Skip to content

Latest commit

ย 

History

History
931 lines (715 loc) ยท 40.1 KB

File metadata and controls

931 lines (715 loc) ยท 40.1 KB

โ„๏ธ Coldstar

CLI-First Cold Wallet System with RAM-Only Key Exposure

License Python Rust Status PRs Welcome

Quick Start โ€ข Documentation โ€ข Security โ€ข Architecture โ€ข Whitepaper


โš ๏ธ Important Notice

Proof of Concept โ€” Experimental Software

Coldstar is a proof of concept and an experimental version. It is not production-ready and should not be used to secure real assets. This repository exists for developers and researchers in the Coldstar community to understand, evaluate, and improve the Coldstar process.

๐Ÿค Contributions, feedback, and security reviews are welcome and encouraged.


๐Ÿ“‹ Table of Contents


๐ŸŒŸ Overview

Coldstar is a CLI-first cold wallet system that transforms any standard USB drive into a disposable, RAM-only signing medium. It eliminates long-lived private key exposure by ensuring keys are decrypted only in volatile memory and only for the duration of transaction signing.

Key Innovation: No permanent trusted hardware. No secure elements. No vendor lock-in.

This repository contains the core implementation, documentation, and tooling required to initialize USB-based cold wallets and perform offline transaction signing.


โœจ Features at a Glance

๐Ÿ” Security

  • RAM-only private key exposure
  • Microsecond key lifetime
  • No proprietary hardware
  • Memory-locked buffers (mlock)
  • Automatic key zeroization

๐Ÿ› ๏ธ Design

  • CLI-first and automation-native
  • Fully scriptable and headless
  • Open-source and auditable
  • Asset-agnostic by design
  • Disposable USB storage

โšก Workflow

  • No GUI dependency
  • Deterministic builds
  • CI/CD compatible
  • Air-gap friendly
  • Cross-platform support

๐Ÿš€ Quick Start

๐Ÿ“ฆ Prerequisites

Coldstar requires both Python 3.8+ and Rust to be installed on your system.

๐Ÿ Installing Python

Windows (PowerShell)

# Download and install Python from official website
winget install Python.Python.3.11

# Or download from: https://www.python.org/downloads/
# Make sure to check "Add Python to PATH" during installation

macOS

# Using Homebrew
brew install python@3.11

# Or download from: https://www.python.org/downloads/

Linux

# Ubuntu/Debian
sudo apt update
sudo apt install python3 python3-pip

# Fedora
sudo dnf install python3 python3-pip

# Arch
sudo pacman -S python python-pip

Verify installation:

python --version
# or
python3 --version
๐Ÿฆ€ Installing Rust

All Platforms (Recommended)

# Install rustup (Rust installer)
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh

# Follow the on-screen instructions
# After installation, restart your terminal

Windows (Alternative using winget)

winget install Rustlang.Rustup

Verify installation:

cargo --version
rustc --version

โšก Installation & Running

1๏ธโƒฃ Clone the repository:

git clone https://github.com/devsyrem/coldstar.git
cd coldstar

2๏ธโƒฃ Run the application:

python main.py

The application will automatically:

  • โœ… Build the Rust secure signer on first run
  • โœ… Set up the necessary environment
  • โœ… Launch the interactive CLI

๐Ÿ’ก Note: The first run will take a few minutes as it compiles the Rust components. Subsequent runs will be much faster.


๐Ÿ’ก Core Concept

Traditional hardware wallets rely on permanent devices that store private keys for their entire lifetime. This creates persistent trust anchors, supply-chain risk, and physical attack surfaces.

Coldstar challenges this model by removing permanent trusted hardware entirely.

๐Ÿ”„ Instead of trusting devices, Coldstar trusts:

Traditional Approach Coldstar Approach
๐Ÿ”’ Proprietary hardware โœ… Open-source, auditable software
๐Ÿญ Vendor-controlled firmware โœ… User-controlled operating systems
๐Ÿ“… Long-lived key exposure โœ… Extremely short-lived key exposure in RAM

๐Ÿ” Private keys are:

  • โœ… Encrypted at rest on user-supplied USB storage
  • โœ… Decrypted only in system memory
  • โœ… Explicitly wiped after signing completes

๐ŸŽฏ Key Insight: The USB drive is not a signing device. It is encrypted storage only.


