Idelto

Cryptocurrency news website

technical

Bitcoin Fedimints Offer Privacy In Exchange For Trust And Custody

by

Ben Carman and Tony Giorgio break down how the Lightning Network functions and what to expect in the coming years from Bitcoin and Lightning.

Watch This Episode On YouTube Or Rumble

Listen To The Episode Here:

  • Apple
  • Spotify
  • Google
  • Libsyn

P: What other things in the Bitcoin space, whether it’s companies that are starting up or new protocols that are being proposed that have got you guys really excited, that we haven’t talked about so far in this conversation. Ben, you wanna go first since you’ve been quiet for a while?

Ben Carman: Yeah, I think Fedimints is probably one of the biggest things that’s happening now in the space. It’s pretty cool. It’s like using this thing called a Chaumian Ecash server, the properties of it are it’s perfect privacy, but fully custodial. It’s funny, because it’s something that was invented 30 years before Bitcoin was, and initially some banks used it, but it either shut down or just failed.

Then it was just like, “Oh, this is a cool idea, but failed in the fiat world. Now, people are trying again. because they can make these Fedimints interoperable between each other, where you can have multiple banks that talk to each other through Bitcoin and it’s all bitcoin denominated, but you still can have this perfect privacy on top of it.

I think it’s gonna be a really cool solution. I know another way to do privacy on Bitcoin. It will be custodial, but I think the idea is a Fedimint, so it’s a federation running it. So it’s a lot harder, you can’t just have one person rugpull, you would need to be a collection of people. If you make it sufficiently large, it should be safe enough for amounts to keep on there for privacy.

P: Love it.

Tony Giorgio: I agree. Fedimint man. From a privacy standpoint, I think it’s really exciting. Yeah, there is a custodial aspect, but I think, even myself, like I’m not gonna be using it because I’m not capable of custody. Like I want to use the spending money that I have and the daily spending and receiving that I may do on a mobile wallet. I want that to be as private as possible. Even with Lightning, even with PLN how I described it earlier, there’s still Lightning channels; there’s still being online. There’s still liquidity issues receiving: You need inbound liquidity to receive on Lightning, so you need channels open and then you need all these other things. It’s not practical from an everyday standpoint, in a lot of ways and for everyone. So, if I want a Lightning wallet that works really well and Fedimint actually integrates with Lightning incredibly well. You can bounce between federations by just going through Lightning.

All kinds of amazing things you can do with just their Lightning integrations. They basically have Lightning gateways that are attached to the federation, so that a Lightning gateway will honor the tokens from the federation that’s attached to and through that mechanism, you can basically receive on Lightning atomically.

The Lightning gateway will accept the funds on your behalf and you’ll receive tokens for them. These Fedimint tokens and the Lightning gateway can’t just run off with your funds. Sure, the federation, if it was all a majority bad actor, you may lose some funds there.

You’re trusting the Federation, but to me, I would, I’m fine with trusting the federation with a month’s worth of spending money. I’m talking about, like a few thousand dollars worth of spending money at a time to be able to receive the privacy guarantees that Fedimint provides.

So to me, that’s an acceptable risk. You’re not just trusting them with your privacy too. Like you can go to Coinbase, and Matt Odell likes to talk about how some people will just pay him through Cash App and then that way Matt doesn’t see their Bitcoin wallet. He just sees that it’s coming from Cash App.

He doesn’t work at Cash App. He doesn’t have Cash App’s data. So he can’t see the users hiding amongst. They’re trusting Cash App with their privacy. That way no one can analyze their data and their transactions, but with Fedimint, you’re not just trusting Fedimint with your privacy. They literally don’t know what your transactions are; what your Bitcoin are. They gave you a token at some point that’s blinded, so when you go to spend it later, they have no idea if that’s still you or not. Most they can do — and you can do Fedimint in all kinds of different ways — but even in the scenario where it’s a KYC-based federation, which I’m sure will exist and there will be non-KYC ones and KYC-free ones and stuff like that. Even if you’re just a single identity at a federation and you’re receiving these federation’s blinded tokens, the worst they can do is just see how many tokens you have ever received, but they won’t know how much you currently have. They won’t know when you’ve ever spent it, where you spent it.

