Proposal: The Dash Hardware Wallet - Phase 1

roland

Member
Dear all!

Some of you might remember discussing on the pre-proposal of a Dash Hardware Wallet with me some time ago. I have taken all the feedback, seriously refined the proposal, split it into several phases, created a working hardware prototype, and now I'm happy that we have a budget proposal live:

https://www.dashcentral.org/p/dash-hardware-wallet-phase1

Since the proposal description is quite long (13 pages), I'll not paste it here completely. You might want to read the (somewhat shortened) online version on Dash Central (link above), or the whole proposal here (PDF):

https://www.haenel.me/files/dash-wallet/proposal-the-dash-hardware-wallet.pdf

Now it's time to see whether the community really likes the idea or not. At least I hope you will see from the content that we worked on this with a lot of passion.

Greetings,
Roland
 
Let me start by saying i think this is a great idea, a Dash specific hardware wallet is exactly what we need.

I would like to see some form of testing of this hardware wallet by someone of the Dash Core-Team and i would also like to know how much collaboration/partnership there is between
the developer of this hardware wallet and the Dash Core-Team as there is talk about implementing certain aspects of Dash Evolution.
Also i wonder if this hardware wallet will be opensource ?
 

Hello demo,

To the best of my knowledge, there is no way to "formally verify" a hardware design (i.e., schematic, layout/Gerber) as we have presented it here. Formal verification is something that you might apply on some abstraction layer to chip design (VHDL, Verilog). Hardware vendors use this to formally prove that their CPU chip design behaves "correctly" (i.e., according to the instruction set they defined). But even then, it's still a model that doesn't take into account some aspects of the real world, hence all the silicon errata we're dealing with every day.

So, we're obviously going with an industry standard SoC (NXP KW41Z) that might have some formal verification of its internal gate design. But this doesn't formally guarantee the Dash Hardware Wallet features in any sense.

As for the software (firmware), I think a system like this (including a lightweight real-time operating system, Bluetooth stack) is far too complex to be completely formally verified.

Greetings,
Roland
 
Let me start by saying i think this is a great idea, a Dash specific hardware wallet is exactly what we need.

I would like to see some form of testing of this hardware wallet by someone of the Dash Core-Team and i would also like to know how much collaboration/partnership there is between
the developer of this hardware wallet and the Dash Core-Team as there is talk about implementing certain aspects of Dash Evolution.
Also i wonder if this hardware wallet will be opensource ?

For details on the status of the prototype, the planned features and also the open source plans, please have a look at the detailed proposal here:

https://www.haenel.me/files/dash-wallet/proposal-the-dash-hardware-wallet.pdf

In essence: the prototype that we have built is "just a piece of hardware" right now that was tested to fulfil all the basic functions such a hardware needs to to (i.e., run the display, read the keypad, run the operating system, run the radio communication stack (Bluetooth)). The firmware hasn't been done by now, that is (among many other things) the development effort we propose for Phase 1.

As for open source, the short answer is: yes we will make this open source, but only after the project is finished, to ensure that the Dash community gets a "head start" here. We wouldn't release open source on a day-to-day basis to enable others to copy the work on a day-to-day basis. The approach is similar to the Dash core software itself.

Greetings,
Roland
 
Hello demo,

To the best of my knowledge, there is no way to "formally verify" a hardware design (i.e., schematic, layout/Gerber) as we have presented it here. Formal verification is something that you might apply on some abstraction layer to chip design (VHDL, Verilog). Hardware vendors use this to formally prove that their CPU chip design behaves "correctly" (i.e., according to the instruction set they defined). But even then, it's still a model that doesn't take into account some aspects of the real world, hence all the silicon errata we're dealing with every day.

So, we're obviously going with an industry standard SoC (NXP KW41Z) that might have some formal verification of its internal gate design. But this doesn't formally guarantee the Dash Hardware Wallet features in any sense.

As for the software (firmware), I think a system like this (including a lightweight real-time operating system, Bluetooth stack) is far too complex to be completely formally verified.

Greetings,
Roland

As far as I know, there is some hardware that it is formally verified. For example this. Furthermore there are some languages that facilitate formal verification (for example the ML family languages) and some people are trying to formally verify firmware.

Anyway, I just asked, and your answer is obviously "No" to my question. Thanks for your answer. I know that what I have asked is not an easy thing, and I appreciate the straight answer you gave me.
 
