This article, however, focuses on the privacy aspect of Bitcon’s soft fork. It seeks to explain how Taproot increases every user’s plausible deniability and potentially poses a threat to the blockchain analysis business. To make this improvement easily comprehensible, the benefits will be divided by use cases.

How Taproot Increases Lightning Network Privacy

The Lightning Network is Bitcoin’s layer for instant, private and inexpensive transactions. Unlike a blockchain, it’s extremely scalable, fast and doesn’t require the entire network to store and validate every operation. The more elegant design also enables greater privacy: only the parties involved in a money transfer and the routing nodes can get information about an ongoing transaction. Outsiders are completely left in the dark and unable to tell anything about the actors involved and the amount of bitcoin that they moved around. For a better understanding of how Lightning works, read my article “Explaining the Lightning Network So Even a 10 Year-Old Can Understand It”.

But since Taproot is a base layer upgrade, does it really affect Lightning? Without this Schnorr-friendly upgrade, channel openings and closings get revealed on the public blockchain exactly as what they are: 2 of 2 multi sigs with hashed time locked contracts (HTLCs). After the Taproot activation, everyone opening or closing a Lightning channel collaboratively will appear to be doing a regular transaction which is indistinguishable from the others.

Previously, blockchain analysts were able to tell when certain transactions would close Lightning channels. But after Taproot, they will only be able to see that the coins have moved. They won’t know how they moved, they’ll only observe that the amount has been spent in an indistinguishable way.

However, the privacy level still isn’t perfect. As pointed out by Wasabi Wallet creator Adam Ficsor, non-private Lightning channels broadcast a channel point which corresponds to the opening output. Therefore, this bit of information, which can be observed on the Lightning network, gives away information about the output that is engaged in the channel opening. Taproot does make Lightning network channel opening private, but only if the channels are also private. Similarly, even though CoinJoin transaction before and after opening a Lightning channel can obfuscate the previous and future, the Lightning gossip would still reveal the precise UTXO controlled by the node operator. There is promising research to mitigate the problem with ring-signature proofs for DoS protection.

How Taproot Increases Sidechain Privacy

Like Lightning channel openings, sidechain peg-ins also rely on a multisig contract. On RSK (Rootstock, a Bitcoin sidechain which seeks to port Ethereum smart contracts), there’s a two-way peg (2WP) which ensures that the BTC gets transferred safely. But after Taproot, this transaction is going to be indistinguishable from all the others and will also occupy less block space.

The same happens for Blockstream’s federated sidechain Liquid, as well as Drivechains. Regular transactions, Liquid peg-ins, Lightning channels and user multisig will look exactly the same.

How Taproot Increases Multisig Privacy

In recent years, multisig setups have become extremely popular among bitcoiners. As the user experience has improved with wallets such as Electrum, Sparrow and Specter, many community members have chosen to make their coins harder to steal, hack or spend. The idea behind it is that you don’t need to trust a single wallet or entity with the randomness and security of your private key. You use different devices with different processing units to generate your keys, and afterwards you can go as far as distributing your private key backups to different parts of the world.

Depending on your setup (most users do 2 of 3, but you can go as far as 15 of 15 if you prefer complexity), you can get a lot of extra security at the expense of losing accessibility – and if you make it too hard even for yourself to recover the coins, you might just lose them.

Taproot has two essential benefits for multisig setups: it makes them more accessible (the transaction cost of signing a 19 of 20 transaction will be the same as taking care of a single one) and also adds an extra layer of privacy. All the unnecessary information will no longer appear on the public blockchain. This preserves the secrecy of all the signers by only displaying the main input and its corresponding output. Before Taproot, blockchain analysis could determine which keys from the setup have signed the transaction. After Taproot, this information will become unavailable to the public.

How Taproot Increases the Privacy of Bitcoin Smart Contracts

Since day one, Bitcoin has enabled smart contract functionality. Basically, users have been able to broadcast conditional transactions which would instruct the rest of the network when the funds become available for spending. Multisig setups, Lightning channel openings and sidechain peg-ins are all variations which make use of different types of conditions.

So let’s consider a basic contract in which Alice locks her bitcoins until a certain block height when she thinks her infant child Bob will be a grown adult, or else allows for Bob to unlock the amounts as soon as he becomes technically capable of signing a multisig transaction. Under the current framework, both conditions get revealed to the entire network and become part of the immutable ledger. But with Taproot, only the one that gets executed will actually become public. It’s an efficiency upgrade which saves precious block space but also a great privacy trick that’s going to enable lots of creative ways to preserve wealth across time.

Taproot Simplifies Invisible Coin Swaps

Mercury Wallet by CommerceBlock has become increasingly popular in recent months. This is because of a special feature which performs a change of output ownership on the Lightning network and effectively enables users to trade their coins’ transaction history in an elegant and scalable way. If bitcoiners open Lightning channels and trade UTXOs with one another, they can obfuscate a lot of the previous activities involving their money and return to the BTC blockchain with a different set of coins. Mercury Wallet makes use of Ruben Somsen’s statechains concept to lock funds for a predetermined amount of time and conduct mixes between equal outputs.