There’s a lot of beautiful privacy benefits to using Fedimints, but it’s not just trusting them with your privacy, it’s trusting them with custody, but it’s got some really great privacy guarantees.

How To Protect Yourself With A More Secure Kind Of Multi-Factor Authentication

by

There are many ways to improve your security with multi-factor authentication, but some kinds offer more protection from hacking and tracking.

This is an opinion editorial by Heidi Porter, an entrepreneur with 35 years in technology.

User Security

In previous articles about security and data breaches, we discussed the need for multi-factor authentication (MFA) on your Bitcoin accounts and any other accounts you want to protect.

Hacks will continue to happen where your account is compromised or people are sent to a nefarious site and accidentally download malware instead of verified software.

This will be the first in a series of articles around more resilient user security for your accounts, nodes and apps. We’ll also cover better email options, better passwords and better use of a virtual private network (VPN).

The reality is that you’ll never be completely secure in any of your online financial transactions in any system. However, you can implement a more resilient toolset and best practices for stronger security.

What Is Multi-Factor Authentication And Why Do I Care?

(Source)

According to the Cybersecurity and Infrastructure Security Agency, “Multi-factor authentication is a layered approach to securing data and applications where a system requires a user to present a combination of two or more credentials to verify a user’s identity for login.”

When we log into an online account, we’re often aiming to thwart an attacker or hacker using extra layers of verification — or locks.

Compared to your own home, multiple locks give more security. If one form of authentication is good, such as a password, then two forms (aka MFA) can be better.

Note that if you ONLY use biometric authentication, that is single-factor authentication. It’s just the biometric of whatever modality you’re using: thumb, iris, face recognition, etc. If you use 1 hardware key without a passphrase, that is also single-factor authentication.

However, if a biometric or key is used as a 2nd factor, it can meet the goal of multifactor authentication and be more secure than many app-based MFA.

With MFA, you must use at least 2 of these 3 authentication mechanisms:

  • Something you know (password, PIN, etc)
  • Something you have (code, device)
  • Something you are (fingerprint or other biometric)

Where Should I Use MFA And What Kind Of MFA?

With MFA, you must have at least two authentication mechanisms.

If or when they eventually support MFA, at a minimum, you should have MFA set up for your:

  • Bitcoin exchanges (but get your funds off them ASAP after buying).
  • Bitcoin nodes and miners.
  • Bitcoin and Lightning wallets.
  • Lightning apps, such as RTL or Thunderhub.
  • Cloud providers, such as Voltage accounts.

Note: Each account or application needs to support the type of MFA that you are using and you must register the MFA with the account or application.

MFA providers often include less secure options such as:

  • SMS, Phone, or E-mail One-time passwords (OTPs) or Time-based One-Time Passwords (TOTP)
  • Mobile push-based authentication (more secure if managed properly).

MFA providers sometimes also include more secure options such as:

  • Authenticator apps.
  • Biometric verification. 
  • Hardware keys.
  • Smart cards.

Guess what type of MFA most legacy financial institutions use? It’s usually one of the less secure MFA options. That said, authenticator apps and hardware keys for MFA are not all created equal.

MFA And Marketing Misinformation

First, let’s talk about the marketing of MFA. If your MFA provider touts itself as unhackable or 99% unhackable, they are spouting multi-factor B.S. and you should find another provider. All MFA is hackable. The goal is to have a less hackable, more phishing resistant, more resilient MFA.

Registering a phone number leaves the MFA vulnerable to SIM-swapping. If your MFA does not have a good backup mechanism, then that MFA option is vulnerable to loss.

Some MFA is more hackable.

Some MFA is more trackable.

Some MFA is more or less able to be backed up.

Some MFA is more or less accessible in some environments.

Less Hackable and Trackable MFA

Multi-factor authentication is more securely accomplished with an authenticator app, smart card or hardware key, like a Yubikey.

