Thursday, 8 August 2013

Inside Bitfrore Part 3 - Continuous Confidence Tests

Please support our Indiegogo campaign to make the Bitfrore - Bitcoin Paper Wallet a reality.

This is part 3 in a series of posts on the Bitfrore technology.
Click here to view the previous posts.

It's a sad fact of life but unfortunately all hardware components degrade with age and eventually fail. Two very typical failures in a Desktop PC are Ram and Hard drive failures. Ram failure leads to random crashes and Hard disk failure leads to poor performance and lost files. In a Desktop PC these types of failure are an annoyance but in a Bitcoin Paper Wallet Printer they could lead to inaccessible or easy to steal funds.

If the random number generator has degraded and now generates predictable values or the memory used to store the private key has degraded such that bits become "stuck" an attacker would be able to guess your private key and steal your Bitcoins.

If the storage medium used to store the software to generate a paper wallet has degraded all bets are off. The software can misbehave in every imaginable way. In the worst case this could mean an address may be generated that doesn't match the private key. Any funds sent to the address would become inaccessible.

Every stage of Paper Wallet generation is critical and the possibility of unpredictable hardware failure is a major challenge when building a reliable Bitcoin Paper Wallet printer.

Fortunately the Bitfrore printer contains multiple levels of confidence checks that continually check and double check the correct operation of both the hardware and software.

Every reputable Bitcoin address generator includes a software check that confirms the calculated public key is valid however this simple check is itself vulnerable to hardware failure that corrupts the software.

To augment this simple check Bitfrore is also able to detect:
  • Failures in both ram and flash storage.
  • Low quality random number generation.
At power on Bitfrore runs an internal self test that verifies the firmware matches the factory installation and that memory is functioning properly. If a single bit of flash or ram has failed Bitfrore detects this and reports an error. Due to Bitfrore's minimal design these tests can be executed quickly.

Unfortunately memory failure is often quite subtle and can be missed by a simple power on self test. During private key generation Bitfrore writes the private key to 2 separate memory locations and the private key is compared once generation is completed. If the keys are the same then we can have confidence that there no bits were lost to a failed bit in ram.

The private key and address generation is executed twice in different parts of memory ensuring that any subtle memory errors are detected and reported.

To detect degradation of the random number generation hardware Bitfrore includes a subset of the NIST statistical suite1. The random number generator is continuously tested against this suite. The problem with randomness is that sometimes a random sequence may actually contain a pattern that appears non random2. When Bitfrore generates a "suspicious" random sequence the random number generator is placed into a special "suspect" mode and 10 additional sequences are generated and statistically tested. If these these 10 additional sequences are not suspicious then Bitfrore determines that the random number generator is working correctly and the original "suspicious"  sequence was actually a "lucky" coincidence and is used to generate the Private Key. This ensures that the full range of Private Keys are available to Bitfrore but failure of the random number generation can still be detected.

Every paper wallet that Bitfrore prints is subject to these stringent confidence checks. The tests ensure that Bitfrore provides the safest and most secure Paper Wallets available.

Continue to Part 4 Minimal Attack Surface


No comments:

Post a Comment