit cards. And I'm just not convinced you've made a compelling enough reason for me to carry that debit card and this device. Think about the human psychology. When I go out, I just want to carry three things; keys, wallet, phone. And, actually, if I can get away not carrying my wallet, even better.

    Current mode of operation: every few weeks, I load spending money onto my crypto debit card. If I get hacked, I've only lost a small fraction of all I own. I'm not going to buy a device to protect small amounts of money and, equally, I have no desire to carry lots of dash everywhere I go. For exceptional expenses, I can make arrangements with my debit card provider, or I can use an existing hardware wallet.

    What I want: I want my existing hardware wallet to support dash from the phone (not just bitcoin). It should not cost $1M+ to achieve this. I would rather that kind of money go towards retailer integration projects.

    Btw, simplicity would mean no pin pad, it would integrate some kind of biometrics.
     
    • Useful Useful x 1
  29. roland

    roland New Member

    Joined:
    Sep 5, 2017
    Messages:
    38
    Likes Received:
    26
    Trophy Points:
    18
    Yes, that's right. And the second USB sticks gets plugged into the "unsafe, Internet-connected PC" every now and then (to save the unsigned transaction on it). So if you have malware on your Internet-connected PC, guess how "safe" your second USB stick still is.

    But I think we have gotten a little off-topic here. Let's agree on the point that there is a way to use bitkey which is probably "much better" than just using a hot wallet on the PC.
     
    • Agree Agree x 1
  30. roland

    roland New Member

    Joined:
    Sep 5, 2017
    Messages:
    38
    Likes Received:
    26
    Trophy Points:
    18
    I get your point.

    On the other hand, I have invested much time and effort into this proposal and the prototypes of this product. I believe the proposal would create a very valuable output for the Dash community for a development cost of $300k (your quote of $1M+ is incorrect here, because you mix up production cost, which is in a later phase and has nothing to do with the effort to create a product). Biometric integration would be nice, but I don't give that a chance for anything near $300k.

    To be completely honest, I don't think I am able to create more value to the Dash community than what I have proposed. So it's time to put this to the vote now. I it turns out the proposal will fail, well, of course we'll be disappointed. But life will continue, and we'll give birth to other babys. I won't take it personally - I have created many products, and it's normal that some ideas just don't make it into a product. Time will then tell if it was a bad idea or a missed chance.
     
    • Friendly Friendly x 1

Share This Page