So if you have an app-based or hardware MFA, you’re good, right? Well, no. Even if you are using app-based or hardware MFA, not all authenticator apps and hardware devices are created equal. Let’s look at some of the most popular authenticator apps and some of their vulnerabilities with tracking, hacking and backing up.

  • Twilio Authy requires your phone number, which could open you up to compromise via SIM-card-swap. Initial setup is SMS. Note: How comfortable are you with Authy given the recent internal data breach at Twilio?
  • Microsoft Authenticator doesn’t require a phone number, but can’t transfer to Android as it is backed up to iCloud.
  • Google Authenticator also doesn’t require a phone number, but does not have online backup and is only able to transfer from one phone to another.

In addition, all of these apps are considered by some to be less resilient and open to phishing or man-in-the-middle (MITM) attacks.

How Your Accounts And Finances Can Be Compromised

“People should use phishing-resistant MFA whenever they can to protect valuable data and systems” – Roger A. Grimes, cybersecurity expert and author of “Hacking Multifactor Authentication”

Just like many financial and data companies, Bitcoin companies have been the target of multiple data breaches where attackers have obtained email addresses and phone numbers of customers.

Even without these breaches, it’s not especially hard to find someone’s email addresses and phone numbers (as mentioned in previous articles, best practice is to use a separate email and phone number for your Bitcoin accounts).

With these emails, attackers can perform phishing attacks and intercept the login credentials: both password and multi-factor authentication you have used as a second authentication factor for any of your accounts.

Let’s take a look at a typical MITM phishing attack process:

  1. You click a link (or scan a QR code) and you are sent to a site that looks very similar to the legitimate site you want to access.
  2. You type in your login credentials and then are prompted for your MFA code, which you type in.
  3. The attacker then captures the access session token for successful authentication to the legitimate site. You might even be directed to the valid site and never know that you have been hacked (note that the session token is usually only good for that one session).
  4. Attacker then has access to your account.

As an aside, be sure you have MFA attached to withdrawals on a wallet or exchange. Convenience is the enemy of security.

Phishing-Resistant MFA

To be resistant to phishing, your MFA should be an Authenticator Assurance Level 3 (AAL3) solution. AAL3 introduces several new requirements beyond AAL2, the most significant being the use of a hardware-based authenticator. There are several additional authentication characteristics that are required:

  • Verifier impersonation resistance.
  • Verifier compromise resistance.
  • Authentication intent.

Fast Identity Online 2 (FIDO2) is an AAL3 solution. Going into the details about the different FIDO standards are beyond the scope of this article, but you can read a bit about it at “Your Complete Guide to FIDO, FIDO2 and WebAuthn.” Roger Grimes recommended the following AAL3-level MFA providers in March 2022 in his LinkedIn article “My List of Good Strong MFA.”

Important Note: Although I have not looked into all of these for my personal use, I believe any Bitcoin builder or Bitcoin company SHOULD ask their third-party providers or integration providers to provide details about what kind of MFA provider they use and ensure that it is phishing-resistant. 

MFA Hardware Keys And Smart Cards

Hardware keys, like Yubikey, are less hackable forms of MFA. In addition, your phone number is not tied to the key, so it is less trackable. (I use Yubikey). Instead of a generated code that you enter, you press a button on your hardware key to authenticate. The hardware key has a unique code that is used to generate codes to confirm your identity as a second factor of authentication.

There are two caveats for hardware keys:

  • Your app needs to support hardware keys.
  • You can lose or damage your hardware key. Many services do allow you to configure more than one hardware key. If you lose the use of one, you can use the spare.

Smart cards are another form of MFA with similar phishing resistance. We won’t get into the details here as they seem to be less likely to be used for Bitcoin or Lightning-related MFA.

Mobile: Restricted Spaces Require Hardware Devices

Another consideration for multi-factor authentication is whether you would ever be in a situation where you need MFA and cannot use a cell phone or smartphone.

There are two big reasons this could happen for bitcoin users:

  • Low or no cell coverage
  • You don’t have or can’t use a smartphone

There can be other restrictions on cell phone use due to customer-facing work environments or personal preference. Call centers, K-12 schools or high-security environments like research and development labs are some areas where phones are restricted and you would therefore be unable to use your phone authenticator app.