๐Ÿ—๏ธ How It Works

Initialization Flow

flowchart LR
    A[๐Ÿ”ง Initialize USB] --> B[๐Ÿ”‘ Generate Keys]
    B --> C[๐Ÿ” Encrypt to USB]
Loading

Signing Flow (When Needed)

flowchart TD
    D[๐Ÿ“ Load Transaction] --> E[๐Ÿ’พ Read from USB to RAM]
    E --> F[๐Ÿ”“ Decrypt in Memory]
    F --> G[โœ๏ธ Sign Transaction]
    G --> H[๐Ÿ—‘๏ธ Wipe Memory]
Loading

Step-by-Step Process

  1. ๐Ÿ”ง Initialize USB Drive
    A standard USB drive is initialized using the Coldstar CLI

  2. ๐Ÿ”‘ Generate Key Pairs
    Cryptographic key pairs are generated and encrypted directly onto the USB

  3. ๐Ÿ“ When signing is required:

    • Encrypted key material is loaded into memory
    • Decryption occurs only in RAM
    • The transaction is signed
  4. ๐Ÿ—‘๏ธ Immediate Cleanup
    Decrypted key material is immediately erased from memory

  5. โœ… Security Achieved
    No plaintext keys persist on disk or hardware

๐Ÿ”’ At no point does any powered device permanently store a usable private key.

๐Ÿ“– See ARCHITECTURE.md for detailed technical architecture and system design.


๐Ÿ” Encryption & Decryption Flow

๐Ÿ” Physical Hardware Path and Data Protection

Coldstar's security model depends on understanding exactly where sensitive data exists in physical hardware and how it's protected at each stage.

