Jump to content


Bitcoin Storage: Understanding Trust Relationships


  • Please log in to reply
16 replies to this topic

#1 Brian Goss

Brian Goss

    Member

  • Lifetime
  • Pip
  • 1,266 posts
  • LocationRochester, MN

Posted 03 March 2014 - 08:35 PM

Work in progress! I want to get this part out of the way while I have time at a computer...feel free to ignore this for now!

Forgive the horrible title.  I'll add this to trello and put the text somewhere on google docs. I haven't finished the actual document either!

Document will be here (currently just an Apple Pages document; soon a PDF, I promise!):
https://www.dropbox....20mq/XP0XARbNUN

#2 Mike Hayes

Mike Hayes

    Zardoz

  • Former Member
  • Pip
  • 779 posts

Posted 04 March 2014 - 05:24 AM

View PostBrian Goss, on 03 March 2014 - 08:35 PM, said:

Work in progress! I want to get this part out of the way while I have time at a computer...feel free to ignore this for now!

Forgive the horrible title.  I'll add this to trello and put the text somewhere on google docs. I haven't finished the actual document either!

Document will be here (currently just an Apple Pages document; soon a PDF, I promise!):
https://www.dropbox....8kum/LosOosVVyz

I also started writing something on this, maybe we could combine them.  You are right "Trustless" , that dog ain't gonna hunt as a catchy buzzword.  We actually do lack some language and may have to invent it.

AntiTrust?

I am of the opinion it also is not adequately descriptive of the problem, since I may operate in trustless mode, yet still lose bitcoins due to sloppy methodology, errors, observers, or moles.  The actual correct term hinges on the concept of "private", "really private", "top secret private", "Mega Ultra Secret private", etc as was used by spooks.  But ALL of those levels of security are levels of trusted relationships, so when we say "trustless" we go beyond all of them...

As far as in spook talk, "Need to know" is restricted to few individuals typically.  With bitcoin, "need to know" is restricted to one individual only.  And "know" is extended beyond humans, to what is on camera images, electronic storage on computers, etc.

For example my quickbooks files, most people think of such as needing fairly high security.  Five people can access them, two in my office and three accountants.  They are actually in twenty some locations and are protected by a rudimentary password of eight characters in length, that is breakable in a few months pretty easily.  (Actually I've never cared that much about security for these stupid files.)

Simplified, state the Quickbooks security level as ...

Number of viewers / places it might be / difficulty of password

5/20/8

Ideally, what is the bitcoin wallet private key comparable?

1/1/12

What is a Coinbase/account?  (I'll use a ? to mean unknown, ?x to mean unknowable, ?y to mean unknowable but discoverable)

?x/?x/?x

What is a Blockchain.info wallet/account, assuming what they say is true?

1/1/?

But we "trusted what they said to be true, lol..." so without some verification what is it?

?y/?y/?

What is a bitaddress.org paper wallet, printed on a networked printer from a Windows 8 system?

?x/?x/?

The general idea here is to teach the user the relevant parameters of security, then encourage him to apply them in a simple method to his own proposed usage mode.  "Trustless", therefore, would seem to be similar to my use of a "1" in the above notation.


Is this direction of any use?  It does implicitly handle the problem of the mole thief.  It is numeric, so it does not require moral judgements such as phrases "trust", and can be easily encoded in javascript.

#3 Brian Goss

Brian Goss

    Member

  • Lifetime
  • Pip
  • 1,266 posts
  • LocationRochester, MN

Posted 04 March 2014 - 12:27 PM

I like this idea of enumerating states of trust.  There's always the lingering problem of "design trust" vs. all the other trust issues that having nothing to do with design; for example, I may loose all my "trustless web wallet" holdings not because the web site operator can access my keys, but because the key logger installed by the malware on my computer did...

#4 Brian Goss

Brian Goss

    Member

  • Lifetime
  • Pip
  • 1,266 posts
  • LocationRochester, MN

Posted 04 March 2014 - 07:28 PM

Mike...I finished a full rough draft (should auto update above).  It needs much work, especially regarding terminology.  I tried to write it at a level appropriate to generally adept computer users without assuming too much knowledge.  I do not think we should be targeting the masses with this one -- there's really no such thing as safe when it comes to a general purpose computer!

#5 Mike Hayes

Mike Hayes

    Zardoz

  • Former Member
  • Pip
  • 779 posts

Posted 04 March 2014 - 08:27 PM

View PostBrian Goss, on 04 March 2014 - 12:27 PM, said:

I like this idea of enumerating states of trust.  There's always the lingering problem of "design trust" vs. all the other trust issues that having nothing to do with design; for example, I may loose all my "trustless web wallet" holdings not because the web site operator can access my keys, but because the key logger installed by the malware on my computer did...