In a sense, Coinswaps are CoinJoins that make use of Lightning’s scalability and low fees. Thanks to Taproot, they too are indistinguishable from the other transactions.

However, with Coinswaps,  you always face the risk of receiving a more problematic UTXO which may have a criminal history. Instead of combining multiple transaction histories (as in the case with CoinJoins), it enables an anonymous market for swapping transaction histories. As Wasabi wallet creator Adam Ficsor pointed out in a recent interview, the two privacy solutions can become complimentary tools: “The combination seems to be more interesting though: CoinSwaps to and from CoinJoins, which could make low anonymity set CoinJoins getting as much privacy as a CoinSwapper would.”

Bitcoin Privacy After Taproot

With Taproot, Bitcoin has undergone a long-desired upgrade to the more efficient Schnorr signatures, while also taking a few steps towards winning the battle against financial surveillance. This doesn’t mean that blockchain analysis becomes obsolete after this upgrade, though. First of all, it will take time for users to update their nodes to the latest Taproot-friendly client (so the benefits will not be enjoyed by everyone). Secondly, developers have to release wallets and applications that make use of Taproot’s full potential. For now, not much has changed since block 709632, when the soft fork was activated. But the numerous benefits of Taproot give hope for swift adoption.

Furthermore, the Bitcoin protocol can even further be optimized for scalability and privacy. One of them may be Jeremy Rubin’s OP_CHECKTEMPLATEVERIFY (BIP 119, formerly known as OP_SECURETHEBAG), which batches transactions to reduce the amount of inputs and cut down on fees during moments of high demand and congestion. With it, CoinJoins and Coinswaps can get even more plausible deniability since the same technique becomes a natural component of the Bitcoin transaction routine.

Other solutions include Drivechains (Paul Sztorc has managed to create a Zcash-like chain which serves the purpose of increasing the fungibility of processed bitcoins), Mimble Wimble extension blocks (an ongoing experiment on Litecoin, which may be useful if it proves to work), and the hope that Core developers will figure out a way to integrate zero-knowledge proofs or Confidential Transactions without the need for a hard fork. However, the Schnorr signature-powered Taproot is still a great start and the way in which it was activated gives us hope that one day bitcoins will acquire nearly-absolute fungibility.

The post The Privacy Benefits of Taproot appeared first on Wasabi Wallet - Blog.

Coldcard was the first hardware wallet to implement PSBT – and through it, the device managed to function without requiring a connection to a computer. This “airgapped” setup soon increased in popularity among bitcoiners who became aware of their potentially compromised computers and the possibility of using faulty USB cables. Even though the amount of security being added through this airgap is debatable, setting up PSBT does make the bitcoins more difficult to spend – to some HODLers, this is an extra impediment which prevents them from panic selling.

Ever since, other hardware wallet manufacturers (KeyStone, Foundation Devices) and DIY projects (Specter DIY, Seedsigner, Bowser Wallet) have implemented PSBT as a way to create simple and secure devices that are compatible with existing Bitcoin wallets and don’t need desktop software of their own. It isn’t just convenient for the developers to not create and maintain a friendly platform like Trezor Suite, BitBox Base or Ledger Live, it’s also more secure to rely on desktop and mobile wallets that already exist, are being used every day and have been scrutinized heavily by hackers and code reviewers.

Wasabi is one of the desktop Bitcoin wallets that work with every PSBT hardware wallet. Not only that, but thanks to the Tor routing and trustless onboarding, it’s also the most private desktop wallet for your Bitcoin transaction signing device. There’s a small detail that you should consider, though: due to PSBT being a universal standard, Coldcard’s first adopter status, and the lack of a direct connection between the hardware wallet and the computer, all PSBT signing devices will be recognized as Coldcards.

Now that we got these details out of the way, let’s talk about how you can send a Bitcoin transaction in Wasabi Wallet, by using the PSBT standard. There are four steps involved: registering the master public key file to Wasabi, building a transaction, signing the transaction, and broadcasting this transaction to the Bitcoin network. The first step needs to be completed only once for every wallet setup and is unique for every BIP39 backup you create with your device. So, in theory, you can have an unlimited amount of PSBT setups for every hardware wallet, but you can only use one at a time.

Furthermore, it should be mentioned that in order to enable communication between the hardware wallet and Wasabi, you need a durable SD card. You don’t have to purchase one which can hold big files, but you do need ruggedness and the ability to write and rewrite many times. Though any SD card of any size larger than a few megabytes works just fine, the industrial-grade ones will last longer and perform more predictably over the years.

So first of all, you need to insert the SD card in your hardware wallet and export the xpub file to it. This is the only part which varies according to the hardware wallet manufacturer. For example, in the Coldcard interface you need to access the “Micro SD Card” menu, pick “Export Wallet”, and then select “Wasabi Wallet” from the list. On the KeyStone, you need to choose Wasabi as your watch-only wallet, and then export the wallet. This pairing is even easier to do on the Foundation Devices Passport: from the main menu you go to “Pair Wallet” and choose Wasabi, insert the SD card and follow the file generation process.