๐Ÿ“ค 1. Key Generation and Encryption (Initial Setup)
โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”
โ”‚ HARDWARE: CPU + System RAM (Volatile)                          โ”‚
โ”œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ค
โ”‚                                                                 โ”‚
โ”‚  Step 1: Random Seed Generation                                โ”‚
โ”‚  โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”                  โ”‚
โ”‚  โ”‚ CPU's Hardware RNG (/dev/urandom)        โ”‚                  โ”‚
โ”‚  โ”‚ โ†’ 32 bytes Ed25519 seed                  โ”‚                  โ”‚
โ”‚  โ”‚ โ†’ Generated in CPU registers             โ”‚                  โ”‚
โ”‚  โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜                  โ”‚
โ”‚              โ†“ (copied to RAM)                                  โ”‚
โ”‚  โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”                  โ”‚
โ”‚  โ”‚ Rust Secure Buffer (mlock'd RAM)         โ”‚                  โ”‚
โ”‚  โ”‚ โ€ข Memory page locked (cannot swap)       โ”‚                  โ”‚
โ”‚  โ”‚ โ€ข 32-byte plaintext private key          โ”‚ โ† PLAINTEXT HERE โ”‚
โ”‚  โ”‚ โ€ข Protected by OS memory isolation       โ”‚                  โ”‚
โ”‚  โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜                  โ”‚
โ”‚              โ†“                                                  โ”‚
โ”‚  Step 2: User Passphrase Entry                                 โ”‚
โ”‚  โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”                  โ”‚
โ”‚  โ”‚ Keyboard โ†’ Terminal โ†’ RAM buffer         โ”‚                  โ”‚
โ”‚  โ”‚ Passphrase: "user_secret_password"       โ”‚                  โ”‚
โ”‚  โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜                  โ”‚
โ”‚              โ†“                                                  โ”‚
โ”‚  Step 3: Key Derivation (Argon2id)                             โ”‚
โ”‚  โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”                  โ”‚
โ”‚  โ”‚ CPU executes Argon2id:                   โ”‚                  โ”‚
โ”‚  โ”‚ โ€ข 64 MB memory-hard operation            โ”‚                  โ”‚
โ”‚  โ”‚ โ€ข 3 iterations                           โ”‚                  โ”‚
โ”‚  โ”‚ โ€ข 32-byte random salt                    โ”‚                  โ”‚
โ”‚  โ”‚ โ†’ Produces 32-byte AES-256 key           โ”‚                  โ”‚
โ”‚  โ”‚ โ†’ Stored in mlock'd RAM                  โ”‚ โ† PLAINTEXT HERE โ”‚
โ”‚  โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜                  โ”‚
โ”‚              โ†“                                                  โ”‚
โ”‚  Step 4: AES-256-GCM Encryption                                โ”‚
โ”‚  โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”                  โ”‚
โ”‚  โ”‚ CPU encrypts:                            โ”‚                  โ”‚
โ”‚  โ”‚ โ€ข Input: 32-byte plaintext key           โ”‚                  โ”‚
โ”‚  โ”‚ โ€ข Key: Derived AES key                   โ”‚                  โ”‚
โ”‚  โ”‚ โ€ข Nonce: 12-byte random                  โ”‚                  โ”‚
โ”‚  โ”‚ โ€ข Output: 48-byte ciphertext + auth tag  โ”‚                  โ”‚
โ”‚  โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜                  โ”‚
โ”‚              โ†“                                                  โ”‚
โ”‚  Step 5: Immediate Zeroization                                 โ”‚
โ”‚  โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”                  โ”‚
โ”‚  โ”‚ Plaintext key OVERWRITTEN in RAM:        โ”‚                  โ”‚
โ”‚  โ”‚ 0x42...A7 โ†’ 0x00000000000000000000       โ”‚                  โ”‚
โ”‚  โ”‚ Derived AES key โ†’ 0x000000000000         โ”‚                  โ”‚
โ”‚  โ”‚ Passphrase buffer โ†’ 0x000000000000       โ”‚                  โ”‚
โ”‚  โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜                  โ”‚
โ”‚              โ†“ (only encrypted data remains)                    โ”‚
โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜
              โ†“
โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”
โ”‚ HARDWARE: USB Flash Storage (Non-Volatile)                      โ”‚
โ”œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ค
โ”‚  JSON File Written to NAND Flash:                              โ”‚
โ”‚  {                                                              โ”‚
โ”‚    "version": 1,                                               โ”‚
โ”‚    "salt": "base64_encoded_32_bytes",                          โ”‚
โ”‚    "nonce": "base64_encoded_12_bytes",                         โ”‚
โ”‚    "ciphertext": "base64_encoded_48_bytes",  โ† ENCRYPTED ONLY  โ”‚
โ”‚    "public_key": "base58_encoded_pubkey"                       โ”‚
โ”‚  }                                                              โ”‚
โ”‚                                                                 โ”‚
โ”‚  โš ๏ธ  Private key NEVER stored in plaintext on USB              โ”‚
โ”‚  โœ“  USB can be read without exposing private key               โ”‚
โ”‚  โœ“  USB can be physically seized without key compromise        โ”‚
โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜
๐Ÿ“ฅ 2. Transaction Signing (Decryption and Use)
โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”
โ”‚ HARDWARE: USB Flash Storage (Non-Volatile)                      โ”‚
โ”œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ค
โ”‚  Step 1: Read Encrypted Container from USB                     โ”‚
โ”‚  โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”                  โ”‚
โ”‚  โ”‚ USB NAND Flash โ†’ USB Controller โ†’        โ”‚                  โ”‚
โ”‚  โ”‚ USB Bus โ†’ OS Kernel โ†’ Python Process     โ”‚                  โ”‚
โ”‚  โ”‚                                           โ”‚                  โ”‚
โ”‚  โ”‚ Encrypted data (48 bytes ciphertext)     โ”‚ โ† ENCRYPTED ONLY โ”‚
โ”‚  โ”‚ + Salt (32 bytes)                        โ”‚                  โ”‚
โ”‚  โ”‚ + Nonce (12 bytes)                       โ”‚                  โ”‚
โ”‚  โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜                  โ”‚
โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜
              โ†“ (encrypted data copied to RAM)
โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”
โ”‚ HARDWARE: System RAM - Python Memory Space                      โ”‚
โ”œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ค
โ”‚  โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”                  โ”‚
