Iris hardware wallet beats mnemonic phrases

19 replies 41 views
ryangweiMember
Posts: 16 · Reputation: 177
#1Jun 20, 2017, 10:06 PM
Ever since I got into crypto, I've tried out a bunch of wallets like MetaMask, Trezor, and Ledger. Sure, hardware wallets are generally safer, but man, they can be a real pain to deal with. Setting up a wallet means jotting down those mnemonic phrases and trying to keep them safe from getting lost or stolen. And don’t get me started on wallet recovery having to type in a ton of letters just to get your private key back? That's just way too old-school and clunky. So, my partner and I have put our skills to work (we're into biometric recognition) and came up with the EyeWallet iris hardware wallet. With the EyeWallet, you can kiss those annoying mnemonic phrases goodbye. Instead of the usual backup method with mnemonic phrases, EyeWallet doesn’t even store private keys, which means you can’t lose them at all. We're looking for partners who want to join us on this journey. With cutting-edge biometric tech, we’re aiming to create the most secure and user-friendly hardware wallet out there, offering top-notch asset protection for all crypto fans.
5 Reply Quote Share
pixel2014Hero Member
Posts: 857 · Reputation: 4132
#2Jun 21, 2017, 03:25 AM
Just like the passkey that some wallets are using now which will require biometry like fingerprint or face ID? This will only open door to thieves attacking crypto users. All what the thieves need to access victims coins even on exchanges is just the victim's face or finger. I prefer seed phrase.
6 Reply Quote Share
ryangweiMember
Posts: 16 · Reputation: 177
#3Jun 21, 2017, 06:30 AM
Thank you for your feedback; Yes, facial recognition and fingerprint recognition indeed carry significant risks, with many cases showing that they can be easily compromised. However, iris recognition is currently the highest level of security among biometric technologies, typically used in counter-terrorism and financial sectors. Compared to facial and fingerprint recognition, iris technology is virtually immune to attacks. Additionally, in existing hardware wallets, facial and fingerprint recognition merely replace PIN codes for login protection, while private keys are still stored on the device, which is very risky. In contrast, EyeWallet does not store private keys. Instead, it encrypts the private key using each individual's unique iris features, and the private key itself is immediately destroyed. Therefore, if it is not the user themselves, it is impossible for anyone to obtain the user's private key. For more information on security, you can visit our website.
6 Reply Quote Share
pixel2014Hero Member
Posts: 857 · Reputation: 4132
#4Jun 23, 2017, 07:36 AM
No one will trust you on this forum. If you need trust, go and market your product first so we can know how legit it is. According to my findings, no information yet about you except a video that I saw about you on YouTube that has only 5 views. Your website 'sign in' and 'get started' button, contact and every other thing are not working. I am surprised how the YouTube video creator was able to contact you.
4 Reply Quote Share
ryangweiMember
Posts: 16 · Reputation: 177
#5Jun 25, 2017, 02:05 PM
The videos on YouTube were uploaded by one of our team members, and two of them were just recently uploaded. Thank you for your reminder. I realized that these videos have not been shared yet, so I will directly share the links to the videos here. How to create a new wallet with EyeWallet https://www.youtube.com/watch?v=62DO9ad7Gnk How to conduct transactions using EyeWallet https://www.youtube.com/watch?v=-eIKaSDuH9w What is Eye Wallet? https://www.youtube.com/watch?v=qriNKAzSPbo&t=39s
6 Reply Quote Share
paul2017Senior Member
Posts: 218 · Reputation: 1426
#6Jun 27, 2017, 08:49 AM
I like the idea, but your description says that the device stores an encrypted "private key". Does the device store only a single private key, or is it BIP-32 with a seed or master private key?