Once you have the .json file written by your hardware wallet to the SD card, you insert it inside your computer and open Wasabi Wallet. Then from the “Wallet Manager” tab (on the top-left side of the interface) you pick “Hardware Wallet”. The next step is to press the “Import Coldcard” button on the bottom right corner and point the wallet to the public key file that you stored on the SD card.

As previously mentioned, it really doesn’t matter if your hardware wallet is a KeyStone, a Passport, or a Seedsigner. All of them use the exact same file format, so the “Import Coldcard” button shouldn’t deter you from using this PSBT function only because your hardware wallet is of a different brand.

After you import your public key file into Wasabi Wallet, you’re going to see how the new “Coldcard” gets added to the “Wallet Explorer” menu on the right side of the screen.

Double click it or right click and select “Open Wallet” from the drop-down menu. Now we must build the transaction. From the same “Wallet Explorer” side of the Wasabi menu, click on “Advanced” – it should be just below your wallet of choice. Then pick “Build Transaction”.

Now you will have to select the Bitcoin UTXO that you want to spend, designate the recipient of your transaction, set the fee and then finally click the “Build Transaction” button. It’s the same as sending a regular transaction, except that instead of broadcasting the instruction to the Bitcoin network, it generates a PSBT file that needs to be signed with your hardware wallet.

The next step is to insert the SD card back inside your hardware wallet’s port and use the internal user interface to validate the transaction with a signature. On the device’s screen, you should see information about the transaction inputs, outputs, amounts and fees. So make sure that you verify everything before you proceed with the signature. Once again, the way of generating the signed PSBT file varies on every device. For example, the Foundation Devices Passport has the “Sign with Micro SD” option in the main menu and everything is very simple. On the Coldcard, you must choose “Ready to Sign” and follow the on-screen instructions. And on the KeyStone you simply touch the screen in the area where the BTC address gets displayed and pick the right unsigned transaction file.

This part is very important, as you verify all the details about the transaction and can either sign it or invalidate it. The funds don’t leave your wallet until you sign the transaction and broadcast it. So even if you do sign it, one final step is still required.

Insert the SD card back into your computer. Now you should find a PSBT file which has “signed” in the name. What you need to do next is open it with Wasabi and broadcast it to the entire Bitcoin network to make the transaction possible. Go to the “Tools” menu at the top of the Wasabi wallet window, and pick “Transaction Broadcaster”. Then click the “Import Transaction”, check the input data one last time on the screen, and then finally click on “Broadcast Transaction”. Congratulations, you have just sent a PSBT transaction with Wasabi, while also boosting your network-level privacy and using an airgapped setup for your hardware wallet.

PSBT is a complex and debated topic among bitcoiners. Like everything else, it can have both advantages and disadvantages. Whether or not you choose to use it depends entirely on your HODL strategy and your threat model. To hear opinions in favor of the setup, listen to Specter creator Stepan Snigirev on the Bitcoin Takeover Podcast. Another similar opinion is shared by Blockstream Chief Architect Lawrence Nahum. To hear criticism about the use of PSBT in your setup, listen to ShiftCrypto developer and researcher Benma, as well as former Bitcoin Core developer Peter Todd.

The post Sending PSBT Transactions with Wasabi Wallet appeared first on Wasabi Wallet - Blog.

CoinJoins are excellent for increasing your Bitcoin transaction privacy. Through them, your traceable BTC UTXOs become a lot more difficult to observe and follow on the public blockchain. Consequently, it becomes nearly impossible to tie a certain transaction to one of the users’ identity and the bitcoins become equally tainted – and therefore, equally clean.

These CoinJoins employ a cryptographic technique that’s called Chaumian mixing, which very much resembles the voluntary placement of multiple fingerprints on paper money bills. Without these multiple fingerprints, it would have been easier to identify the previous owners of the banknotes. But with a multiplicity of suspects, any investigation becomes difficult while all the participants benefit from the same amount of plausible deniability.

But just like every other privacy tool, CoinJoins are not perfect. Not because they are not effective at serving their purpose or because of some hypothetical cryptographic vulnerability. The issue is that users must still trust the CoinJoin coordinator with their UTXOs and their subsequent transaction history and a lot of data still appears on the public blockchain. While this data is pseudonymous and the transactions contained are indistinguishable from one another, it’s still important to know that outside observers can see that you have participated in a CoinJoin.

The philosophy of CoinJoins is that you hide in a crowd in order to hide your face from an outside lurker. The more people gather around you, the harder it is for the outsider to identify you. And if everyone in this crowd wears the same Guy Fawkes mask, has the same hair color, height, and moves the same way, then you have a better picture of what CoinJoins look like.

