The Satoshi 9000 demo: https://youtu.be/bJiOia5PoGE
The key value proposition of the machine is that it generates analog randomness in the physical world and converts it into digital (1’s and 0’s) randomness. Seamlessly.
But it occurs to me that it may have other uses beyond crypto keys for your own use, such as: * Randomized clinical trials. Clinical trials need a high degree of transparency for ethical reasons; also, for legal reasons should it come to light after the trial has ended that patient selection and treatment selection was not random or in some way biased (say, by the researchers themselves). The machine described herein can provide that transparency to young and old patients, technical and non- technical. * Non-technical management. Many network engineers in need of security keys have bosses that are non-technical. Such managers might prefer security keys (and their generation) which are easier for them to understand. * Estate planning. Suppose members of a family were to inherit digital assets (such as Bitcoin, for example). Not all members of the family are technical and understand Bitcoin. However, each will still need to generate a secure Bitcoin key to receive their share of the inheritance. The machine described herein might help in that task because its source of randomness is more easily understood by laypeople and each can generate their own private key in private (in isolation with the machine). * Anywhere where the users have to have an intuitive understanding of how the randomness is being created; whether they are 5 years old, or 95 years old, and all ages in between.
I'm curious to know if any of the folks over at HN can think of other use cases?
Would probably need a large engine to power it as well, with careful control because the resisting force would vary along the machine cycles (this could be used as a side channel attack vector to figure out internal state from resisting force).
The control box was a convenience and made the process fully programmable by the user. Which makes the machine far more flexible and useful.
I call it analog randomness because that's what I expect from the real world. For thousands of years, humans have used coins and dice to generate uncertain outcomes. And the fact that they typically generate only one of N outcomes (N=2 for coins, N=6 for common dice) is why humans use them. It is also why the Satoshi9000 uses them, and because its a kind of randomness that humans have an intuitive recognition of.
Now I'm thinking of a random number generator that uses a mechanical calculator printer (but I don't think there are any hex-capable ones easily available) or a typewriter to write password suggestions. The mechanical part would be tricky, because the hammers require some force to be actuated (and I would find it criminal to destroy a vintage typewriter for that).
This generalizes to a die of N sides. Roll it N times. If you don't get all N distinct results, restart. If you do, then take the first result as your final outcome.
(That may take a lot of trials for large N. It can be broken down by prime factorization, like roll 2-sided and 3-sided objects separately, and combine them for a d6 result.)
* https://youtu.be/bJiOia5PoGE?si=IEhbNJk0C0-7_2Nj&t=229
* https://youtu.be/bJiOia5PoGE?si=3Se3lYFVAAkElx0w&t=245
Care to elaborate? Or link?
I mean, everything that is, is just displaced temporarily homogeneous complexity, allowable between the fluctuations of gradients of temperature, allowing the illusion of work to appear more than just energy dissipating into the either of expanding space-time, dragged by the irreconcilability idea of "gravity".
But that doesn't help bake an Apple pie from scratch, as Carl Sagan would put it.
If you have a way to generate 256 bit, you have a way to generate a Bitcoin (or Ethereum or whatever) wallet.
Some people trust their hardware wallet to generate a random 256 bit / 24 words (each word is 11 bit as the dictionary contains 2048 words: 24 words is 264 bits, 256 bit + 8 bit of checksum).
But others do it manually, in an analog way.
One way to do it to throw a 16-sided dice repeatedly: that's a good source of entropy. That's entirely analog.
BIP-39 has a checksum (4 bit for 128 bit keys and 8 bit for 256 bit keys), so you'll need some code to either find or verify the checksum. To do that people are typically going to use a fully offline/airgapped computer: for example an old desktop, without any Wifi capability, booted without any harddisk, from a Linux Live CD (I know, I know: you'll read their key from the electrical activity by tapping the electrical circuit outside their house or by firing a laser at their window, so it's not "fully airgapped": bla bla bla).
From that single 256 bit number you can derive wallets for all the coins you want.
Once people have generated their key by throwing dice, they'll typically store their key behind a HSM, on a hardware wallet. And the private key never leaves the hardware wallet (but can be used to sign transactions). And a "paper" copy of the key typically also lives in the analog world (and listen to Gandalf: "keep it safe", "keep it secure").
The video is definitely cool but creating a key in the real (non digital) world is something quite common.
I would take 256 quarters (sometimes fewer and accept that some might be tossed more than once) and toss them to get ones and zeroes. Tedious, and somewhat error prone (see below). Then do the calculations by hand, also somewhat tedious and error prone.
There is plenty of research that demonstrates that humans are poor at tossing coins in an unbiased way. People cheat (especially if money hangs on the outcome) and people are also lazy, so that the first toss is vigorous and diligent, and so the coin tumbles end-over-end many times before coming to rest for a result (heads or tails), but after several hundred tosses, the vigor and diligence are gone and the coin barely leaves their hand.
Part of my motivation in building the Satoshi9000 was to automate this manual process and at the same time take out human bias. Which is to say, automate away the human part and automate the math of key generation. But at the same time, make it secure by having the machine air-gapped (that is, no connection to the outside world beyond a power cord) with the ability to walk-away with anything that might leave a clue as to how, why and when the machine was last used; what I refer to as "walk-away randomness" in the video. After removing the coins, SD cards (OS and user programs) and printout, what is left is little more than a motor and some wires. An adversary looking to recover your keys would have no clue as to whether the machine had ever been used, yet alone what for. Maybe it was simply used to generate a quick-pick for tomorrow's drawing of Powerball. You would have now way of knowing.
(As an aside, you could even walk away with the remaining paper roll from the printer, so an adversary would not even know how much had been printed! Also, the printer uses no ink and has no buffer/memory, which was a deliberate choice in the design.)
I didn't think it wise for a public demo video to show everyone the private key!
Just like every aspect of the operation of the Satoshi9000, printer output is fully under the control of the user program. I simply put a "PAUSE(hit run to continue)" command between printing the key-pair properly, and printing the key-pair with the private key hashed out (the one visible in the demo video). The "PAUSE(hit run to continue)" appears in the "Log File/Debug" window while the program is paused.
The bit rate of the machine is around 4-bits per minute (time length of tossing/shaking is wholly under the control of the user - can be longer per shake), so for a 256 bit key it takes around an hour. But remember, Bitcoin keys are forever (or the remaining lifetime of the Universe, whichever is shorter), so taking an hour to generate it is short in comparison to its useful lifetime.
I hope that helps.
“You can pop a lot of trouble in the pop o matic bubble”
And, as you point out, given it generates randomness by tossing physical objects, it is naturally a low bit-rate machine.
[0] http://gamesbyemail.com/news/diceomatic
[1] https://www.youtube.com/watch?v=7n8LNxGbZbs
The reason is simple. Humans are terrible sources of randomness. Especially true if money hangs on the outcome!
There are two principal components for bias of a coin or die toss/roll: 1) the coin or die itself (manufacturing defects, etc.), which if it exists is typically minuscule, and 2) the act of tossing or rolling by a human (a twist of the wrist, or a flick of the fingers), whose bias is enormous and which, as I say, is particularly pronounced if money hangs on the outcome.
The Satoshi9000 solves problem 2, the human element, by removing the human from the process altogether. Other than to press the "run" button.