Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Beginners & Help
Idea for a hardware-based Bitcoin savings account
by
bitcoin_idea
on 15/06/2011, 20:07:48 UTC
A post 2 days ago drew attention to how one can easily lose massive amounts of Bitcoins quickly if proper precautions aren't taken.  I read through most of the posts yesterday and there's quite a disconnect between tech-savvy users and the rest.  I believe that this mentality will hold Bitcoin back as a currency, so I'm reposting an idea I put up on reddit's r/bitcoin. (Original post here)

Proposed Solution: create an arduino bitcoin wallet to serve as a hardware wallet for a savings account. The arduino will:

  • generate a new public/private keypair so that the private key is never seen by a computer (multiple posts suggest that the private key is unencrypted in your computer's RAM for ~100 ms, which may be enough time for an already installed virus/trojan to grab it.)
  • display public and private keys
  • perform an encryption/transaction in 2 steps:
  •     1.  generate the transaction (use the public/private keypair along with a (user-inputted) destination public key address)
  •     2.  publish this transaction to an external device (I.E. usb key, wifi network, ethernet connection)

To use:
  • When your (computer's) bitcoin wallet becomes too fat: make a transfer to the arduino public key. The arduino doesn't even need to know how much is in the account, the transactions just need to be published to the bitcoin network
  • The arduino can generate transaction hashes when you want to transfer money out of the arduino savings account. The user would then have to publish this transaction hash to the bitcoin network. Overspending will simply be rejected by the bitcoin network.  (Technical note: this avoids a trojan/virus stealing the user's private key, unless the arduino can be compromised)

While this account hack was terrible for the account owner, allinvain, it was bound to happen eventually to someone.  The silver lining here is that many people will want to address this potential security hole with the currency.  This is both a business problem and a bitcoin problem. I see two directions for this idea:

closed source: write the arduino code and offer the finished arduino project as a product

benefits:
  • more profit for the developer
  • higher entry-cost for would-be competitors

open source: arduino code is published online and peer-reviewed

benefits:
  • more collaboration will generally offer better security
  • will help the bitcoin community grow more by offering a low-cost method for easy security (which also generates more trust for the bitcoin currency)
  • can still support a private business model where someone loads an arduino (or orders a mass-production fabrication for even lower costs) and offers a simple out-of-the-box product for users who want to do no configuration (this is the Redhat Linux model)

For anyone that wants to take this idea and run with it, it's yours. I'd personally like to see an open source solution developed, so users can
1.  buy an arduino
2.  review the code (if desired)
3.  transfer the code to an arduino to have a secure, physical wallet

Step 2 is an important optional step, IMO, as open source code is harder to hide backdoors.  However, even a blackbox-type product would still benefit the community, as it will introduce more confidence in bitcoin.