Why Trustonic? Because it has suddenly become a TEE market leader and it is pre-loaded on about 400 million of Android phones which is about 25% of Android mobile phones in use (estimated as of Mar 2015)
Many of the Android Bitcoin Wallet apps are based on BitcoinJ Java library by Mike Hearn. Lets use collective intelligence to BRAINSTORM how Trusted Execution Environment (TEE) from Trustonic could be used to protect Bitcoin Private Keys and other secrets like BitcoinJ seed bytes for the BIP32-compatible deterministic wallet.
I am announcing $100 Bitcoin bounty pool of "beer-money" (see the green banner above) to give it more visibility at BitExperts Home Page and encourage discussion. Everyone is welcome to share their knowledge and get some bounty coins!
Bitcoin Private Key used to sign transactions need to exist somewhere in Plain Text (unencrypted) to be able to sign. So with respect to TEE we have 2 choices:
Originally it was introduced to allow multisig wallets use case where one of the signatures would be placed by external service, and so
TransactionSigner interface was introduced. Transaction signing is now pluggable. TransactionSigner implementations can be added to the wallet.
To make use of the signer, you need to add it into the wallet by calling
TransactionSigner inteface be used as a bridge to TEE? I think NO, but let's evaluate this approach and see
... to be continued ...