Yes, that can also be handled with this methodology. We could add two more parameters to the above formula representing:

D) Is the hardware secure?

? = unknown   ?x = unknowable   ?y = unknown but discoverable

Taking some random examples.

Scott is using his employer's computer to run his bitcoin wallet.  He is not allowed to run things such as malware detection or virus checks, and does not know if there may be a hardware or software key logger installed.  Further he does not know to what extent the employer logs all network activity.

Obviously this is ?x.

E) Is the environment secure?

Here the question concerns people walking by, observation or security or hidden cameras, as well as the common issue of trusting a public network, such as that in an airport terminal or a Starbucks.  Cameras are increasing a problem now that 1080p is cheap.  For a 35 degree field of view at 10 feet distance this resolves to 1/16" per pixel, more than enough to record finger movements on keyboard and possibly able to read a square bar code.  Certainly at 5' distance, such a camera could read a square bar code of 1-2" in size.

So the question is "Can we know if the environment is secure?".  The worst case is a public location either commercial or in a business, where with many people going by it may be presumed changeable.  Although we swept it for cameras, bugs whatever last week there could be new ones placed.  Therefore, unless the sweep was just performed, one would not know.  Of course, for rooms and places that are private or seldom used or occupied, the answer is much easier - secure.  This general issue exists not just for computer usages but also for handling paper wallets with exposed private keys.

?y

In summary, a simple question mark was redefined into three versions, representing unknown, unknowable, and unknown but knowable with investigation, using the symbols ?, ?x, and ?y.  These were then applied to different parameters or dimensionalities of the problem of trusted versus trustless for the problem of bitcoin wallet security.  It was thought that this approach might make the somewhat esoteric aspects of this problem more understandable for the lay person.

#6 Mike Hayes

Mike Hayes

    Zardoz

  • Former Member
  • Pip
  • 779 posts

Posted 04 March 2014 - 08:28 PM

View PostBrian Goss, on 04 March 2014 - 07:28 PM, said:

Mike...I finished a full rough draft (should auto update above).  It needs much work, especially regarding terminology.  I tried to write it at a level appropriate to generally adept computer users without assuming too much knowledge.  I do not think we should be targeting the masses with this one -- there's really no such thing as safe when it comes to a general purpose computer!
Will check it out!  (and now officially switching OFF mad crazed professor rambling mode, lol...)

#7 Brian Goss

Brian Goss

    Member

  • Lifetime
  • Pip
  • 1,266 posts
  • LocationRochester, MN

Posted 08 March 2014 - 03:56 PM

I got the chance to seek advice from one of the guys at blockchain.info in Austin on Thursday (whose name I really should know better--I stink at names). Since the goal is not to make this document for the uninitiated (bitcoin isn't ready yet for the very nontechnical), we should drop the concept of "trustless" (which is incomplete at best and misleading at worst) and replace with "client side encrypted" instead. Perhaps the abbreviation CSE will catch on like HD (heirarchical deterministic)...I still favor leaning HD out as it's HD-ness doesn't having anything to so with who you trust.

#8 Mike Hayes

Mike Hayes

    Zardoz

  • Former Member
  • Pip
  • 779 posts

Posted 08 March 2014 - 05:18 PM

View PostBrian Goss, on 08 March 2014 - 03:56 PM, said:

I got the chance to seek advice from one of the guys at blockchain.info in Austin on Thursday (whose name I really should know better--I stink at names). Since the goal is not to make this document for the uninitiated (bitcoin isn't ready yet for the very nontechnical), we should drop the concept of "trustless" (which is incomplete at best and misleading at worst) and replace with "client side encrypted" instead. Perhaps the abbreviation CSE will catch on like HD (heirarchical deterministic)...I still favor leaning HD out as it's HD-ness doesn't having anything to so with who you trust.

There's an old adage that every formula of math in a book drops it's readership by one order of magnitude, we are enough orders of magnitude down that tunnel that instead of the target group being described as "uninitiated  or sophisticated", it might be better described as crypto hobbyists.  Against this one might argue that the younger generation all shall be that, but the situation currently might be similar to the 1980s, when computers became quite common, but it only women typed (yes a few of the original geek nerds, too).  Guys hadn't gone to typing class in high school.  Crypto ideas and talk is basically unintelligible to 99.9% of people, period.  But I would guess that in university math classes today and possibly even high school math, this is the level of social banter and common conversation.

I get it, what the blockchain.info guy was trying to describe as important, while promoting the features of his wallet.  BUT.....