3 Reply Quote Share
ryangweiMember
Posts: 16 · Reputation: 177
#7Jun 27, 2017, 01:14 PM
Yes, you are right. To be precise, we use iris features to encrypt the seed using an algorithm. When needed, we decode it using real-time collected iris features. The entire process does not store the seed or any private keys. Therefore, only the legitimate user can extract the seed and obtain the corresponding private key, eliminating the possibility of key leakage or loss. In this regard, EyeWallet is essentially a tool for extracting the private key accurately from the user's iris.You can find more information on our website and in our YouTube videos. https://eye-wallet.com/ How to create a new wallet with EyeWallet https://www.youtube.com/watch?v=62DO9ad7Gnk Ledger Stax VS. EyeWallet https://www.youtube.com/watch?v=UY-hW1a5qgU What is Eye Wallet? https://www.youtube.com/watch?v=qriNKAzSPbo
6 Reply Quote Share
hash_bossLegendary
Posts: 1166 · Reputation: 5261
#8Jun 27, 2017, 06:08 PM
Some thought and question. 1. Does Iris HW (hardware wallet) optionally provide other way to backup and restore? Iris may be damaged or it's color changed over time. 2. I don't think mnemonic words is that inconvenient. You can store it on safe or safe deposit storage, while recovering wallet is something you rarely do. 3. If someone require their Iris scanned (usually due to work or legal reason), then it's risky to use your HW. I watched this video, but 2 overlapping subtitle and partially cropped subtitle (when 2 line text is shown) is annoying. You probably want to fix that.
1 Reply Quote Share
LuckyCoinLegendary
Posts: 832 · Reputation: 4795
#9Jun 27, 2017, 07:12 PM
It is great that somebody has actually designed an eye-scanning hardware wallet. But I have a few suggestions for you: - This would be much more useful as a stand-alone module which you can plug into your computer or connect via Bluetooth than as a full hardware wallet. Instead of giving yourselves the burden of competing with all the other hardware wallets (and software wallets!), why don't you work with most of them to create an integration for the Iris eye scanning feature as an alternative to BIP39 seed phrases when first creating a wallet? You could call such a thing EyeScan or something like that. It would be much more useful if I could use iris scanning on Electrum or Trezor or Trust Wallet than if it's its own wallet. - You should write down how you make sure the same binary sequence is generated for each iris, without variation. That is a flaw with earlier attempts to make biometric seeds. By the way, it looks like you left the title of the HTML page written in Chinese or something.
2 Reply Quote Share
ryangweiMember
Posts: 16 · Reputation: 177
#10Jun 27, 2017, 09:04 PM
Thank you for your suggestion. We actually considered whether to equip the device with full capabilities or design it as a peripheral for computers or mobile phones. After comprehensive evaluation, if it only exists as an eye-scanning peripheral, the related encoding and decoding algorithms would need to run on computers or mobile phones, making it unavoidable for the seed and private key to appear on these devices, which are inevitably connected to the internet. This seems to violate the most basic principle of hardware wallets, which is that the private key should never be exposed to the internet. Therefore, we decided to design the device with full capabilities for collection, encryption, and decryption. As you mentioned, the characteristics of each person's eye will vary with each capture. This was the first problem we solved. We can ensure that each user's seed is accurately restored, and there will never be any misidentification between different users. This is the beauty of iris technology.
0 Reply Quote Share
ryangweiMember
Posts: 16 · Reputation: 177
#11Jun 28, 2017, 07:38 PM
Thank you for your suggestion. In fact, EyeWallet still supports the mnemonic backup function, depending on the user's preference. If users feel that relying solely on iris recognition to secure their wallet seed is risky, they can use the mnemonic viewing function. EyeWallet will extract the seed from the iris information and display the corresponding mnemonic to the user. We understand users' concerns about eye injuries threatening asset security. In addition to retaining the mnemonic recovery function, EyeWallet also supports registering multiple irises for the same wallet. Besides using their own left and right eyes, users can add the eyes of their spouse, children, or anyone they trust. This adds more flexibility to EyeWallet. Regarding the security of iris recognition, iris features are quite different from facial or fingerprint recognition and are difficult to steal without the user's knowledge. Even for industry professionals, obtaining consistent features from iris scans taken with different devices, in different environments, or from different angles is very challenging. This ensures that even if a stolen iris image is captured using professional equipment like Apple VR, it cannot be used to attack EyeWallet. More detailed information is available on our website, and we welcome further discussion.