This is where we need to talk about the two versions of the world in which CoinJoins are being used. In the first one, everybody CoinJoins their BTC after making exchange withdrawals and before fleeing authoritarian governments. Privacy has crushed the ambitions of Big Brother and, just like the late Tim May explained in his cypherpunk encyclopedia “The Cyphernomicon: Cypherpunks FAQ and More”, we resort more to sovereignty and self-protection (as opposed to more government control).

But we still have a long way to go and a lot of education to spread until we get to this point where the individual is this empowered. So now let’s look at the other extreme where government control wins and CoinJoins become the rare exception to the rule. If the anonymity set is small and the privacy advocates are partially known, then it’s fairly easy to figure out who gets involved in these transactions. You can’t really be safe from the external scrutiny of Big Brother if you are only covered by a couple of people whose identities might be known.

But even if we assume that everybody CoinJoins and privacy becomes part of the norm, we must still take into account the post-mix transaction behavior. If a certain amount of BTC gets mixed with other coins, only to get moved to one output of the same original size minus the fee, then all the effort has been in vain. For example, if you have 1 BTC and you run a CoinJoin during a round when UTXOs of 0.1 BTC get created, you should avoid taking your newly-generated and private 0.1 BTC UTXOs to put them back together into the same output. It defeats the purpose of the CoinJoin and might turn into a costly mistake. It’s basically like shredding a confidential document into hundreds of pieces (a good privacy practice), only to throw it all together in the same bin (a bad privacy practice) – someone with enough patience and resources will figure out how to backtrack and reproduce the paper you wanted to destroy.

CoinJoined outputs should be spent directly to the party against which you are trying to keep privacy. It’s that first step that really matters, as the privacy gets further diluted after each subsequent Bitcoin transaction. However, there are businesses and exchanges that don’t accept CoinJoined transactions – BottlePay and Coinbase being only two of the most popular ones. This means that they flag CoinJoins and refuse to do business with anyone who uses them. Of course, after a few steps and enough time, it’s assumed that the coins have changed hands enough to no longer be associated with the previous owners. But if you’re planning to use certain centralized services that take KYC/AML practices overzealously, then it’s better to not do CoinJoins on the outputs that you’re planning to transact with them.

Ultimately, CoinJoins are a privacy tool that anyone can wield to make previous transactions a lot more difficult to track. But to some, the fact that the history is unclear might be an issue. You must always assess the requirements and determine your threat model.

To find out more about the limitations of CoinJoins, listen to this interview with Wasabi Wallet creator Adam Ficsor (from 16:30 onwards).

The post Why CoinJoins Are Largely Misunderstood appeared first on Wasabi Wallet - Blog.

There are two important categories of DIY hardware wallets that you can build from general-purpose electronic devices: the ones that run a ported firmware (a group of coders make a well-tested software available on more common hardware), and the ones that run original code.

Both of them are fairly easy to build and have very few moving parts that you need to put together. But from the get-go, you should understand the tradeoffs: a project like PiTrezor might be a convenient port which allows you to run the most tested hardware wallet software on a Raspberry Pi, but it doesn’t mean that the port itself is vetted by security professionals or maintained to include the latest updates from Trezor Wallet. Conversely, a project like SeedSigner or Specter DIY might be original and open source, but this doesn’t mean that many experts have verified the code either.

This is why the recommendation regarding these devices that you can build yourself is to check the code or pay a professional to do it for you. If you’re going to use DIY hardware wallets to protect large amounts of bitcoin, then it’s better to take the multisig part. If each device is nothing but a key to your coins and there is no single point of failure that can make you lose your funds, then it’s generally safer to use something with a higher risk profile).

At this point, we should ask two important questions: first of all, why build a DIY hardware wallet at all if the security is questionable? Well, some of the two best arguments include your ability to survive political authoritarianism, and the avoidance of supply chain attacks. Something that you build yourself from common parts is going to help you maintain your privacy and plausible deniability in relation to your government – and the delivery company won’t know what you’re up to either.

The other important question that we should ask at this point is: will your DIY hardware wallet work with Wasabi? Well, the answer depends on the hardware wallet model. Something like PiTrezor should work as it’s essentially the Trezor firmware on a different and more accessible system. Specter DIY and Bowser ought to also work since they use standards included in the HWI and PSBT standard specifications. In the case of the SeedSigner, single sig setups are still on the roadmap for development; therefore, Wasabi compatibility will have to wait for a little while.

Once again, these open source DIY hardware wallets are still in an early phase of development and mostly recommended in multisig setups. Don’t take reckless risks with your bitcoins. If you’re a hardware wallet hobbyist or an individual who’s trying to gain financial sovereignty in an authoritarian environment, consider creating more elaborate setups which don’t rely too much on a single device – even if this means that you’re going to do a Shamir backup or multisig setup that isn’t compatible with the Wasabi software.

After having presented the warnings, let’s take a look at the four DIY hardware wallets in order to determine the costs, the difficulty, and the complexity of the task.

Read here the blog post to learn how to build your own Trezor One, Trezor Model T, and BitBox02.

