Yes, but the clear message here is that it is the firmware that is open source, not the SE itself. I think that talk of "open source SEs" and the like is very misleading.

Can we all agree a definition for "closed source"?

|Party|	|Closed Source Trust Required|	|Open Source Trust Required|
1. Chip Hardware Description Language Developer	Yes	Yes
2. Design Automation Software Developer	Yes	Yes
2. Chip Foundry	Yes	Yes
3. SE Vendors	Yes	Yes
4. Firmware Developers	Yes	No
5. Certification Bodies	Yes	Yes

The Tropic01 chip is not open source as, unlike software, you cannot simply compile your own binary (hardware). Using "open source" in the context of hardware is misleading imo. Tropic Square claims to be auditable but looking at their FAQ there are obvious limits:


Unless they allow anyone who asks to physically audit the various stages of the chip design and physical production then the audit is very limited in scope.

Yes, some kind of hardware that can sign transactions that can be built and verified at home using more standardized building blocks rather than a fully integrated Secure Element. I haven't looked into the details but something *like* this betrusted.io device that incorporates a user-coded FPGA  in lieu of a microprocessor.

https://betrusted.io/

"Transparency is the bedrock of trust. Understanding what makes a thing tick gives us an evidence-based reason to trust that it works as intended. Betrusted is unique in that, instead of a black-box CPU chip, it uses reconfigurable hardware – an FPGA – for computation. This means you can compile our reference processor design from source, instead of simply having to accept on faith that this black epoxy rectangle contains precisely the circuits it advertises. "

True, but this doesn't help if every SE vendor is compromised and the kind of threat model I'm envisioning this is a credible scenario.

If this attack were to be realised it is almost certainly would be a joint operation of the western intelligence services (CIA, MI6, DSGE, Mossad etc.).

But you're happy to trust the "closed source" hardware no matter what?

I'm not sure this is true. The fact that a key can be leaked means that a government can drain your wallet covertly and with impunity. It is not possible to do this with the current financial system where bank transfers and thefts can be traced to an individual or organisation or government. This gives them immense power over individuals to directly interfere in their financial affairs in a way that can be covered up as an op-sec failure on their behalf. Other ways to get at an individual involves trails of evidence and potential witnesses.

“Hope you don’t find” implies that it’s relatively straightforward for 3rd parties to verify back doors etched onto the wafer when it isn’t. Government agencies can and do keep secrets when they want to.

Correct, but I believe that Bitcoin is going to become a rival to the existing monetary system. Its use will expand and HW are presented as the most secure and optimal solution. The fact that people use software wallets strengthens my case as it’s much easier to leak keys with SW.


I think it really is worth it for the reasons given. Again, the objective is not to disrupt the Bitcoin monetary systems as a whole – quite the opposite. The aim is to grow it but have the ability to covertly target individuals as an when required.

Even if 1 in a 1000 individuals had their BTC drained, I doubt that would be enough to cause general alarm, as its very difficult to pinpoint how a key was leaked.

I agree that this is all very theoretical and amounts to a bit of storytelling. AFAIK there is zero evidence this is happening. However, it’s not for me to prove it. The onus is on the "Don't Trust, Verify" BTC proponents to justify that what I’m hypothesising is false.

It's not open in the sense that I cannot independently verify that the functions actually installed on the device are what are claimed, and that there aren't hidden functions installed on it that are not.

Open source software means you can compile a binary yourself and run it - this is not possible with hardware.

If I told you my software was open source but only part of it - you would treat the entire thing as closed.  To me, the words, open and closed have very little meaning with harddware chips.

It isn't fully open. Therefore it is closed (as any closed elements can poison the open ones).

I'm not sure what is meant by "transparent audibility". From their website they claim:
I'm not sure what this means in practice.

You're assuming that the objective is to destroy confidence in the network, rather than targeted attacks.

Given that Oracle was literally founded out of a CIA project called "Project Oracle", Facebook was created out of DARPA's LifeLog, and the UK government's Investigatory Powers Act (2016) etc. demands manufacturers to insert backdoors in encryption etc., then I don't think it's particularly schizo to think that they have the ability to secretly insert certain hardware functions in a few key chip manufacturers.

Exactly this. I had a look at ISO/IEC 15408 which defines the EALs and I wasn’t very impressed. Here are my observations:

1. The standard is full of acronyms and jargon. For example: the standard says that an Evaluation Assurance Level (EAL) is assigned to a Target of Evaluation (TOE) based on the Security Target (ST). The TOE implements TOE Security Functions (TSF) to meet the security requirements specified in the ST. Got that? Excessive use of such things is generally a sign that it’s intended to dissemble.

2. The EAL is meaningless without the Security Target (ST). The ST is basically a specification that lists the security properties of the TOE (the secure element to be assured in this case). From the standard:
 “A ST is a document that describes a specific TOE, the conformance claims applicable to the evaluation of the TOE, the security problem to be addressed, the security objectives for the TOE and its operational environment, the security requirements applicable to solving the stated security problem, and additional material necessary to describe the TOE sufficiently for evaluation. STs are generally based upon PPs or PP-Configurations that describe a security problem and security requirements for a TOE type that is relevant to the specific TOE.”

3. The assurance requirements are very vague, non-specific and of a functional nature. AFAICT there a no prescriptive methods identified to check for specific vulnerabilities.[/li][/list]


Given the above I am confident that that if a SE manufacturer claims an EAL level, but does not publish their Security Target (ST) specification in the public domain, then such claims are meaningless.

The Bitcoin blockchain is susceptible to key leakage via the OP RETURN field and a narrowband subliminal channel based on brute-forcing the random factor of the signature scheme.

That's a really important concept to understand.

https://www.annessi.net/data/2018-subliminalblockchain_preprint.pdf

This is completely irrelevant to the discussion.

Again, irrelevant; Bitcoin signatures are not subliminal-free.

Did you even read the whole thread? 

Okay, it's arguably better if the K210 chips are used for generic devices but the material point still stands: you cannot verify the hardware and backdoors can be inserted without your knowledge.


The point is that the hardware is NOT open source.


But you are trusting close source - just in hardware form.

No, we need a way of building hardware from scratch using simpler components that is very difficult to insert usable back doors into. And we need subliminal-free signed transactions.

This is all irrelevant if the Kendryte K210 chip on your device is hard-coded with a back door to leak your private key subliminally in a signed transaction.

As well as distributed ledgers, cryptography and the consensus mechanism, the Bitcoin security chain includes key generation and management for storing keys and signing transactions.

If security is dependent on the weakest link, then why does "Verify, Don't Trust" for the monetary protocol not apply equally to the hardware used for key management? It seems that when it comes to HW, "Trust Me, Bro" is the prevailing ethos.

Why is this not a more common way for generating 12 words? 

I intend to flip a coin 121 times, convert to BIP39 words and then enter them into my HW with a random 12th word until it accepts the mnemonic as valid (passing checksum). This way I'm not relying on the HW RNG.

This seems to me to be much better than tyting to use tools like SeedSigner and https://iancoleman.io/bip39/.

Serious question: What makes you think that trillionaires don't already exist?  If there were people with unimaginable concentrations of inter-generational wealth, why would they make themselves public?