Last edited:
as said before
i think this is a bad idea
why reinvent the wheel when 2-3 working / verified solutions are out there ?
TREZOR is a 100% solid - so are keepass and ledger (depending on taste and style).
well maintained , trusted and verified by communities across the crypto space !

to invest time and money into a new solution ... because why ?
to have Dash sticker on it ? any available HW wallet can be “Dashified” or changed in appearance (if people are really worried about being stopped by a boarder guard with their Trezor in pocket)

“verified by core team “
there it comes , the responsibility for this obviously from a safety side lies with core , they have more than enough other things to do than verify a new HW ! ask the (tech pros) if we really need one - and they will tell u as everybody else that they are happy with their HW x y z and have no interest in verifying something new when solid solutions already exhist !

sorry to be the party pooper but i really do not understand the need for this !
 
Hey Roland!

I really like this idea and I like the changes you have made since your previous proposal.

My main concern with this project is one of practicality, I worry people won't want to carry around what amounts to a second phone. Have you done any research into a slimmer prototype that would fit more easily in a pocket?
 
TREZOR is a 100% solid - so are keepass and ledger (depending on taste and style).
Are TREZOR, keepass or ledger formally verified?

To the best of my knowledge no part of Trezor has been formally verified.

A solution (like BitKey) which you don't need to trust is inherently more secure than a system that you do need to trust (like Trezor). If you don't trust me as an authority in this matter, read what Satoshi Nakamoto has to say about this: Trusted third parties are security holes.

To use Trezor I have to trust it on many levels. Opening up the code and hardware on your end doesn't prevent me from ending up using an evil version of Trezor that steals my Bitcoin.

I think that's more likely to happen because Trezor by its nature is an enciting attack target and hence a central point of failure. I need to trust Trezor developers. I need to trust your production line. I need to trust every single entity on the shipping route incuding your fulfillment company, the mail carrier, my mail man.
 
Last edited:
Are TREZOR, keepass or ledger formally verified?

To the best of my knowledge no part of Trezor has been formally verified.

A solution (like BitKey) which you don't need to trust is inherently more secure than a system that you do need to trust (like Trezor). If you don't trust me as an authority in this matter, read what Satoshi Nakamoto has to say about this: Trusted third parties are security holes.

To use Trezor I have to trust it on many levels. Opening up the code and hardware on your end doesn't prevent me from ending up using an evil version of Trezor that steals my Bitcoin.

I think that's more likely to happen because Trezor by its nature is an enciting attack target and hence a central point of failure. I need to trust Trezor developers. I need to trust your production line. I need to trust every single entity on the shipping route incuding your fulfillment company, the mail carrier, my mail man.

well ok
but i prefer to trust a known company with thousands of HW device out there
than a brand new single developer with an idea for a devise
TREZOR has proven itself over many years - why start from scratch ?
 
well ok
but i prefer to trust a known company with thousands of HW device out there
than a brand new single developer with an idea for a devise
TREZOR has proven itself over many years - why start from scratch ?

Thats why I asked our friend @roland to formally verify his device.
This is something that even TREZOR cannot achieve yet!
And as long as there is no hardware wallet that is formally verified, I prefer bitkey solution.
 
Last edited:
Thats why I asked our friend @roland to formally verify his device.
This is something that even TREZOR cannot achieve yet!
And as long as there is no hardware wallet that is formally verified, I prefer bitkey solution.

look look i gave u my 1st
GdZatMV.png

;)
 
I wish you success with this product, but I don't support funding this from the Dash network. In short, I think whatever the convenient features you develop are, the big name companies are probably going to be able to do it even better.
 
as said before
i think this is a bad idea
why reinvent the wheel when 2-3 working / verified solutions are out there ?
TREZOR is a 100% solid - so are keepass and ledger (depending on taste and style).
well maintained , trusted and verified by communities across the crypto space !

to invest time and money into a new solution ... because why ?
to have Dash sticker on it ? any available HW wallet can be “Dashified” or changed in appearance (if people are really worried about being stopped by a boarder guard with their Trezor in pocket)

sorry to be the party pooper but i really do not understand the need for this !

tungfa, thanks for your valuable input during the pre-proposal phase. Because of that, I created the "why do we need another hardware wallet? there are products ont the market already!" section in the proposal. Probably I can't change your mind, which is OK for me.

Yes you are perfectly right, you can put a sticker telling "Blue Energy" on your gasoline car. So why invest time and money into building an elecric car? Which will in effect only move us from A to B, right? Gasoline cars are 100% solid, well maintained, trusted and verified by millions of customers. No need for some silicon valley company to try to disrupt that space, right?