Building your own PiTrezor Wallet

A rule of thumb in security is to follow the most tested path. This way, you know more about the experiences of others and have a better understanding of all the tradeoffs involved. And since Trezor Wallet has been around since 2014 and the code has been under constant scrutiny since inception, it’s pretty safe to assume that the firmware works well and has constantly been hardened by disclosures.

PiTrezor is a port of the original code, which makes the STM32F10XRXT6-optimized firmware run on the more common and popular Raspberry Pi Zero. You can buy a Pi for virtually everything, from video game emulation to IoT experimentation, robotics and Tor relays. Also, the Raspberry Pi Zero only costs $5 and is among the most accessible mini-computers in terms of both price and the ability to find one in every corner of the world. Compared to the default Trezor microcontroller, the Pi Zero is a lot more popular and it’s easier to source compatible accessories.

Furthermore, the PiTrezor port also works on the Raspberry Pi 4 – the more powerful device which is mostly used by individual Bitcoin node operators. One major advantage of these devices is that they come with full USB ports which allow you to connect your keyboard to use as inputs. This means that you don’t need to worry about finding buttons that fit to some kind of enclosure, as you have the option to operate the PiTrezor with a peripheral you already have.

Therefore, the process is a lot easier and requires no soldering or parts assembly if you run PiTrezor on a Raspberry Pi 4. However, the costs are higher by about $30. For the entire guide go to the PiTrezor website.

Now let’s talk about the parts and costs. There are two versions of the Raspberry Pi Zero, and you should get the more affordable one which has no bluetooth and WiFi. Not only because these ports are useless, but because they can represent extra attack vectors to break the device or extract information. Although the PiTrezor maintainer suggests that the Zero W is just as secure because the firmware has no drivers loaded for the communication ports, a competent hacker can still exploit them if he gains physical access. Hence, for security and money-saving purposes, it’s better to purchase the basic $5 Pi Zero.

Other parts include an SD card larger than 100 MB (basically any that you’ll find nowadays for a couple dollars), a micro-USB to USB cable (about 1 dollar), a mini HDMI cable which connects to a monitor, TV or dedicated screen (costs about $3 assuming that you already have a monitor or TV), two push buttons that are compatible with the Raspberry Pi (about 2 dollars and you only need them for the Pi Zero configuration, as the Pi 4 can make use of your USB keyboard) and some wires to solder the buttons to the board (roughly 1 dollar). Optional parts include a dedicated screen which is useful for portability reasons, and an enclosure which protects the board and circuits from dust, physical damage and other factors.

Assuming that you pay 5 dollars for the Raspberry Pi Zero and 9-10 dollars for the remaining parts, we’ll conclude that building the most basic yet electronically-demanding version of the PiTrezor will cost you about $15. Keep in mind that the screen, the enclosure, the soldering iron and the shipping of all these parts are not taken into account and can easily double the costs.

If you take the Raspberry Pi 4 route, you’re going to only need the $35 device (go for the entry-level 2 GB model, you’re not going to need that much memory for a Trezor Wallet), the 2 dollar SD card and the micro-USB to USB and mini-HDMI male to HDMI female cables. These should cost about 6 dollars. And while the approximated total of 41 dollars might sound like it’s pretty expensive, at least you don’t need to do any wire soldering and it doesn’t require any special equipment for this task. You flash the firmware on the SD card, plug the Raspberry Pi to a power outlet, connect the external video port to your HDMI-compatible monitor or TV screen (anything newer than 10 years has it), and use your USB keyboard as input. It’s pretty geeky, but somebody living in a place where Trezor hardware wallets have no official distribution is going to really enjoy the power of DIY sovereignty.

Before we move on to the next part, here’s another reminder that while the PiTrezor code is open source and basically a port of the official Trezor Wallet release, you should be cautious and avoid putting too many coins into this device without properly verifying the code. The safest way to use a PiTrezor is to make it one of your multisig devices, so there is no single point of failure. But you should always be cautious as Trezor CEO Marek “Slush” Palatinus said in S4 E8 of the Bitcoin Takeover Podcast, there are around 40 Trezor clones worldwide and their modified code doesn’t always get the scrutiny that it should.

Building your own Specter DIY

Specter creator Stepan Snigirev has started an entire DIY revolution in the Bitcoin hardware wallet space. Thanks to his micro-bitcoin and micro-arduino projects, low-powered devices are now able to run a lightweight version of the Bitcoin client. Most remarkably, he has created a hardware wallet which can be built using off the shelf parts which runs non-Trezor code. While every commercial secure key management electronic device, from KeepKey to Coldcard and Foundation Devices Passport makes use of Trezor’s open-source firmware in some capacity, the Specter DIY dares to be different.

To build your own Specter DIY, you only need an STM32F469I-DISCO developer board that you can buy for about $62, as well as a 1 dollar mini USB and a 1 dollar micro USB cable (both of which you most likely already have from phones or other hardware wallets). The device itself has everything you need, from touchscreen input to flash memory that you use to install the Specter firmware. So it’s an all-in-one solution, which at best, only requires an enclosure to keep dust away.