โ”‚  โ”‚ Python dict object in heap:              โ”‚                  โ”‚
โ”‚  โ”‚ {                                        โ”‚                  โ”‚
โ”‚  โ”‚   "ciphertext": [bytes],  โ† ENCRYPTED    โ”‚                  โ”‚
โ”‚  โ”‚   "salt": [bytes],                       โ”‚                  โ”‚
โ”‚  โ”‚   "nonce": [bytes]                       โ”‚                  โ”‚
โ”‚  โ”‚ }                                        โ”‚                  โ”‚
โ”‚  โ”‚                                          โ”‚                  โ”‚
โ”‚  โ”‚ โš ๏ธ NO PLAINTEXT KEY IN PYTHON MEMORY     โ”‚                  โ”‚
โ”‚  โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜                  โ”‚
โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜
              โ†“ (FFI call: Python โ†’ Rust)
โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”
โ”‚ HARDWARE: System RAM - Rust Memory Space (Isolated)             โ”‚
โ”œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ค
โ”‚  Step 2: Passphrase Entry                                      โ”‚
โ”‚  โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”                  โ”‚
โ”‚  โ”‚ User types passphrase                    โ”‚                  โ”‚
โ”‚  โ”‚ โ†’ Passed to Rust via FFI                 โ”‚                  โ”‚
โ”‚  โ”‚ โ†’ Copied into Rust String                โ”‚                  โ”‚
โ”‚  โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜                  โ”‚
โ”‚              โ†“                                                  โ”‚
โ”‚  Step 3: Key Re-Derivation (Argon2id)                          โ”‚
โ”‚  โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”                  โ”‚
โ”‚  โ”‚ Rust Secure Buffer (mlock'd):            โ”‚                  โ”‚
โ”‚  โ”‚                                           โ”‚                  โ”‚
โ”‚  โ”‚ Argon2id(passphrase, salt) โ†’             โ”‚                  โ”‚
โ”‚  โ”‚   32-byte AES-256 key                    โ”‚ โ† PLAINTEXT HERE โ”‚
โ”‚  โ”‚                                           โ”‚                  โ”‚
โ”‚  โ”‚ โ€ข mlock() called - RAM locked            โ”‚                  โ”‚
โ”‚  โ”‚ โ€ข Cannot be swapped to disk              โ”‚                  โ”‚
โ”‚  โ”‚ โ€ข Python CANNOT access this memory       โ”‚                  โ”‚
โ”‚  โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜                  โ”‚
โ”‚              โ†“                                                  โ”‚
โ”‚  Step 4: AES-256-GCM Decryption                                โ”‚
โ”‚  โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”                  โ”‚
โ”‚  โ”‚ CPU decrypts in Rust mlock'd buffer:     โ”‚                  โ”‚
โ”‚  โ”‚                                           โ”‚                  โ”‚
โ”‚  โ”‚ Ciphertext (48 bytes) โ†’                  โ”‚                  โ”‚
โ”‚  โ”‚   AES-GCM-Decrypt(key, nonce) โ†’          โ”‚                  โ”‚
โ”‚  โ”‚     32-byte Ed25519 seed                 โ”‚ โ† PLAINTEXT HERE โ”‚
โ”‚  โ”‚                                           โ”‚                  โ”‚
โ”‚  โ”‚ โ€ข Plaintext key ONLY in locked RAM       โ”‚                  โ”‚
โ”‚  โ”‚ โ€ข NEVER copied to Python                 โ”‚                  โ”‚
โ”‚  โ”‚ โ€ข NEVER written to disk                  โ”‚                  โ”‚
โ”‚  โ”‚ โ€ข NEVER in swap file                     โ”‚                  โ”‚
โ”‚  โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜                  โ”‚
โ”‚              โ†“                                                  โ”‚
โ”‚  Step 5: Ed25519 Signature Generation                          โ”‚
โ”‚  โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”                  โ”‚
โ”‚  โ”‚ CPU executes Ed25519 signing:            โ”‚                  โ”‚
โ”‚  โ”‚                                           โ”‚                  โ”‚
โ”‚  โ”‚ Private Key (32 bytes) +                 โ”‚ โ† PLAINTEXT HERE โ”‚
โ”‚  โ”‚ Transaction Message (N bytes) โ†’          โ”‚                  โ”‚
โ”‚  โ”‚   CPU Ed25519 ops โ†’                      โ”‚                  โ”‚
โ”‚  โ”‚     64-byte signature                    โ”‚                  โ”‚
โ”‚  โ”‚                                           โ”‚                  โ”‚
โ”‚  โ”‚ โ€ข Signing in CPU registers + L1 cache    โ”‚                  โ”‚
โ”‚  โ”‚ โ€ข Private key in mlock'd RAM             โ”‚                  โ”‚
โ”‚  โ”‚ โ€ข Duration: ~100 microseconds            โ”‚                  โ”‚
โ”‚  โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜                  โ”‚
โ”‚              โ†“                                                  โ”‚
โ”‚  Step 6: Immediate Zeroization                                 โ”‚
โ”‚  โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”                  โ”‚
โ”‚  โ”‚ Rust Drop trait executes:                โ”‚                  โ”‚
โ”‚  โ”‚                                           โ”‚                  โ”‚
โ”‚  โ”‚ Private key buffer โ†’ 0x00000000000000    โ”‚                  โ”‚
โ”‚  โ”‚ Derived AES key โ†’ 0x00000000000000       โ”‚                  โ”‚
โ”‚  โ”‚ Passphrase โ†’ 0x00000000000000            โ”‚                  โ”‚
โ”‚  โ”‚                                           โ”‚                  โ”‚
โ”‚  โ”‚ โ€ข Guaranteed even on panic               โ”‚                  โ”‚
โ”‚  โ”‚ โ€ข munlock() called - RAM unlocked        โ”‚                  โ”‚
โ”‚  โ”‚ โ€ข Memory returned to OS                  โ”‚                  โ”‚
โ”‚  โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜                  โ”‚
โ”‚              โ†“ (only signature returned)                        โ”‚
โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜
              โ†“ (FFI return: Rust โ†’ Python)
โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”
โ”‚ HARDWARE: System RAM - Python Memory Space                      โ”‚
โ”œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ค
โ”‚  โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”                  โ”‚
โ”‚  โ”‚ Python receives:                         โ”‚                  โ”‚
โ”‚  โ”‚ โ€ข 64-byte signature (PUBLIC)             โ”‚ โœ“ SAFE           โ”‚
โ”‚  โ”‚ โ€ข Transaction with signature attached    โ”‚ โœ“ SAFE           โ”‚
โ”‚  โ”‚                                          โ”‚                  โ”‚
โ”‚  โ”‚ โš ๏ธ Private key NEVER entered Python      โ”‚                  โ”‚
โ”‚  โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜                  โ”‚
โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜

๐Ÿ›ก๏ธ Memory Protection Mechanisms

๐Ÿ”’ mlock() - Preventing Swap to Disk
Normal RAM page:                   mlock'd RAM page:
โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”                  โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”
โ”‚ RAM (active) โ”‚                  โ”‚ RAM (locked) โ”‚
โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”ฌโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜                  โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜
       โ”‚ OS may swap                     โ†‘
       โ†“                                  โ”‚
โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”                   Cannot be moved
โ”‚ Swap file on โ”‚                   to disk by OS
โ”‚ disk/SSD     โ”‚
โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜

Private keys ONLY in mlock'd pages โ†’ Never touch persistent storage
๐Ÿ—‘๏ธ Memory Zeroization
Before Zeroization:         After Zeroization:
RAM Address: 0x7F3A8000     RAM Address: 0x7F3A8000
โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”    โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”
โ”‚ 0x42 (private key)   โ”‚    โ”‚ 0x00 (zeroed)        โ”‚
โ”‚ 0x8F                 โ”‚    โ”‚ 0x00                 โ”‚
โ”‚ 0xA7                 โ”‚    โ”‚ 0x00                 โ”‚
โ”‚ ...  (32 bytes)      โ”‚    โ”‚ ...  (32 bytes)      โ”‚
โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜    โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜

โ€ข Overwrites with zeros before deallocation
โ€ข Prevents recovery from heap analysis
โ€ข Protects against cold boot attacks (partially)
๐Ÿ” Process Memory Isolation
โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”
โ”‚ Operating System (Kernel Space)                    โ”‚
โ”œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ค
โ”‚                                                    โ”‚
โ”‚  โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”      โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”    โ”‚
โ”‚  โ”‚ Python Process  โ”‚      โ”‚ Other Processes  โ”‚    โ”‚
โ”‚  โ”‚ PID: 1234       โ”‚      โ”‚ PID: 5678, ...   โ”‚    โ”‚
โ”‚  โ”œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ค      โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜    โ”‚
โ”‚  โ”‚ Python heap     โ”‚             โ†‘                 โ”‚
โ”‚  โ”‚ (encrypted data)โ”‚             โ”‚                 โ”‚
โ”‚  โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ฌโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜             โ”‚                 โ”‚
โ”‚           โ”‚ FFI call             โ”‚                 โ”‚
โ”‚           โ†“                      โ”‚                 โ”‚
โ”‚  โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”             โ”‚                 โ”‚
โ”‚  โ”‚ Rust library    โ”‚             โ”‚                 โ”‚
โ”‚  โ”‚ (same process)  โ”‚             โ”‚                 โ”‚
โ”‚  โ”œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ค             โ”‚                 โ”‚
โ”‚  โ”‚ mlock'd buffer  โ”‚      โ† OS blocks access       โ”‚
โ”‚  โ”‚ (plaintext key) โ”‚             โ”‚                 โ”‚
โ”‚  โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜             โ”‚                 โ”‚
โ”‚                                  โ”‚                 โ”‚
โ”‚  โ€ข Rust memory isolated from Python by design     โ”‚
โ”‚  โ€ข mlock'd pages protected by OS kernel            โ”‚
โ”‚  โ€ข Other processes cannot access this memory       โ”‚
โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜

๐Ÿ“Š Data States Across Hardware

Location Data State Duration Hardware
๐Ÿ’พ USB NAND Flash ๐Ÿ”’ Encrypted Permanent (until deleted) Non-volatile flash memory
๐Ÿ”Œ USB โ†’ Computer ๐Ÿ”’ Encrypted Microseconds (transfer) USB bus, PCIe controller
๐Ÿ Python RAM ๐Ÿ”’ Encrypted Seconds (during signing) DRAM (swappable)
๐Ÿฆ€ Rust mlock'd RAM โš ๏ธ PLAINTEXT ~100 microseconds DRAM (locked, non-swappable)
โšก CPU Registers/Cache โš ๏ธ PLAINTEXT ~10 nanoseconds L1/L2 cache, registers
๐ŸŒ Network transmission โœ… Signature only N/A Never contains private key

โœ… Security Guarantees

โœ… What is Protected

  • โœ… Private key never stored in plaintext on persistent storage
  • โœ… Private key never exists in Python-accessible memory
  • โœ… Private key automatically erased after signing (even on crash/panic)
  • โœ… Private key cannot be swapped to disk during signing
  • โœ… Encrypted container can be safely copied, backed up, or transmitted

โš ๏ธ What is NOT Protected Against

  • โš ๏ธ Memory dumps while private key is in RAM (requires root + precise timing)
  • โš ๏ธ Compromised OS with kernel-level access
  • โš ๏ธ Hardware keyloggers capturing passphrase
  • โš ๏ธ Cold boot attacks (if RAM extracted within seconds)
  • โš ๏ธ Physical tampering with CPU/RAM hardware

๐Ÿ“– See SECURE_SIGNER_README.md for detailed information on the Rust-based secure signer implementation.


โš–๏ธ Key Differences from Hardware Wallets

Aspect ๐Ÿช Hardware Wallet โ„๏ธ Coldstar
Persistent key storage โœ… Yes (secure element) โŒ No (RAM only during signing)
Physical attack surface ๐Ÿ”’ Permanent device ๐Ÿ’ฟ Disposable USB + computer RAM
Decryption location ๐Ÿ” Inside secure chip ๐Ÿ’พ System RAM (mlock'd)
Key lifetime ๐Ÿ“… Years โšก Microseconds
Supply chain risk โš ๏ธ High (proprietary hardware) โœ… Low (commodity USB + open source)
OS compromise impact ๐Ÿ›ก๏ธ Protected by hardware โš ๏ธ Vulnerable

๐ŸŽฏ Supported Use Cases

Coldstar is asset-agnostic and designed to support modern on-chain workflows, including:

๐Ÿ’ฐ Asset Types

  • โšก Native Solana transactions
  • ๐Ÿช™ SPL tokens
  • ๐Ÿ’ต Stablecoins
  • ๐Ÿฅ‡ Tokenized commodities (e.g. PAXG)

๐Ÿ”ง Operations

  • ๐Ÿ“ˆ Tokenized equities (xStocks)
  • ๐Ÿ› ๏ธ Custom program instructions
  • ๐Ÿฆ Solana staking and delegation
  • ๐Ÿ”„ All cold-signing security models

๐ŸŽฏ All assets are handled under the same cold-signing security model.


๐Ÿค” Why Coldstar Exists

Hardware wallets improved security, but introduced new problems:

โŒ Hardware Wallet Issues

  • ๐Ÿ”’ Permanent key storage
  • ๐Ÿญ Vendor trust assumptions
  • โš ๏ธ Firmware and supply-chain risk
  • ๐ŸŒ Poor automation support
  • ๐Ÿ–ฑ๏ธ Manual, GUI-driven workflows

โœ… Coldstar Solutions

  • โšก Temporary, RAM-only keys
  • ๐Ÿ”“ No vendor trust required
  • ๐Ÿ“– Open-source and auditable
  • ๐Ÿค– Automation-native design
  • โŒจ๏ธ CLI-first workflows

Coldstar removes the concept of a permanent trusted device entirely.