In these special cases where you are using a computer and don’t have a smartphone, you would then need a smart card or hardware key for MFA. You would also need your application to support these hardware options.

Also, if you cannot use your cellphone at work, how are you supposed to stack sats in the restroom on your break?

Toward More Resilient MFA

MFA can be hacked and your accounts can be compromised. However, you can better protect yourself with more resilient and phishing-resistant MFA. You can also choose MFA that is not tied to your phone number and has an adequate back-up mechanism or ability to have a spare key.

Ongoing defense against cyber attacks is a continuing game of cat-and-mouse, or whack-a-mole. Your goal should be to become less hackable and less trackable.

Additional Resources:

  • “Multi-Factor Authentication”
  • “Digital Identity Guidelines”
  • “Don’t Use Easily Phishable MFA and That’s Most MFA”
  • “Hacks That Bypass Multi-Factor Authentication and How to Make Your MFA Solution Phishing Resistant”
  • “Best practices for securing mobile-restricted environments with MFA”

This is a guest post by Heidi Porter. Opinions expressed are entirely their own and do not necessarily reflect those of BTC Inc. or Bitcoin Magazine.

Lightning Network’s Advantages As Payment Technology

by

Bitcoin’s Lightning Network is a Layer 2 technology that offers many advantages over altcoins for making Bitcoin into a peer-to-peer payments technology.

This is an opinion editorial by Yuya Ogawa, a software engineer and co-host of the Diamond Hands community.

This article is based on the content of the “Understanding Lightning” report produced by the Diamond Hands community, the largest Lightning Network community in Japan. The report aims to provide an overview of Lightning’s technology and ecosystem for a non-technical audience.

What’s So Special About The Lightning Network?

Bitcoin was brought into this world over a decade ago to enable peer-to-peer payments without the need for a trusted third party. In order to maintain this censorship resistance, Bitcoin limits its throughput to 1M vBytes per block, every 10 minutes, keeping it easy for anyone to run their own node.

The Lightning Network is Layer 2 technology built atop the Bitcoin blockchain, enabling faster and cheaper payments, massively improved scalability and better privacy without compromises to censorship resistance and decentralization. In this article, we relegate the technological specifics for another day, instead focusing on Lightning’s censorship resistance and scalability characteristics.

Bitcoin scales by building layers on top of the base chain

Decentralized And Censorship Resistant

Just like Bitcoin, Lightning users can run their own nodes and manage their own payment channels. This is in stark contrast to the vast majority of emerging Layer 2 technologies in the broader crypto ecosystem.

For example, rollups on Ethereum exist on-chain as a single on-chain smart contract that stores the state of all of its users — as opposed to thousands of distinct payment channels in Lightning’s case. For Ethereum, an operator node is in charge of managing and updating this state, therefore introducing a vector for censorship or exploitation. Even if Ethereum and Solana were sufficiently decentralized and censorship-resistant networks, Layer 2 users can be affected if the smart contract or operator node is censored or exploited.

In Lightning, each user creates payment channels to create a massive web for payments. Thus, even if a user is censored or exploited, the rest of the network remains functional. Although there is valid concern regarding the emergence of major hubs (popular nodes that attract many payment channels) and their vulnerability to censorship, even in such a case, users are free to create alternative payment channels to circumvent these nodes, if needed. This censorship-resistant dynamic, enabled by Lightning’s decentralization, is unparalleled by most other Layer 2 technologies.

Massively Scalable

Payments on Lightning usually traverse multiple payment channels to reach their destination. Typically, we see payments that are routed over no more than four or five hops (routing nodes). Assuming each hop takes one second, the payment is completed in four to five seconds. If the payment requires zero hops, i.e., if you share a payment channel with the destination, it will likely settle in a fraction of a second.

Fees are typically around 0.1% of the payment amount, so a $1 payment is likely to cost 0.1 cents in fees. For zero-hop payments, there is no fee. The throughput of each node is limited, with Lightning Network Daemon (LND) benchmark results suggesting that a node can process 50 transactions per second (tps) out-of-the-box (see details here). However, as mentioned in the report, software optimizations should be able to bring this figure to 1,000 tps. Moreover, since the network can process payments in parallel, if 1,000 pairs of nodes across the network all function at 1,000 tps, the network as a whole does 1,000,000 tps.