OK, back to being serious. These are the key points that none of the current solutions have:

* compatible with smartphone and tablet use cases, due to the use of Bluetooth LE
* support for the unique Dash features (PrivateSend, InstantSend, new Evolution features).
* branded for Dash in the first place, marketed with and for Dash in the first place
* designed for a retail price point of less than $50

“verified by core team “
there it comes , the responsibility for this obviously from a safety side lies with core , they have more than enough other things to do than verify a new HW ! ask the (tech pros) if we really need one - and they will tell u as everybody else that they are happy with their HW x y z and have no interest in verifying something new when solid solutions already exhist !

I don't know exactly why you put the quotation marks there. I certainly didn't claim this is "verified by the core team". Because I agree with you, the core team can't be held responsible for all development activities done by "third parties" like us. But is that a reason not do to any third party developments?

I tried my very best to explain why we think this is a sound design, why we think we're able to handle this. How we're going to make this open source to invite everyone to have a look. If the core team approaches us and wants to have a look, we'll support them to our very best. But we cannot guarantee this happens, nor have we claimed it will.
 
Thats why I asked our friend @roland to formally verify his device.
This is something that even TREZOR cannot achieve yet!
And as long as there is no hardware wallet that is formally verified, I prefer bitkey solution.

I get the point. However I have to disappoint you - I still think it is impossible to formally verify a whole system like a hardware wallet. That's the reason why Trezor doesn't have it, Keepkey doesn't have it, and we also won't have it. Take a look at the paper you sent me, they claim it's a big deal to formally verify the gate design of an AES-128 encryption. From a complexity standpoint, that's probably much less than 0.1% of a whole system we're talking about here.

I think you can't compare a formally designed hardware and the bitkey solution. Bitkey is also not formally verified (and will never be able, because it is a Debian system, which is again way more complex than every hardware wallet). Don't get me wrong, bitkey is a nice system. But if accidently insert a USB stick will malware in your bitkey system, you're screwed immediately.
 
Good job!
But if your wallet can be thin like this one will be better.
https://www.coolbitx.com/

Yep, I know the coolwallet, and I know people like it for being thin.

I don't like to say negative things about other products, and you won't hear anything bad about Trezor, Keepkey and the like because I really think they're good products.

However with coolwallet, this is a seriously flawed design. They offer security options which completely defy the purpose of a hardware wallet: as a user, you need to check the amount and destination address of an outgoing transaction on the wallet. With a screen as tiny as they have, that's not really practical (for the destination address), so they pretty much left this option out by default.

Our goal was to have a clear, reasonably sized screen. As for batteries, we have chosen batteries that are available everywhere (AAA), and we aim for a runtime of 1-2 years. Yes you can make that thing very thin with a LiPo cell, but then you'll have to recharge every week. We think that's not practical.
 
Hey Roland!

I really like this idea and I like the changes you have made since your previous proposal.

My main concern with this project is one of practicality, I worry people won't want to carry around what amounts to a second phone. Have you done any research into a slimmer prototype that would fit more easily in a pocket?

Yes we have done some research on this one. Probably you could make it slimmer by using different batteries, make other trade-offs in the go (less battery lifetime, frequent re-charging), ... But it'd still amount to "size of a second phone". Solutions that are credit card sized won't have the features which we think are essential to a hardware wallet (compare Coolwallet, looks nice bit is a fail).
 
I wish you success with this product, but I don't support funding this from the Dash network. In short, I think whatever the convenient features you develop are, the big name companies are probably going to be able to do it even better.

TroyDASH, thanks for your open words.

I'd be somewhat disappointed if this is the majority opinion. Today, Dash is #6 in market cap. Don't we have the ambition to get to #1? Just waiting for the "big name companies" won't do the job. If big name companies will join this space, guess what crypto currency the first solutions will be aimed at? Not at Dash in the first day, that's for sure. But the Dash treasury gives us the opportunity to do these things even in a stage were it might not be economically viable to do it without any external funding.

If we succeed with this proposal and create a great product, even if a "big name company" later joins in, does everything better and launches a competitor product, I'd personally consider this project a win for Dash.
 
To be honest I don't really like the outlook of your HW wallet. And HW wallet for most people is used to secure their crypto. If people want to spend their crypto. They will put some money in mobile wallet. And keep the rest in a safe place. So I don't think your idea of smart phone friendly HW wallet will work........ No offence


使用Tapatalk 發送
 
Back
Top