...let's boil it down to fundamentals.

Web wallet X, Y, or Z = you don't own your bitcoins, you own a promise from wallet company (TRUST)

Wallet (web or otherwise) A, B, C = you do own your bitcoins, because you have your private key and they don't (TRUSTLESS)

Is that a valid summary?  This is an important distinction and should not be blurred, ignored or covered up with layers of tech chatter.  HD combined with TRUST is of course the worst possible scenario....any situation when a private key is handed to a user by an intermediary is essentially TRUST, but there is a vast difference between trust in that situation, and trust in an exchange operating using pooled funds and giving you a promise, not a key.
...

#9 Brian Goss

Brian Goss

    Member

  • Lifetime
  • Pip
  • 1,266 posts
  • LocationRochester, MN

Posted 08 March 2014 - 07:39 PM

Its a catch 22. Short, simple, concise = best for newcomers but easily misleading.

Long, complex, descriptive=acceptable only to techies who wouldn't be mislead anyways.

What I don't want to have happen is for neophytes to get robbed via malware and feel wronged because they were using "a Bitcoin Foundation approved trustless web wallet."

Blockchain.info is very different than old attempts at web wallets. That distinction is so important...but I didn't trust them for a long time because it wasn't clear to me exactly what the trust relationship was.

Blockchain.info (IMHO) is the only game in town worth mentioning for the mid level user who wants a portable hot wallet. Kryptokit is another but less portable option. Once they add a feature to sync to a cloud server in a similarly "trustless/CSE" manner, they'll fit into the same category.

#10 Mike Hayes

Mike Hayes

    Zardoz

  • Former Member
  • Pip
  • 779 posts

Posted 08 March 2014 - 08:41 PM

View PostBrian Goss, on 08 March 2014 - 07:39 PM, said:

Its a catch 22. Short, simple, concise = best for newcomers but easily misleading.

Long, complex, descriptive=acceptable only to techies who wouldn't be mislead anyways.

What I don't want to have happen is for neophytes to get robbed via malware and feel wronged because they were using "a Bitcoin Foundation approved trustless web wallet."

Blockchain.info is very different than old attempts at web wallets. That distinction is so important...but I didn't trust them for a long time because it wasn't clear to me exactly what the trust relationship was.

Blockchain.info (IMHO) is the only game in town worth mentioning for the mid level user who wants a portable hot wallet. Kryptokit is another but less portable option. Once they add a feature to sync to a cloud server in a similarly "trustless/CSE" manner, they'll fit into the same category.

I have issues with people losing something because of malware, but .....  it can also do in blockchain wallets.  Just think key loggers.

What I'm trying to get at is definitions.

Something like...

THIS WALLET - they got your money and bitcoins

THIS OTHER WALLET - you got your money and bitcoins

And this YET OTHER WALLET - we have really no clue who has what

Coinbase fits into the first category, but I love it for simple small transactions.

These statements can be made accurately and the marketing hype of the companies often does not.

For example, blockchain.info:

We are not a bank, you retain complete ownership of your Money. We cannot view your balance, see your transactions or make payments on your behalf.

Blockchain does not say:

We do not pool your bitcoins with others, and release them to you only when you spend or transfer them.  You have your own private keys, and you can check your balance in the blockchain itself.

But I'm fairly certain they do not pool bitcoins, customers would find the above statement true.  I just didn't see it on their website.

#11 Brian Goss

Brian Goss

    Member

  • Lifetime
  • Pip
  • 1,266 posts
  • LocationRochester, MN

Posted 08 March 2014 - 10:12 PM

Maybe moving to a three column format would work better…I hate reading paragraphs of dense text as it it now.  

Maybe something like(addendum: this pseudotable only works on a wide screen)

Only You have keys | You and they have your keys | Only they have your keys
-------------------|-----------------------------|-------------------------
wallet #1_________.|.__________wallet #2________.|.     exchange 1

Having well thought out headers for the table above would help (like client side encrypted for the first column)...

#12 Mike Hayes

Mike Hayes

    Zardoz

  • Former Member
  • Pip
  • 779 posts

Posted 08 March 2014 - 10:39 PM

View PostBrian Goss, on 08 March 2014 - 10:12 PM, said:

Maybe moving to a three column format would work better…I hate reading paragraphs of dense text as it it now.  

Maybe something like:

Only You have keys | You and they have your keys | Only they have your keys
-------------------|-----------------------------|-------------------------
wallet #1_________.|.__________wallet #2________.|. exchange 1

Having well thought out headers for the table above would help (like client side encrypted for the first column)...
Aw, come on this too technical.  We really, definitely need a WTF??? column.