Today, lots of Bitcoin power users build their own Specter DIY hardware wallet to avoid supply chain attacks. But since the code is not as vetted as Trezor’s and may have vulnerabilities that weren’t discovered thus far due to a lack of incentives (the Specter DIY is still a niche product that is hard to find and the reward for cracking the code doesn’t match Trezor’s bounty program), it’s best to keep the device for multisig. This is exactly what the developers of Specter recommend: they see their DIY project as something that’s complimentary to other hardware wallets. You can still use it as a single-sig device, but the use case where it shines is multisig.

One recommendation for the Specter DIY is that you also purchase an additional barcode scanner module which costs $40. It will make the device more usable in an air gapped way, as you can scan QR codes and confirm transactions without connecting your device to a computer. Additionally, you can make the Specter DIY self-contained with a battery. The complete assembly instructions are available in the project’s GitHub repository. Furthermore, you will also find a video tutorial on YouTube.

In total, the Specter DIY should cost anywhere from 64 to 120 dollars to build. And if you also want an enclosure, you can either 3D print it according to specifications or else purchase it from a professional like Richard from the Czech Republic (not a direct endorsement, but I did buy my cases from him). This may sound like the Specter is an expensive device, but if you buy it pre-built then it’s going to cost you 350 euros (414 dollars) for a full-featured enclosure 60 euros (71 dollars) to also have the STM32F-469I-DISCO board attached. So it’s definitely better to pay 150 dollars for a full-featured device that you build yourself from parts that you source from different vendors than to spend $485 on the Specter Shield.

To better understand the scope and purpose of the Specter DIY project, listen to Stepan Snigirev offer all the explanations in S8 E11 of the Bitcoin Takeover podcast.

Building your own SeedSigner

The SeedSigner is a simplified fork of the Specter DIY, which replaces the development board touch screen experience with the powerful affordability of the Raspberry Pi Zero. Its main goal is to offer a powerful device that anyone can build for approximately $50.

Unlike the Specter DIY, the SeedSigner is currently only optimized for multisig xpub generation and makes use of a more traditional layout with physical buttons. The main drawback of this design is that some soldering is required to put together the device. But since it relies on the popular Raspberry Pi architecture, one can easily buy GPIO hammer headers (which cost $7) to avoid all the hassle.

To assemble a SeedSigner, you need a Raspberry Pi Zero computer (once again, the 5 dollar basic version without the WiFi and bluetooth is recommended), a 1.3 inch square LCD screen with a resolution of 240×240 pixels (which costs about $14) and a camera that’s compatible with the Pi Zero system (the recommended model is the AuviPal 5MP 1080p, which is currently out of stock but should cost around 20 dollars).

The SeedSigner lead developer has also open sourced the specifications for the enclosure, so that anyone with a 3D printer can create their own. This is bad news for people who don’t have access to 3D printing, especially due to the fact that the input requires physical buttons that come with the case. However, there are vendors and hobbyists (again, like Richard from the Czech Republic) who will 3D print cases for about $20.

So while the electronics required to build a SeedSigner cost around $39 (below the 50 dollar goal), you’re going to spend slightly more to have the full experience. Nevertheless, putting together a SeedSigner is more affordable than the Specter DIY from which it borrows the code.

Speaking of the code, once you assemble the hardware you’re going to need an SD card and you must also type in a few commands on an external keyboard. The complete guide makes it simple to follow, so even if you don’t understand what you’re doing you will successfully set up the SeedSigner.

You should also keep in mind that the SeedSigner is an air-gapped device which is optimized to work with multisig-friendly wallets such as Specter Desktop, Sparrow, and BlueWallet. So you won’t be able to access it from Wasabi Wallet until single sig support gets added for PSBT setups. At the moment, it is still a geeky DIY project that casual users won’t find too friendly or accessible. But thanks to community contributions, it’s quickly improving.

To better understand the philosophy behind SeedSigner, listen to S8 E10 of the Bitcoin Takeover podcast. If you need help along the way, you can use this full assembly guide from YouTube.

Building your own Bowser wallet

Created by Ben Arc, the Bowser wallet is an even more simplified fork of the Specter DIY. All you have to do in order to build this hardware wallet is to buy a $40 M5Stack ESP32 Basic Core and install the firmware with a micro-SD card.

This means that the Bowser wallet is by far the most inexpensive and simple to configure DIY hardware wallet. You even get a full step by step YouTube guide which helps you along the way. However, there are a couple of geeky quirks that you should consider: first of all, the hardware wallet also works as a video game system which runs a stylized version of Tetris. This is great for plausible deniability, as nobody will guess that the generic-looking device in your hands is also a Bitcoin device – which is very useful for people who seek to maximize their privacy in places that may be hostile to the idea of financial sovereignty.

Secondly, the Bowser wallet makes use of Morse code for input. This is by far the geekiest feature in any hardware wallet, as you must either carry a sheet of paper which tells you how to type every letter of the alphabet or memorize the code. Once again, since most people have no idea how Morse code works (and may even mistake it for Braille) this is excellent for privacy. But the feature effectively makes the device harder to use even by the hardware wallet owners, so depending on your threat model you should assess to which extent you need this extra complexity.

