Author: Thomas Voegtlin 2013-11-02 09:44:58
Published on: 2013-11-02T09:44:58+00:00
A new method has been developed to prove that the seed generated by Trezor is created using a combination of computer-provided entropy and device-provided entropy without leaking full private information to other computers. The method was developed in cooperation with Timo Hanke with the goal of making Trezor blackbox-testable and fully deterministic. Currently, seed generation is the only operation that uses any source of RNG. The process involves the user's computer picking a random number a and the Trezor picking a random number b. The Trezor then adds a and b in the secp256k1 group, creating a master private key k. The corresponding master public key K is sent to the computer, which can verify that K was derived from a without knowing b. This verification also allows the computer to confirm that any bitcoin address derived from K is derived from a without leaking b. However, it is noted that this property will only work with bip32 public derivations, as if a private derivation is used, knowledge of k would be required.
Updated on: 2023-06-07T18:26:04.749997+00:00