Lightning payments beat other blockchains and the Visa network

Routing Nodes, At Your Service!

Just as miners are incentivized by transaction fees and newly minted coins in proof-of-work mining, the nodes that forward payments across Lightning are incentivized by routing fees. A competitive market for hashing provides security to the Bitcoin blockchain; a competitive market for payment routing results in cheaper and more reliable payments on Lightning.

Since routing nodes earn a fee each time they forward a payment, they naturally aim to route as much value as possible. However, mispricing liquidity can lead to unbalanced channel capacity and routing failures — which benefit no one, including the routing nodes involved. In order to maximize their revenue, routing nodes attempt to balance their channels, improving payment success rates and settlement times across the network. More routing nodes also means more possible routes which can be used as alternatives, improving network reliability.

Routing nodes keep Lightning decentralized and censorship resistant.

Summary

The Lightning Network is highly decentralized and censorship resistant thanks to its reliance on the Bitcoin blockchain where users can freely create new payment channels. Furthermore, similarly to how a competitive market for mining results in security on Layer 1, routing nodes compete with each other to provide stable and competitively priced payment forwarding on Lightning. Bitcoin enables trustless payments as envisioned by Satoshi Nakamoto over 10 years ago, and the Lightning Network is an attempt to vastly improve its scalability without compromising on those foundational values.

This is a guest post by Yuya Ogawa. Opinions expressed are entirely their own and do not necessarily reflect those of BTC Inc. or Bitcoin Magazine.

Border Wallets: A New Way to Create and Easily Memorize Bitcoin Seed Phrases

by

Using patterns to remember bitcoin seed phrases is a useful tool which can come in handy if someone is needing to move across borders without being detected.

This is an opinion editorial by Wartime Microchad, a contributor for Bitcoin Magazine.

Introduction

Since the introduction of Bitcoin Improvement Proposal (BIP) 39, Bitcoiners have had the option to memorize the information necessary to recover bitcoin funds stored on-chain by using plain text words. But memorizing — and then reliably recalling at a later date — 12 or 24 unrelated, noncontiguous words isn’t easy, which means that most people create and store physical backups of those words instead of committing them to memory.

While this well-established approach is fine for those who are confident in their physical security setup, it can be a big challenge for others, e.g., people with no fixed abode; those who need to travel or who live in areas of conflict/war zones; or those living in other settings where storage of physical seed phrases may be subject to security, loss, damage or confiscation risks.

An example of how someone recently had their bitcoin seed words taken from their home.

Running The Numbers

To put the scale of this problem into some context:

  • According to the United Nations’ refugee agency UNHCR, by the end of 2021, 89.3 million people had been forcibly displaced worldwide. For a large number of these people fleeing their homes, they would have been able to take little more than the clothes on their back and whatever personal belongings they could carry. The transportation of any wealth along with personal belongings may have been an impossible challenge, and fraught with risks.
  • According to the Nomad Embassy, nearly 5 million Americans identify as digital nomads and another 17 million aspire for this lifestyle. That’s 6.5% of the U.S. population who either currently or want to live a roving lifestyle. Frequent border crossings and life in rented accommodation can make it difficult to protect private keys.
  • An estimated 35% of Americans rent their accommodation, and house-sharing is on the rise as home ownership collapses, especially amongst younger generations. It is not uncommon for personal belongings to disappear in shared accommodation.

So we wanted to create a way for Bitcoiners who face these difficulties to more easily and reliably transport their bitcoin across borders. We named the solution Border Wallets.

Patterns Versus Words

Imagine having five seconds to memorize either (A) or (B) from the choices below.

Which one is easiest and most likely to be recalled after a few days?

The Science (™)

Some formerly conducted studies have shown that we are far more capable of recalling patterns versus words after prolonged amounts of time.

After being shown a random collection of words and shapes, participants had much higher levels of recall for shapes than words.