The Bowser hardware wallet is a pretty cypherpunk device as it mixes the privacy of video games and Morse code with the convenience of using a compact general-purpose computer. You can dispose of the unit at any moment and get a new one – just make sure that you have your backup in a safe place.

Currently, Bowser is designed to work with Electrum wallet and makes use of the PSBT standard to sign transactions. This means that it should also work with Wasabi Wallet, so long as you use the options associated with the Coldcard Wallet.

For more information and to better understand what the Bowser wallet is, listen to Ben Arc on S8 E9 of the Bitcoin Takeover podcast.

Read here the blog post to learn how to build your own Trezor One, Trezor Model T, and BitBox02.

The post DIY Hardware Wallets, Part II: appeared first on Wasabi Wallet - Blog.

The Bitcoin community certainly took notice and turned some of these general-purpose chips into financial sovereignty machines. From the popular ARM Cortex STM32 chips to the amazingly-inexpensive Raspberry Pi Zero, there are lots of options that you can use to build your own hardware wallet. But before we talk about the options that you have in order to build your own hardware wallet, it’s important to mention the reasons why you should pursue this path.

Why is DIY better?

First of all, if you live in a country where there is no distribution of Trezor, Ledger or BitBox02, then building your own device is certainly the more affordable option. Secondly, if your government is hostile to Bitcoin and everything concerning it, then it’s strongly recommended to use some of the same parts that can also build a portable Tetris machine to secure your precious digital gold.

Even if you live in a country where commercial hardware wallet distribution is possible, pursuing the DIY route is still worth your consideration. If you’re concerned about privacy (and you should be), then you shouldn’t give your name and address to a vendor and a delivery company that will store your data in their records for multiple years – the case of the Ledger database hack is a very good example of why privacy and DIY hardware are important.

Furthermore, supply chain attacks are real: you don’t know who’s going to handle your hardware wallet from the moment it leaves the factory and until it finally gets delivered to you. If somebody knows what a Trezor is, they might compromise its hardware or its packaging (a very popular attack involves the insertion of already-generated BIP 39 seed phrases, in hopes that newbies would deposit their coins to addresses controlled by the malevolent actor). Sure, these companies make great efforts to prevent such attacks by layering their packaging and introducing cryptographic tricks to verify the integrity of the hardware and software. But if you know what you’re doing, then DIY is definitely safer: using general-purpose off the shelf hardware and free open source software that you can personally verify is definitely the power user approach.

Hardware wallets you can build yourself:

Now let’s talk about the hardware wallets you can build yourself. Essentially, there are two categories: the commercial devices whose circuitry and schematics have been open sourced (Trezor, BitBox02) and the non-profit community projects that were created specifically for DIY work. The Trezors and the BitBox02s come with the advantage of a more tested and scrutinized codebase and architecture since they are sold commercially. The teams behind the projects could afford to pay for bounties and security audits, but there’s also a greater incentive for hackers to break them.

On the other hand, DIY projects like SeedSigner, Specter DIY and Bowser offer an extra layer of convenience, as they can be built from very common parts and require almost no soldering or experience with electronics. They aren’t as tried and tested as their commercial counterparts and you shouldn’t expect to get much support in the process. Yet they have advantages of their own and give everyone the opportunity to become financially sovereign.

In this first article, we’re going to analyze what it takes to build your own Trezor and/or BitBox02. Naturally, the follow-up will focus on the Seedsigner, the Specter DIY, and the Bowser wallet. Read here the Part 2 blog post.

Building your own Trezor One:

During the 2014 Kickstarter campaign which led to the launch of Bitcoin’s first hardware wallet, Trezor co-founders Marek “Slush” Palatinus and Pavol “Stick” Rusnak presented their intention to create a device that could even satisfy the demands of Bitcoin creator, Satoshi Nakamoto. This meant that the software and the circuitry are transparent and 100% open source, so that anyone can see what the device is doing at any moment.

The Czech company’s GitHub repository offers the complete board, schematics, and bill of materials (BOM). According to these documents, you need 24 moving parts, the most important being the OLED display, the STM32F10XRXT6 microcontroller, the buttons, the case, the tactile switch, and the micro-USB port. The cost of everything should not exceed $20, though you also need a soldering gun and the dexterity to put it all together by yourself.

So even though the cost of producing a Trezor One hardware wallet is low, the assembly part can be difficult and intimidating for a newbie. But if you need to build yourself the most tried and tested hardware wallet in the world, you’re going to need to develop some practical skills. After all, it’s no surprise that the Trezor One is the most copied device in the world and there are hundreds of companies that sell it under different brands all around the globe. As a matter of fact, newer devices such as BitBox02, Coldcard, and Foundation Devices Passport use significant parts of the Trezor code and to some extent can be labelled as “clones”.