Any USB drive can be:

  • ๐Ÿ”„ Rotated โ€” Replace with a new one anytime
  • ๐Ÿ’ฅ Destroyed โ€” No regrets about hardware cost
  • ๐Ÿ” Replaced โ€” Use any commodity USB
  • ๐Ÿ—‘๏ธ Treated as disposable โ€” No attachment to specific devices

๐Ÿ’ก There are no serial numbers, proprietary chips, or vendor lock-in.

๐Ÿ“– See whitepaper.md for the complete technical whitepaper and theoretical foundations.


๐Ÿ›ก๏ธ Threat Model and Assumptions

Coldstar is explicit about its security boundaries.

โœ… Protects Against

  • โฐ Long-lived key exposure
  • ๐Ÿ”“ Firmware backdoors
  • ๐Ÿญ Hardware supply-chain manipulation
  • ๐Ÿ”’ Persistent device compromise
  • ๐Ÿ‘ฎ Seizure or fingerprinting of signing hardware

๐Ÿ“‹ Assumes

  • ๐Ÿ–ฅ๏ธ User controls their operating system
  • โœ… Runtime environment is not fully compromised
  • ๐Ÿ‘จโ€๐Ÿ’ป Users are capable of auditing CLI-based tooling

๐Ÿ’ก Coldstar does not attempt to hide these assumptions behind hardware abstractions.


๐Ÿ”„ First Instance Boot Process

โœจ New Feature: Automatic file integrity and restoration system.

Every time you plug your USB cold wallet into a machine, Coldstar automatically:

  • โœ… Detects if this is the first time on this machine/session
  • โœ… Verifies all critical wallet files (keypair.json, pubkey.txt)
  • โœ… Restores missing or corrupted files from backup (if needed)
  • โœ… Creates/updates backups of valid files
  • โœ… Updates boot instance markers

๐Ÿ’ก This is not a restoration function โ€” it's an intelligent boot detection mechanism that ensures wallet integrity across different machines and reboots.

๐Ÿ”ง How It Works

  1. ๐Ÿ†” Boot Detection: Generates unique boot instance ID from machine hostname + process + timestamp
  2. ๐Ÿ” File Verification: Checks critical files for existence and corruption (0-byte detection)
  3. ๐Ÿ”„ Smart Restoration: Only restores files if actually missing or corrupted
  4. ๐Ÿ’พ Automatic Backups: Creates backups in .coldstar/backup/ directory on USB

๐Ÿ“ Storage Structure

USB Drive
โ”œโ”€โ”€ wallet/
โ”‚   โ”œโ”€โ”€ keypair.json          # ๐Ÿ” Encrypted private key
โ”‚   โ””โ”€โ”€ pubkey.txt             # ๐Ÿ”‘ Public address
โ”œโ”€โ”€ inbox/                     # ๐Ÿ“ฅ Unsigned transactions
โ”œโ”€โ”€ outbox/                    # ๐Ÿ“ค Signed transactions  
โ””โ”€โ”€ .coldstar/                 # ๐Ÿ”’ Hidden system directory
    โ”œโ”€โ”€ last_boot_id           # ๐Ÿ†” Boot instance tracker
    โ””โ”€โ”€ backup/                # ๐Ÿ’พ Automatic backups
        โ”œโ”€โ”€ keypair.json
        โ””โ”€โ”€ pubkey.txt

๐ŸŽฏ Benefits

  • โšก Zero User Intervention โ€” Everything happens automatically
  • ๐Ÿ–ฅ๏ธ Cross-Machine Compatibility โ€” USB works seamlessly on any machine
  • ๐Ÿ” Corruption Detection โ€” Catches file system errors immediately
  • ๐Ÿ›ก๏ธ Protection Against Accidents โ€” Files can be recovered from backup
  • ๐Ÿš€ Performance Optimized โ€” Only runs when needed

๐Ÿ“– Documentation


๐Ÿ†š Comparison

Coldstar vs. Traditional Hardware Wallets

โ„๏ธ Coldstar Advantages

  • โŒ No permanent signing device
  • โŒ No secure element
  • โŒ No firmware approval process
  • โŒ No vendor trust anchor
  • โœ… Full automation support
  • โœ… Deterministic and scriptable workflows

๐Ÿช Hardware Wallet Characteristics

  • โœ… Dedicated signing device
  • โœ… Secure element chip
  • โš ๏ธ Firmware updates required
  • โš ๏ธ Trust in vendor
  • โŒ Limited automation
  • โŒ Manual GUI workflows

๐Ÿ’ก Compared to open-source hardware wallets, Coldstar removes the final dependency: the device itself.