Being able to recognize shapes more easily than words bears out anecdotally too — we tend to remember faces more easily than names (which makes sense, given that our eyesight and facial recognition abilities predate our use of language).

This phenomenon is known as the “picture superiority effect.”

The Litmus Test

Let’s see if this works.

In the spaces provided, have a go at recalling the missing words and the missing pattern from the example we showed above. No cheating!

How did you do?

Memorization Using Border Wallets And Entropy Grids

Border Wallets provide a method for memorizing seed phrases using three components:

  • Entropy Grid: A randomized grid of all 2048 seed words.
  • Pattern: User-generated pattern(s) or cell coordinates.
  • Final Word “Number”: The final (checksum) seed word.

Combined, these three components comprise your Border Wallet.

The Entropy Grid Generator

Using our offline, browser-based entropy grid generator (EGG), users can generate their own entropically-secured, randomized grid of all 2048 BIP39-compliant seed words, and then apply a memorable pattern or set of cell coordinates to it — which only they know — in order to create a wallet.

While the EGG is browser-based, it is designed to work offline on an air-gapped PC, Mac or Linux machine (or even using Tails) and runs locally in the browser. To use it, users download it, transfer it to the machine of their choice and start generating entropy grids.

An example of a memorable, 23-cell pattern applied to an entropy grid to create a Border Wallet. The 24th / final word (the “checksum”) or final word number can be calculated natively within the EGG.

As each unique entropy grid contains a complete list of all BIP39 seed words in randomized format, and the users’ patterns exist only in their heads, users will store their entropy grid (or its recovery phrase) physically or digitally. Since entropy grids comprise all 2048 Bitcoin seed words in a random format, any evil maid attacks are faced with an upward difficulty adjustment that is significantly higher than if plain text seed phrase backups were discovered. You can think of it as a firewall between your seed words and any potential attackers.

Other Features

Final Word Calculator And Final Word “Number”

The EGG allows users to import the relevant 11 or 23 words from their entropy grid in order to calculate the final checksum word. In addition to the user’s pattern, the checksum is the only thing that must be memorized.

However, in order to make this even easier, the EGG includes a unique “final word number” feature. With this, instead of needing to remember the word “pair,” users can just remember the number “5” — they could even write down this number on their entropy grid since, on its own, it is meaningless and provides no clues about the final word without the other words being known.

Users may also change the final word number to something more meaningful to them, although this also changes the final word itself. Therefore, if users do change the number, the new checksum shown must be used to set up your Border Wallet. We don’t advise users to change the number (since it is generated with entropy by the tool), but the option is there if desired.

The EGG’s “final word” feature provides automatic calculation of the checksum. This checksum, or its associated “final word number” — a unique feature within the tool — is the only word that must be remembered to recreate the Border Wallet.

Deterministic Grid Regeneration

When creating an entropy grid, the EGG provides the option to choose deterministic entropy. By using 128 bits of entropy in the creation of these grids, we have the ability to simultaneously generate 12-word recovery phrases that give a plain text backup. Recovery phrases are automatically added to the bottom of deterministic entropy grids during generation.

An example of a 12-word grid recovery phrase provided when you generate a deterministic entropy grid. This provides the option to save entropy grids in plain text format. It looks and behaves like a normal Bitcoin wallet and therefore could be used as a decoy/canary.

The provision of a 12-word recovery phrase may at first glance seem counterintuitive to the concept of Border Wallets — after all, we are giving users the ability to memorize seed words, not find new ways of writing new ones down! However, some users may find value in having the option to make handwritten or digital copies of regeneration words in some circumstances: for example, if they want to store a copy of an entropy grid with a third party (sibling, parent, child, etc.) for safekeeping.

Since all 12-word recovery phrases are valid BIP39 mnemonic phrases, this gives additional options for deploying decoy funds on the resulting wallet or just to have nothing at all on them. In the latter case, an attacker may spend money and resources trying to brute force a passphrase on a seed phrase that looks like it should have funds, but which only unlocks an entropy grid.

