A quantum-resistant authentication system using repurposed Antminer S3 Bitcoin mining hardware with High-Velocity Rolling Salt (HVRS) technology.
- Overview
- Current Status
- Quick Start
- Features
- Project Structure
- Build Instructions
- Usage
- Architecture
- Hardware
- Development
- Troubleshooting
ASIC-Shield transforms obsolete Bitcoin mining hardware into a secure, quantum-resistant password vault. It uses ASIC hashing chips to implement extreme-iteration Key Derivation Functions (100M-500M iterations), creating a "moving target defense" where authentication challenges rotate faster than quantum computers can attack.
Phase: Production Ready (v2.0)
- Interactive BubbleTea TUI with menu navigation
- Credential storage and verification
- Embedded API server and device discovery tools
- CGMiner API integration for device communication
- REST API with MCP integration endpoints
# Build all binaries
make build-tui
# Run the interactive TUI
./bin/asic-shield- Menu-driven interface using BubbleTea
- Credential management: Store, verify, list, search, delete
- Device status: View ASIC hardware status
- Embedded server: Start REST API from within TUI
- Device discovery: Scan network for Antminer devices
- Full credential management via CLI
- Device status and monitoring
- Network device discovery
- Credential CRUD operations
- Password verification endpoint
- Semantic search
- MCP integration for 1Password sync
- Device status endpoint
- AES-256-GCM encryption at rest
- SHA3-256 KDF with ASIC acceleration
- Quantum-resistant HVRS protocol
- High-velocity salt rotation
asic-shield-poc/
├── bin/ # Built binaries
│ ├── asic-shield # Main TUI application
│ ├── asic-shield-server # REST API server
│ └── device-discover # Network scanner
├── cmd/
│ ├── asic-shield/ # Main TUI (BubbleTea)
│ ├── asic-shield-server/ # REST API server
│ ├── device-discover/ # Network device scanner
│ ├── asic-monitor/ # ASIC monitoring (MIPS)
│ ├── device-probe/ # Device probe (MIPS)
│ └── ...
├── pkg/ # Shared libraries
│ ├── driver/ # Device drivers (CGMiner API)
│ ├── kdf/ # Key derivation engine
│ ├── storage/ # Encrypted storage backend
│ └── vault/ # Credential manager
├── internal/
│ ├── config/ # Configuration management
│ └── logger/ # Logging utilities
├── scripts/
│ ├── kill-asic-shield.sh # Stop all processes
│ └── ...
├── docs/ # Architecture docs
├── Makefile # Build automation
└── go.mod # Go module
- Go 1.24+
- Make
# Build everything (TUI + embedded binaries)
make build-tui
# Build just the embedded binaries
make build-embedded
# Build individual binaries
go build -o bin/asic-shield cmd/asic-shield/main.go
go build -o bin/asic-shield-server cmd/asic-shield-server/main.go
go build -o bin/device-discover cmd/device-discover/main.go
# Clean build artifacts
make clean| Binary | Size | Purpose |
|---|---|---|
bin/asic-shield |
~24MB | Main TUI application |
bin/asic-shield-server |
~9MB | REST API server |
bin/device-discover |
~6MB | Network device scanner |
./bin/asic-shieldNavigation:
- Arrow keys (↑/↓) to navigate menu
- Enter to select
- Tab to switch form fields
- Esc to go back
- q to quit
Menu Options:
- Store Credential - Add new username/password
- Verify Password - Check if password matches
- List Credentials - View all stored credentials
- Search Credentials - Search by name/username/target
- Delete Credential - Remove a credential
- Device Status - View ASIC hardware status
- Start Server - Launch REST API server (embedded)
- Device Discover - Scan for Antminer devices (embedded)
- Exit - Quit application
# Start server (from TUI or CLI)
./bin/asic-shield-server
# Or via TUI menu option
./bin/asic-shield
# Select "Start Server"API Endpoints:
GET /api/v1/health- Health checkGET /api/v1/credentials- List credentialsPOST /api/v1/credentials- Store credentialDELETE /api/v1/credentials?username=x- Delete credentialPOST /api/v1/verify- Verify passwordGET /api/v1/search?query=x- Search credentialsGET /api/v1/device/status- Device statusGET /api/v1/mcp/credentials- MCP integration
Default port: 8443
# Scan default range (192.168.12.0/24)
./bin/device-discover
# Scan custom range
./bin/device-discover 192.168.1.0/24
# Via environment variable
DEVICE_IP_RANGE=192.168.1.0/24 ./bin/device-discover# Stop all ASIC-Shield processes
./scripts/kill-asic-shield.shThis stops:
- Running TUI
- API server
- Device discover
- Processes on port 8443
┌─────────────────────────────────────┐
│ Interactive TUI (BubbleTea) │
├─────────────────────────────────────┤
│ CLI (Cobra) / REST API │
├─────────────────────────────────────┤
│ Vault Manager (Credentials) │
├─────────────────────────────────────┤
│ Storage (AES-256-GCM) / KDF │
├─────────────────────────────────────┤
│ Device Driver (CGMiner API) │
├─────────────────────────────────────┤
│ Antminer S3 Hardware │
└─────────────────────────────────────┘
- KDF: SHA3-256 with 100M-500M iterations
- Encryption: AES-256-GCM for stored credentials
- HVRS: Salt rotates every 100ms (10 Hz)
- Quantum Resistance: ~2^48 hashes per target = ~5 min @ 500 GH/s
Binaries are exported to OS-specific app data directories:
| OS | Location |
|---|---|
| Linux | ~/.local/share/asic-shield/ or $XDG_DATA_HOME/asic-shield |
| macOS | ~/Library/Application Support/asic-shield |
| Windows | %APPDATA%/asic-shield |
- Device: Bitmain Antminer S3
- Controller: Atheros AR9330 (MIPS 24Kc @ 400MHz)
- RAM: 61MB
- ASIC: 32x BM1382 chips (~500 GH/s SHA-256)
- Network: 192.168.12.151:4028 (CGMiner API)
- SSH: root / keperu100
go test ./...go get package@version
go mod tidyssh -o KexAlgorithms=+diffie-hellman-group14-sha1 \
-o HostKeyAlgorithms=+ssh-rsa \
root@192.168.12.151# Check if CGMiner is running on the device
ssh root@192.168.12.151 'pgrep -a cgminer'
# CGMiner must be running for device access
# The API driver connects via port 4028# Check terminal capabilities
echo $TERM
# Try with dumb terminal if needed
TERM=dumb ./bin/asic-shield- Project README - General project information
- Protocol Documentation - ASIC protocol details
- Kernel Driver Info - Driver implementation
- Toolchain Setup - Development environment
Last Updated: March 17, 2026 Version: 2.0