Maybe not in those terms although they are precisely descriptive of the "unknown and unknowable" category.

Of course if some exchange was put in that category by BF then it might fix it's marketing claims or actual handling of customers' funds and we'd have done some good.  Further nobody reading our work would put their funds/trust into something in the WTF category.

Another important example of trust/trustless is the WHY one can trust downloading something - say the paper wallet software - from GITHUB but not from anywhere else.  That's not a completely true statement but I believe it is reasonable to say it that way.

There isn't really any need to cautiously tiptoe around these ideas, is there?  Note there could be some industry members who might like something to be said one way or another or just not said.  But they can voice an opinion, might be something we had not thought of.

#13 Brian Goss

Brian Goss

    Member

  • Lifetime
  • Pip
  • 1,266 posts
  • LocationRochester, MN

Posted 09 March 2014 - 02:21 AM

View PostMike Hayes, on 08 March 2014 - 10:39 PM, said:





Another important example of trust/trustless is the WHY one can trust downloading something - say the paper wallet software - from GITHUB but not from anywhere else.  That's not a completely true statement but I believe it is reasonable to say it that way.



Well, trusting any one site is not wise. The directions on page 2 (rather poorly) go over how to download and compute sha1 hashes on the code from two sites and compare.

If they match, either the code us legit or both sites were hacked.

#14 Mike Hayes

Mike Hayes

    Zardoz

  • Former Member
  • Pip
  • 779 posts

Posted 09 March 2014 - 04:57 AM

View PostBrian Goss, on 09 March 2014 - 02:21 AM, said:

Well, trusting any one site is not wise. The directions on page 2 (rather poorly) go over how to download and compute sha1 hashes on the code from two sites and compare.

If they match, either the code us legit or both sites were hacked.
Actually I was making an important point at a much lower level, such as that at which most end users are at.  They might just bring up a google search on "paper wallet generator" and download who knows what malware infested, non random and recorded private key that The Russian Mafia had in the package.  They never heard of Github and it would be the first time they were introduced to this sort of open source project and it's means of verification.

It's not, in my opinion, your writeup that is poor but the described method.  It is what it is.  There are other ways to compare sites/sections and see if they have changed.  Example, firefox/chrome plugin "update scanner".  This is not perfect, but it's an example.  I could write a simple script that checked a web page and issued an alert if a QR had changed from last time I checked, no need even for SHA, or the firefox plugin.

Yes the signature and verification is highly useful, too.  Broad area here, seems to range from "was the website hacked and how would we determine that" to "how does a reporter fixing to go live know that the QR code is right".  Pointing to and highlighting the importance of this issue is the first step, absolutely.

#15 Brian Goss

Brian Goss

    Member

  • Lifetime
  • Pip
  • 1,266 posts
  • LocationRochester, MN

Posted 09 March 2014 - 05:07 AM

I agree that in practice many people will google "paper wallet" and use the first search result. I see that as out of scope for the instruction sheet. I see no point in an instruction sheet that doesn't mention the most basic verification possible.

I'm gonna let it brew in my head for a week or two...I'm not happy with it on several levels.

Maybe color codes for trust categories...with red being the WTF category...

#16 Mike Hayes

Mike Hayes

    Zardoz

  • Former Member
  • Pip
  • 779 posts

Posted 09 March 2014 - 05:19 PM

View PostBrian Goss, on 09 March 2014 - 05:07 AM, said:

I agree that in practice many people will google "paper wallet" and use the first search result. I see that as out of scope for the instruction sheet. I see no point in an instruction sheet that doesn't mention the most basic verification possible.

I'm gonna let it brew in my head for a week or two...I'm not happy with it on several levels.

Maybe color codes for trust categories...with red being the WTF category...
I have edited the document, will post it shortly to the trello account.  

Just occurred to me something else, with Mt Gox and possibly other web wallet/exchanges there is was no way to perform the signature and verification process....because you didn't own the private keys.  I assume this was true for both sending and receiving funds to a user.  Coinbase also has this characteristic.

#17 Brian Goss

Brian Goss

    Member

  • Lifetime
  • Pip
  • 1,266 posts
  • LocationRochester, MN

Posted 09 March 2014 - 07:15 PM

View PostMike Hayes, on 09 March 2014 - 05:19 PM, said:

I have edited the document, will post it shortly to the trello account.  

Just occurred to me something else, with Mt Gox and possibly other web wallet/exchanges there is was no way to perform the signature and verification process....because you didn't own the private keys.  I assume this was true for both sending and receiving funds to a user.  Coinbase also has this characteristic.

Are you mixing up documents? I have two pending initial draft...