Use an air-gapped dual Electron Cash wallet for ultimate security

0 270
Avatar for mtrycz
Written by
7 months ago

If you're worried for the coins in your wallets, you are right. Scams and hacks abound, and leaving your stash in a hot wallet makes them less safe from theft.

Hardware wallets are somewhat expensive, are not very ergonomic, and come with their own tradeoffs (like leaking your data for no reason). There is a better way that is also probably free for most people, just have to have a spare old smartphone laying around.

The tradeoffs

A "hot wallet" is one that holds the keys for your coins and that is also connected to the internet. It is convenient, and it's as secure as your computer is.

A "cold wallet" is one that holds your keys, but is not connected to the internet, so you need to have a way to bring unsigned transactions to it, sign the transaction, and then export the transaction to an internet-connected device to transmit it. A common advice is to have a brand new laptop that has never been connected to the internet and install Electron Cash on it, and transfer the transaction data in text files on an USB key. It is as secure as can be, but it's not very convenient.

The approach described here combines the security of having a cold wallet with some more convenience. It isn't as convenient as a hot wallet, but much better than the transferring files via USB. It's practically as convenient as using multi-factor authentication (MFA), and we're using it day-to-day for much less sensible stuff than our coins.

There is a lot of different terminology being thrown around regarding this (eg. "warm wallets", ...), but I will use none of it, as it's all very subjective. I'll call this simply as a "dual readonly+cold wallet" setup.

The bill of materials

  • An internet connected computer with Electron Cash installed (a desktop or a laptop; a smartphone isn't supported yet, but might be in the future)

  • A disconnected smartphone with Electron Cash mobile installed; you can use an old smartphone, install the app in it, and never connect it again, or if you're super paranoid, get a new Android smartphone put the apk in there via external memory, and also never connect it.

Both devices must have a working camera and it's better if the smartphone has a bigger and higher resolution screen.

The technology

You now need to setup the two devices to share the same addresses. The way we do it is by using a xpriv+xpub pair. If you already know what that means feel free to skip to the setup.

Virtually all wallets nowadays use something called Hierarchical Derivation (or HD for friends), where a one master private key (called an eXtended PRIVate key) is used to derive many (infinite) public+private keypairs for receiving and signing transactions. Having many addresses, as opposed to just one, is better for your privacy, as it makes it more difficult to trace all your transactions back to you. This is in great contrast to blockchains that make you use just one address (an account-based model, eg. Ethereum), and is another advantage of an UTXO blockchain.

The cool thing about HD is that, using your xpriv key, you can derive something called an xpub key (eXtended PUBlic key). This key is used to derive the same public keys in the same order as the xpriv (this is the "deterministic" part), but it cannot derive the private keys. It can be used to view your addresses and funds, but it cannot be used to actually spend them (neither by a hacker nor by yourself).

What we'll be doing here is using the xpub key on the internet-connected device to track our funds and the disconnected device to actually spend them. This is actually the very usecase the xpriv+xpub pair was designed for, it's just generally not very ergonomic to use.

The setup

To start we need the generate the xpriv+xpub keypair. We can do this in any amount of methods, but for the scope of this writeup we'll just generate one on the disconnected smartphone: open the app and create a new wallet with a new seed. Take note of the seed phrase and keep it somewhere safe: if you lose or damage your smartphone, you won't be able to spend your coins - unless you are able to recover them with your seed, they will be lost forever. On the other hand, if someone is able to read your seed, they will be able to steal them. Keep it safe. I will henceforth refer to the disconnected device as the "cold wallet".

Once you have a wallet open, use the top-right menu to see the wallet info. In there you'll see the xpub key, take note of it. You can save it to a text file and use external storage to transfer it to the connected device, but since we'll be doing this just one time, you can also type type it manually into the connected device's Electron Cash.

Open Electron Cash on the connected device and create a new wallet. Use "standard" as the wallet type, and then "Use public/private keys". In the textbox that appears next input your xpub key, and double check. This will be your "readonly wallet".

Tripplecheck that the addresses generated in the cold wallet are the same as the ones in the readonly one. Et voilĂ ! You have a dual readonly+cold setup ready. Let's see how to use it.

The procedure

You'll need some funds to try the setup, obviously. If you're feeling nervous about it, you can try it out on testnet first. Use the readonly wallet to generate a receiving address, and send some funds to it. Check that they appear in the wallet.

Once the funds are in, you can try this to send some coins to yourself. Here's the full procedure, it just takes a handful of seconds to do:

  • Create a transaction on the readonly wallet: input destination and amount, click "Preview"; in "Preview" screen, click the qr button, a big QR code will appear

  • On the cold wallet, tap the menu in topright and then "Load Transaction"; Scan the QR from the readonly wallet screen

  • The transaction should be recognized as a transaction for this wallet, it can be signed; click "Sign"

  • A new QR will appear on the screen, with also the option to "Send"; do not "Send" as we are unconnected, instead use the QR to communicate with the internet-connected readonly wallet

  • In the readonly wallet click "Tools", then "Load a Transaction", and finally "from QR"; use the webcam to scan the QR from the cold wallet's screen

  • Done; the transaction should be propagated automatically

So for short: create a transaction, scan it, sign it, and scan it back. It's pretty ergonomic.

Limitations and caveats

If something goes wrong, troubleshooting can be more difficult than with a simple hot wallet setup. If you have a lot of addresses, you'll probably need to generate more addresses manually on the cold wallet, every so often.

It would be much simpler to also be able to scan a QR of the xpub in the setup. At the time of writing it is not supported in Electron Cash on android. Also, the only reason this doesn't work in a setup with two smartphones (only laptop+smartphone for now) is that Electron Cash on Android doesn't generate QRs for unspent transaction. Both of these functionalities should be rather simple to add, and it's probable they might work in the future.

You obviously cannot run CashFusion on an unconnected wallet. You're best of having a hot wallet for spending, and this setup for savings.

The tradeoffs

Basically, we trade off just a little convenience for the ultimate security. Literally, you cannot get any more secure than this, not even with a hardware wallet, which are generally less convenient and generally less private. And you don't need to give your personal info to anyone, not even as much as your street address for buying a hardware wallet online.

The ultimate security is made of "something you know, something you have, something you are". In this case "something you have" is the cold wallet smartphone. "Something you know" is the wallet's password, that you type in every time you open the wallet. For the "something you are" part, you can add biometrics security (fingerprints or face/eye scans) to the device unlock mechanism.

I personally don't know of any hardware wallet that does all three, while being this convenient.

8
$ 3.85
$ 2.00 from @ShadowOfHarbringer
$ 1.00 from @fixthetracking
$ 0.50 from @O9500
+ 2
Avatar for mtrycz
Written by
7 months ago

Comments