“Method of entanglement” and protection in GONT

Today we are talking about the philosophy of “entanglement” of keys inside a specialized protected gVM in GONT and about methods of protecting crypto wallets.

Hello, friends! Today we are talking about methods of protecting crypto-currency wallets from hacking and, of course, about the philosophy of “entanglement”of keys inside a specialized protected gVM in GONT. Have a productive reading!

Philosophy of protection of crypto wallet

The greatest danger in capturing the device (scammers, bandits, etc.) from the point of view of hacking is Reverse Engineering (RE).

RE is the process by which a man-made object is deconstructed to reveal its designs, architecture, or to extract knowledge from the object. A method that allows to pull out secret keys by the analysis of binary code. By analogy with the cracking of serial numbers of programs.

Variations of this attack can be different. Including receiving the program legally and studying it, the user can try to crack copies of the program from other users.

In GONT, we will heavily rely on basic ideas for protecting programs from expert Kris Kaspersky, as well as offering our innovative methods.

Canonical methods of protection from Kris Kaspersky

Aim: cryptosystem must withstand any contact with the hacker: both physical (RE) and remote (network attack). At the same time, we believe that physical contact with a hacker is a normal situation, because we ourselves distribute all our software for storing crypto assets.

Philosophy of current wallets

Mobile Wallets

If we consider multy.io as an example, where keys are stored in the root mode of the phone, then we can say that this method of protection is very weak.

Hardware Wallets

The most important drawback of hardware wallets is that they easily break with current protection methods.

Paradigm of the core of the wallet

Starting from Kaspersky, the path of the hacker to the keystore should be as confusing as possible. Even if you use multiple layered encryption, you should still store the key of the highest level in the most secure place (so that it can not be removed with the help of RE).

This is especially true for the desktop version of the wallet, the most convenient for RE hacking techniques.

The paradigm of the super-protected wallet core is primarily based on the method of maximum “entanglement” of the path to the upper level of the keys. Relatively speaking, to the key that encrypts the store of the primary key.

For this we use a set of methods in GONT.

Introduction of the protection of the wallet from RE into approach

Vault of empiric noise (A tape with “empirical” noise).

Let’s consider a tape of blocks with random empirical noise. We will call this tape a GESS tape.

Inside the qualitatively generated noise, significant data is injected. The data are microblocks of the key, from which the whole key is then collected.

Significant data have special coordinates in the noise tape, which are also entered through a special pseudo-random table of coordinates. Thus, the key is hidden in a large array of noisy (insignificant) data.

Noise tapes for different users do not have correlations.

The “entanglement” function and the inverse function

Let’s enter the entangled state of the tape:
Scrambling state = SC_STATE

Key entanglement:

Key extraction procedure:
TAPE = F ^ -1 (SC_STATE) – reverse conversion function

Where F is a complicated confusing function.
F must be massive, with lots of operations and with non-obvious functionality for the attacker.

The paradigm of wallet states

State – STATE – an abstraction (similar to a Blockchain), with which the Secure core (an EVM virtual machine analog) operates.
STATE = the current state of the wallet in the serialized form.

Why do I need to enter STATE as a separate structure?

STATE is entered as a structure for encapsulating and storing all the wallet account data (in complete analogy with Ethereum).

STATE consists of a set of GESS tapes. For every important data that you need to “confuse”, you build your own GESS tape.

The main property of protection

A virtual machine with an “unknown” system of wide commands.

Goals for developing a wallet

  • The impossibility of hacking a wallet even in case of physical capture of the device by any organization (including special services).
  • Maximum use of tricks against the RE code of the wallet and various attacks.
  • A unified approach to the development of the code of the wallet core for the convenience of mapping to multiple devices. Implementation of a single secure core for all types of devices.
  • Creating a new security philosophy for storing crypto currency (which is the best purse in the world) for marketing.
  • Creation of a development model without transferring critical knowledge (for example, about a crypto-nucleus) between development teams of a single product. It is important for rapid parallel development.

    Options of software of the wallet (the most complete package)

  • Desktop
  • Mobile phone
  • HW version (like FPGA, its chips, foreign chips – ARM)

    A universal secured-Core (enhanced VM) will be used on all versions.

The model of reinforcement of protection against breaking

Virtualization with a hybrid “unknown” command system in secured-VM.

  • Protected Boot (in iBoot style from Apple).
  • Protected specialized OS based on RTOS.

    The VM container model with unknown commands for the attacker (this model can be generated for each user) with multiple “scrambling” and internal cryptography (inside the VM of the core).

We encapsulate all the main secret code inside the secured VM.

Introduction of a secure container code in a common wallet interface

Philosophy of the wallet

Functionally, the wallet can be divided into work with accounts / keys and into work with chains of blockchains. The maximum level of protection is required to work with accounts and keys.

The basic blocks for this are already implemented here:

libwally: https://github.com/Appscrunch/Multy-Core/tree/master/third-party/libwally-core/src

These blocks will be mapped to the VM via a dedicated Secured OS.


Thank you for attention! Good luck!

Leave a Reply