Protecting Android Bitcoin Wallet app with Trustonic TEE and hardware-based Secure Element

100 Bitcoin bounty has been announced by author.
0 has been already awarded by author.
100 remains available.

Why Trustonic? Because it has suddenly become a TEE market leader and it is pre-loaded on about 400 million of Android phones which is about 25% of Android mobile phones in use (estimated as of Mar 2015)

Many of the Android Bitcoin Wallet apps are based on BitcoinJ Java library by Mike Hearn. Lets use collective intelligence to BRAINSTORM how Trusted Execution Environment (TEE) from Trustonic could be used to protect Bitcoin Private Keys and other secrets like BitcoinJ seed bytes for the BIP32-compatible deterministic wallet.

I am announcing $100 Bitcoin bounty pool of "beer-money" (see the green banner above) to give it more visibility at BitExperts Home Page and encourage discussion. Everyone is welcome to share their knowledge and get some bounty coins!

1 Answer

2 tips with total amount of 0.98999995 mBTC($0.4 USD) have been sent by lampego, Anonimous

Design Decision 1

Bitcoin Private Key used to sign transactions need to exist somewhere in Plain Text (unencrypted) to be able to sign. So with respect to TEE we have 2 choices:

  1. Transaction signing happens inside TEE
  2. Transaction signing happens outside TEE in the main app

In BitcoinJ v0.12 (late 2014) there was a new interface introduced called TransactionSigner

Originally it was introduced to allow multisig wallets use case where one of the signatures would be placed by external service, and so TransactionSigner interface was introduced. Transaction signing is now pluggable. TransactionSigner implementations can be added to the wallet.

To make use of the signer, you need to add it into the wallet by calling Wallet.addTransactionSigner(TransactionSigner).

Can TransactionSigner inteface be used as a bridge to TEE? I think NO, but let's evaluate this approach and see

... to be continued ...

User rating:



Too many commands? Learning new syntax? is a free tool to save your favorite scripts and commands, then quickly find and copy-paste your commands with just few clicks.

Boost your productivity with!

Post Answer