๐Ÿ’ป CLI-First by Design

Coldstar is built for power users and automation:

๐ŸŽฏ Target Environments

  • ๐Ÿ–ฅ๏ธ Headless environments
  • ๐Ÿ”„ CI/CD pipelines
  • ๐Ÿค– Automated trading systems
  • โœˆ๏ธ Air-gapped workflows
  • ๐Ÿ“œ Deterministic scripting

๐Ÿšซ What It's NOT

  • โŒ Not a consumer wallet
  • โŒ No GUI dependency
  • โŒ No browser extension
  • โŒ No background daemon
  • โŒ Not beginner-focused

๐Ÿ’ก This is not a consumer wallet and does not aim to be one.


๐Ÿ‘ฅ Intended Audience

Coldstar is built for technical users who value control and transparency:

  • ๐Ÿ‘จโ€๐Ÿ’ป Developers signing complex transactions
  • ๐Ÿ“Š Traders managing significant on-chain value
  • ๐Ÿ”ง Operators who require explicit control
  • ๐Ÿ” Security-conscious users who understand their environment

โš ๏ธ Not intended for beginners or retail-first UX.


๐Ÿ” Open Source and Verifiability

Coldstar is designed to be:

  • ๐Ÿ‘๏ธ Fully inspectable โ€” All code is open-source
  • ๐Ÿ—๏ธ Deterministically buildable โ€” Reproducible builds
  • ๐Ÿ”ฌ Auditable by design โ€” Security by verification, not trust

๐Ÿ’ก Security claims are meant to be verifiable, not trusted.

๐Ÿ“– Integration Documentation

๐Ÿ“Š Project Status


๐Ÿ“‚ Repository Structure

coldstar/
โ”œโ”€โ”€ ๐Ÿ“ src/                    # Source code
โ”‚   โ”œโ”€โ”€ cli/                   # Command-line interface
โ”‚   โ”œโ”€โ”€ crypto/                # Key generation, encryption, memory handling
โ”‚   โ””โ”€โ”€ signing/               # Transaction signing logic
โ”œโ”€โ”€ ๐Ÿ“ secure_signer/          # Rust-based secure signer
โ”œโ”€โ”€ ๐Ÿ“ documentation/          # Architecture, threat model, design notes, and all documentation
โ”œโ”€โ”€ ๐Ÿ“ attached_assets/        # Additional resources
โ”œโ”€โ”€ ๐Ÿ main.py                 # Main entry point
โ”œโ”€โ”€ ๐Ÿ”ง config.py               # Configuration
โ””โ”€โ”€ ๐Ÿ“„ README.md               # This file

๐Ÿงช Development and Testing

๐Ÿงช Test Files

๐Ÿš€ Legacy Setup Scripts

โš ๏ธ Note: Requires Rust/Python pre-installed


โš ๏ธ Disclaimer

Important: Users are responsible for understanding the risks, verifying the code, and operating within the documented security assumptions.


๐Ÿ“œ License

Open-source project. License details to be added.


๐Ÿ“š Documentation

Explore the full documentation for in-depth technical details:

Category Documentation
๐Ÿ—๏ธ Architecture ARCHITECTURE.md
๐Ÿ“– Whitepaper whitepaper.md
๐Ÿ” Security SECURITY.md
๐Ÿฆ€ Secure Signer SECURE_SIGNER_README.md
๐Ÿ”„ First Boot FIRST_BOOT_PROCESS.md
๐Ÿ”ง Integration INTEGRATION_GUIDE.md

๐Ÿค Contributing

We welcome contributions! Please open issues and submit pull requests on GitHub.

๐Ÿ’ฌ Community

Questions? Issues? Feedback? Feel free to open an issue on GitHub.


Made with โ„๏ธ by the Coldstar community

โฌ† Back to Top