Gridception And The Art Of Obfuscation

As there is essentially zero cost for generating entropy grids, users may choose to generate dozens (or even hundreds) of individually numbered grids, storing their preferred grid among considerable “noise.” Imagine having 100 unique and individually numbered entropy grids, the user being the only person who knows which grid(s) might have been used to generate the Border Wallet.

Gridception offers users the ability to use words from one Entropy Grid to generate new grids – dramatically increasing attack difficulty!

In fact, there is no reason why a user cannot generate multiple patterns — or even multiple entropy grids — to create a multisig wallet that they can carry in their head. Deterministic grids also unlock the ability to introduce multigrid solutions whereby a primary entropy grid is encoded within other entropy grids. We call this gridception.

To do this, users would generate a grid and then construct a 12-word pattern to apply it onto that grid. They then take those 12 words and input them to the “grid regeneration” tab within the EGG, producing a second grid. This can then be repeated to create new grids ad infinitum.

“A dream within a dream. I’m impressed. But in my dream, you play by my rules” — Saito, Inception

Encryption

For entropy grids stored digitally, i.e., on one’s personal computer, USB thumb drive or secure online cloud storage, the EGG features an option for users to natively encrypt and decrypt their entropy grids all within the tool’s interface. Once users have created a secure password, they drag and drop their entropy grid into the tool for encryption, producing an encrypted .json file that they can then store more safely in digital format. To decrypt, the .json file is imported back into the tool and unlocked with the same secure password.

Handling Seed Word Randomization

For “maximum” entropy grids — which use a truly cosmic 19,580-bits of entropy — the EGG employs the Fisher-Yates shuffle algorithm and the browser’s cryptographically strong pseudo-random number generator seeded with truly random values for generating a random permutation of all BIP39 seed words.

The option to reproduce deterministic entropy grids using 12 words — created using 128-bits of entropy — uses Gibson Research Corporation’s ultra-high entropy pseudo-random number generator.

Applications For Bitcoin And Beyond

For Bitcoin, Border Wallets and entropy grids offer new applications and solutions for bitcoin cold storage and transportation, legacy planning, gifting, third-party custody assistance as well as, most obviously, border crossings.

Looking beyond Bitcoin, however, we envisage the idea being applicable to other decentralized protocols where seed words are used for user account backup, i.e., Nostr, Web5 and other decentralized identifier-type systems.

This is a guest post by Wartime Microchad. Opinions expressed are entirely their own and do not necessarily reflect those of BTC Inc. or Bitcoin Magazine.

Tapsigner Bitcoin Hardware Wallet: Security Meets Convenience?

by

Coinkite’s new credit card-like bitcoin hardware wallet aims to unite affordability with convenience to scale cold storage to a broader market worldwide.

Bitcoin company Coinkite has launched its newest hardware wallet, Tapsigner, in an attempt to facilitate cold-storage bitcoin self-custody.

The product, which resembles a credit card more than traditional hardware wallets, comes at $40 and aims to serve as a more intuitive Bitcoin-signing device to onboard a wider range of people around the world onto more secure bitcoin self-custody setups.

Challenges In Bitcoin Self-Custody

Bitcoin self-custody isn’t easy. It has come a long way over the years but it’s arguably still far from being intuitive.

Hot wallets, the ones in which the private keys remain “hot” online in a phone or computer, are perhaps the most popular bitcoin wallets given their convenience. The user just needs to download an app into their phone, create the wallet, jot down the recovery words — and voilà, it’s ready to be used. The tradeoff is of course security: – being connected to the internet makes this setup more vulnerable to hacking, theft and other attacks.

The alternative, cold wallets, keep the private keys “cold” offline, increasing the security but at the expense of usability. Cold-storage solutions typically require the user to undergo many more steps to move their bitcoin. Even though that might be a feature rather than a bug for larger holdings, a less fluid transacting experience can be a pain for smaller stacks of bitcoin.

So, what is the solution?

Tapsigner: A Contender For The “Lukewarm” Middle Ground

Coinkite’s Tapsigner tries to bridge the gap between the hot and cold storage worlds with a more intuitive user experience.

