Steem Airgap Hardware Wallet (@Utopian-IO)
- Raspberry Pi ($35) or other offline computer.
- Smartphone with camera
- Display device (monitor)
- Airgap data transfer via QR codes.
When you are your own bank, security is of the utmost importance. Using the magic of decentralization, we can create open source solutions that not only give every user the power of being their own bank, but also better security than one. I've been thinking about this idea for a few months now, and I think I've finally flushed it out.
Steem is in an extremely unique position to situate itself as the most secure cryptocurrency in the world by a wide margin. The technology that makes this possible are its multiple layers of cryptographic permissions.
If the majority of value is staked or temporarily locked on a given account, only the master key needs the upmost security while the rest can be exposed to the Internet with relatively little worry. The problem is as soon as the master key is created or changed it has been exposed to the internet and could theoretically be immediately compromised.
By never exposing the master key to the Internet, we can maintain a level of security unmatched by every other product in the world.
Versus Hardware Wallets
Hardware wallets are not secure compared to an airgapped machine that never touches the Internet in any way. These wallets must connect to potentially compromised machines using USB.
In addition, hardware wallet users are forced to trust the vendor they buy from. Technically, anyone who had access to the hardware wallet before the end-user receives it could hack the wallet and steal all funds deposited thereafter.
By encrypting the Steem master key on a Raspberry Pi, stake holders can be 100% positive that no one else has ever had access to the software installed within, and said device will never have internet access or be connected to a machine with internet access.
We need a technology that turns valid public signed Steem transactions into QR codes.
By developing the feature that allows one to turn a legitimate signed operation into a QR code, users will be able to utilize their smartphone to scan said code to create the airgap, thereby ensuring that the hardware wallet (Raspberry Pi or other offline device) never has an Internet connection.
I repeat, we can use our smartphone cameras to conveniently give our encrypted private keys unidirectional access to the Internet, allowing them to attain 100% guaranteed network security at all times.
QR codes can contain an astonishing amount of information. It would be quite easy to store 2KB (2048 characters) on a single code, and if the desired transaction was bigger than that, multiple QR scans could be chained together to create the full operation. Considering the maximum size of a Steem block is 65KB this should not be an issue. From there the smartphone would easily be able to broadcast the transaction to the network, or be exported to text form and executed on another machine or cloud service.
I want to change my keys. I run an app on the Raspberry Pi that uses my current master key to sign the operation. That operation is converted into a QR code and scanned by an app on my phone. My phone then broadcasts the transaction to the network. My new private keys have now never been exposed to any network in any possible way. Airgap achieved.
This series of events could be used to broadcast any transaction on Steem, even blog posts. If someone wanted to airgap their posting key (however overkill that would be) they could do it.
Benefits Over Competition
Hardware wallets are expensive ($50-$100). There is a lot of overhead surrounding these devices and their demand is high because the financial stakes are paramount. The companies creating them need to pay for this overhead and capitalize on this niche demand in the form of severe markup.
In addition to being expensive, hardware wallets only do one thing: store crypto. A Raspberry Pi is a full fledged computer that can run a fully functioning operating system and a suite of other applications for a cheaper price.
This functionality is not desirable when connecting to the Internet to make a transaction. Thus, traditional hardware wallets thrive on being as closed off and minimalist as possible. However, if the device is airgapped and never becomes exposed to the Internet in any way, it doesn't matter how hackable the underlying device is. Needless to say, the Linux distribution Raspbian is much more secure than mainstream operating systems, even if it doesn't necessarily need to be.
Selling points and middle men.
Obviously not everyone will be tech savvy enough to get these devices working as intended. This gives an opportunity for more diehard Steemians to setup these devices and sell them at a reasonable markup. This could be the beginning of a decentralized free market economy.
Because the device is a computer and not a quarantined piece of hardware, updates would be much easier to install, and if the project was a success for Steem, it could branch out and start providing the same service for other blockchains. This would allow functionality to be added indefinitely without having to buy a new device.
Vendors selling this hardware could also sweeten the deal with other features. At one point I wanted to sell Raspberry Pi computers that contained an emulator with every single NES and SNES game in existence. This is clearly illegal pirating in most locales, but it would very hard to crack down on in a decentralized marketplace where anyone can follow a simple tutorial to get the software installed.
The Raspberry Pi is an open source product that targets education of open source products. It makes perfect sense that they would be used to secure cryptocurrency.
The Raspberry Pi is a series of small single-board computers developed in the United Kingdom by the Raspberry Pi Foundation to promote teaching of basic computer science in schools and in developing countries.
Obviously this product is one of very few where wireless Internet access is actually a detriment. However, it's pretty easy to turn the wifi off programmatically, and there are several models that don't have wifi capabilities at all:
This might be my best idea for Steem ever. It's cheaper and more secure than current solutions on the market, it promotes open source innovation/education, and it helps bootstrap a decentralized free-market economy. To top it all off, the amount of effort it would take to create the app that makes it all work would be relatively trivial.
Crypto security is absolutely terrifying for new users. If we can create systems that give peace of mind to stake holders, a lot more people will be willing to invest value in our platform. Steem absolutely can lead the pack and provide the absolute best security the cryptosphere has to offer, and I believe we can accomplish this goal with relatively little effort, while still staying true to the tenants of decentralization.