0 Reply Quote Share
LuckyCoinLegendary
Posts: 832 · Reputation: 4795
#12Jun 28, 2017, 10:49 PM
Yes, what you wrote is true, but nowadays there exists a hardware component in most devices called the "Secure Element" <-- this is what iOS and Android call this part. It's an enclave that is separated from the rest of the memory and SoC where you can store secrets like private keys. In fact, that's what the Airgap Vault uses to store its wallet on mobile phones (I am not endorsing them or anything, I am just mentioning that.) For desktops it is understandably more complicated but Intel does have an equivalent called TPM but there is no easy API across operating systems that exposes it. I'm not sure what it's called under AMD but it would be very surprising if they did not have a secure chip. So at the very least it is feasible for mobile phones.
4 Reply Quote Share
fox100Senior Member
Posts: 165 · Reputation: 1050
#13Jun 28, 2017, 11:00 PM
Do you use a fuzzy extractor to use the biometrics to unlock the keys directly... or are you just comparing the input biometric to a saved copy and trusting some chip to keep them secret against an attacker that has physical access?
0 Reply Quote Share
ryangweiMember
Posts: 16 · Reputation: 177
#14Jun 29, 2017, 01:20 AM
We do not save copies of the iris features, as it is too insecure and raises privacy concerns. Although WLD's ORB does this, we prioritize our users' privacy and firmly refuse to store any copies. As you mentioned, we use a fuzzy extraction method to restore the key.
2 Reply Quote Share
ryangweiMember
Posts: 16 · Reputation: 177
#15Jun 30, 2017, 06:01 PM
You are right, the security chip on mobile phones can indeed provide some protection. Specifically for this case, if EyeWallet is merely a peripheral for mobile phones, there are still some unavoidable vulnerabilities. If EyeWallet only acts as an iris collection module, responsible for capturing optical images and even extracting iris features, then the captured images or iris features must be transmitted to the host device for further processing. This poses a certain privacy leakage risk. This is similar to the cold wallet performing signature calculations on the device, aiming to completely eliminate the risk of key leakage.
0 Reply Quote Share
silentchainHero Member
Posts: 473 · Reputation: 2317
#16Jun 30, 2017, 10:02 PM
So do I. One can be left without his eye after the $5-knife-attack. Besides of that,   as opposed to eye,  SEED can be backuped  by many ways and copies of that backup can be  stored in the differed geographical locations. However  I'm wondering about users (like me) who wear contact lenses. Should they remove them while exploiting this wallet?
3 Reply Quote Share
fox100Senior Member
Posts: 165 · Reputation: 1050
#17Jul 1, 2017, 02:12 AM
Do you have any information on the fuzzy extraction scheme you use?
3 Reply Quote Share
ryangweiMember
Posts: 16 · Reputation: 177
#18Jul 1, 2017, 02:52 AM
Regarding concerns about eye injuries, many people share this worry, and we have specifically addressed it in the Q&A section on our website. Your question about using the wallet while wearing contact lenses is very relevant. According to our tests, wearing contact lenses does not affect the extraction of iris features at all. However, if you use glasses, the reflective glare on the glass surface might cover some features and affect the collection process. Therefore, the conclusion is that you do not need to remove contact lenses, but it is recommended to take off glasses when using EyeWallet.
3 Reply Quote Share
paul_maxiSenior Member
Posts: 156 · Reputation: 896
#19Jul 1, 2017, 09:10 AM
Files stored in cloud, it is closed source, coming from China, and it scans your eyes... what could go wrong?  This sounds like conceptual device from horror movie and I would never use something like this as bitcoin wallet. There is no way to import keys in other wallets, and if any injury happens to user eyes he probably can't access file anymore.
2 Reply Quote Share
pixel2014Hero Member
Posts: 857 · Reputation: 4132
#20Jul 1, 2017, 11:52 AM
Some wallets that have pass key (for biometric) also have seed phrase phrase as alternative. Let me ask this question. What if someone prefer to go for seed phrase instead of the biometric means. Is it possible to get the seed phrase and backup the seed phrase instead?
1 Reply Quote Share

Related topics