The new product, which has already started shipping to consumers, brings a secure element –– the security chip inside hardware wallets –– in an NFC card. Not only does this enable better transportability as it’s the size of a typical credit card but also allows users to interact with their bitcoin holdings in an already familiar way –– tap to pay, or in this case, tap to sign.

Coinkite’s Tapsigner is easier to transport than most hardware wallets and brings an intuitive tap-to-pay experience to Bitcoin users.

(Tapsigner/Twitter)

In the background, Bitcoin transactions work in phases. First, the transaction is constructed by having the user –– or application –– select the inputs (the addresses sending the bitcoin), the amount to be sent, the amount to be paid in fees and the outputs (the addresses receiving the bitcoin). Then, the owner of the inputs needs to sign the transaction; philosophically, this is the owner of the funds saying, “I own this bitcoin and authorize this transaction.” The transaction is then broadcast to the peer-to-peer network so that nodes can check its validity.

While there are risks associated with every step in the process of building, signing and broadcasting a transaction, signing is arguably the most important one as it directly approves the movement of funds. This is where Tapsigner comes in. The card aims to take what is good about hot wallets –– convenience –– and join it with what is good about cold storage –– security –– in a lower price tag than for traditional hardware wallets.

When used with a hot wallet, for example a phone wallet, Tapsigner maintains the transaction building and broadcasting processes as a responsibility of the phone while taking on the signing burden –– providing more security compared to pure hot storage and more convenience than the traditional cold storage one would set up for their life savings. It’s the middle ground where more frequent transactions can borrow the security of a hardened cold-storage setup.

Software Wallet Compatibility

Since Tapsigner purely signs transactions, it relies on a software wallet. However, not every wallet is compatible with the card.

At the time of writing, users can leverage Nunchuk, the bitcoin wallet famous for its multi-user approach to multisignature, to have the Tapsigner as the key for a single-sig, a key in a multisig, or both. As any private key, the card can be used in a multitude of ways with different wallet structures.

Software wallet options other than Nunchuk will be available soon, and likely the next to become fully compatible with Tapsigner is Hexa Wallet. The popular BlueWallet currently has an open PR to merge NFC capabilities into the project.

Getting Into The Weeds

Tapsigner comes without private keys. The card leverages the Bitcoin cryptography library in its secure element to generate the keys before first use with the help of the software wallet. The user can let the wallet provide entropy (randomness necessary to create a “good” private key) or alternatively provide it themselves. The card combines the entropy provided with secret entropy, that it picks itself, to actually generate the keys in the Tapsigner.

Private keys generated by the card abide by BIP 32 instead of BIP 39. In other words, the card adheres to extended private keys (XPRV) instead of the now popular mnemonic seed phrases. In practice, this means that users interested in backing up their private keys won’t be able to store their backup as 12 or 24 words; rather, an encrypted backup of the private key file is necessary.

When the user requests a backup of the private keys, Tapsigner encrypts the keys with the 16-byte key printed on the back of the card. Therefore, to recover the wallet, the user will need the encrypted private key file as well as the decryption key printed on the back of the Tapsigner. If the card is lost, the user can just leverage these two pieces of data to recover funds. (So, it might be worthwhile to write down the key on the back of the card on paper.)

While the software wallet might prompt the user to save the file in cloud storage, it should be noted that symmetric encryption –– used in this process –– isn’t as brute-force resistant as asymmetric encryption. Though chances of compromise are still low, users are incentivized to store the backup file offline and protect the encryption key.

Other (Future) Contenders

Other entrepreneurs and businesses are also interested in bridging hot and cold storage to find the best of both worlds. Jack Dorsey, the tech billionaire who cofounded Twitter and the financial services firm Block, previously known as Square, is perhaps the most famous of them.

Block announced plans to build a hardware wallet of its own in October 2021, and earlier this year detailed what its approach would look like. The plans include a mix of software and hardware products, which the user can leverage to reach their own optimal balance of security and convenience.

Block will make a mobile application and have it be the main interface for customer interaction, while the hardware wallet will be a simple, screen-free NFC device with fingerprint authentication used only to sign larger transactions on the app.

However, there isn’t yet a clear timeline of when Block’s product might be released.