As soon as you’re done putting together your custom-made Trezor One, you can flash the firmware according to the instructions from the GitHub repository. Once you’re done, your new DIY hardware wallet will work perfectly with Wasabi wallet – and choosing Wasabi instead of Trezor Suite will bring you some privacy benefits concerning full node connectivity and the trustlessness of the onboarding process.

For more information about Trezor’s open source ethos and commitment, listen to this interview with CEO Marek “Slush” Palatinus on the Bitcoin Takeover Podcast.

Building your own Trezor Model T:

Launched in the fall of 2017, the second generation Trezor hardware wallet features some much-needed improvements. It replaces the two-button scheme with a color touch screen that’s easier to use, and also comes with a faster processor which allows for more complex backups such as Shamir Secret Sharing to be made. The device is also more reliable at handling complex multisig setups (such as 8 out of 8), as demonstrated by Jameson Lopp’s comparative review.

However, the Trezor T also comes with greater electronic complexity: the bill of materials lists 109 parts, while the schematics are more elaborate and sophisticated. This means that the Trezor Model T is a more difficult and demanding DIY project than its predecessor. To make up for it, the build instructions are also more detailed and feature more pictures to guide you along every step.

In terms of security, the Trezor T comes with the advantage of allowing you to type the passphrase directly from your device – which is a great feature to have, especially when you think that your computer keyboard might be compromised/logged. So even if you don’t care much about multisig reliability or Shamir backups, it’s still worth considering the Trezor T for its input upgrade.

The chip that drives the Trezor Model T is the STM32F427VIT6 microcontroller – an ARM Cortex M4 unit which features 2 megabytes of flash memory and is clocked at 168 Mhz. You can find it for about $20, but you’ll definitely get better deals for bulk purchases. The display also costs about $5, and the remaining electronics should add another $20 (from case to the USB-C and micro-SD ports, and all the way to the various connectors). But before we judge Trezor for selling the device at a price which greatly exceeds production costs, we shouldn’t forget that the device requires significant soldering skills to build (greater than the ones needed for the Trezor One), the company is mostly focused on improving software security standards (so you pay for the research and development of the SLIPs) and there’s also a cost involved in offering customer support.

For a skilled DIY hobbyist, the Trezor Model T can be a fun weekend project. The fact that the parts are general-purpose and easy to find online should provide a great amount of plausible deniability in authoritarian states, and the extra features will make the supplementary effort worthwhile (as compared to the more simple Trezor One).

Just like the Trezor One, you can use your newly-built Model T with Wasabi Wallet. Keep in mind, however, that Wasabi won’t work with multisig setups and Shamir Secret Sharing. Only BIP39 setups will do.

Building your own BitBox02

Launched in the fall of 2019, the BitBox02 is a spin on the original Trezor design which brings some notable hardware and software modifications. Though it started from the same codebase, it’s different enough to deserve the spotlight. Philosophically speaking, the device aims to offer the compromise between open source auditability and physical security which makes it the middle ground between Trezor (100% open source) and Ledger (about 40% open source, with an opaque secure element chip).

The part that makes the BitBox02 less open source than the Trezor but more physically secure is the inclusion of the ATECC608B general-purpose security chip. This means that you can protect your device from a malevolent actor’s physical access without resorting to a software passphrase (that you may forget or lose if you’re not careful enough). So if you want to take your physical security to the next level, you should consider building a BitBox02.

Besides the secure chip, ShiftCrypto’s second generation hardware wallet features some interesting choices: the device uses a male USB-C connector which makes it easy to also plug into your mobile phone (no cable is required as long as you have the right port in your computer or phone), and the touch screen is replaced by touch sensors on the top and bottom of the hardware wallet.

In terms of software, the BitBox02 makes use of Schnorr signatures to verify the integrity of the software and prevent supply chain attacks. The system is called anti-klepto and, even though it may not seem very relevant for someone who builds their own hardware wallet, it is still a great self-verification tool which prevents outside meddling with the code. Learn more about this security mechanism from this interview with ShiftCrypto software developer and researcher Benma.

To help you build your own BitBox02, ShiftCrypto has published a bill of materials (which should be updated to include the ATECC608B chip which has replaced the 608A in 2021), an extensive datasheet, the circuit board schematics, and even an X-ray picture that should help you figure out how to connect every part to the board. The guide is not as detailed as in the case of the Trezor hardware wallets, but any experienced hobbyist should be able to figure it out.

Now let’s talk about the costs: in bulk, the ATECC608B secure chip can be bought for about $1. But due to supply chain issues in the microchip industry, it currently seems to be out of stock on some of the most popular retail websites (and will most likely sell at a premium due to scarcity). On the other hand, the 32-bit ARM Cortex M4F ATSAMD51J20A microcontroller chip costs approximately $6 and also appears to be hard to find. The PRTR5V0U2F suppression diodes and every other small part also adds up about $3 to the production cost. In total, purchasing the parts required to build your own BitBox02 should cost about $20 (including USB-C port, micro-SD card slot, touch sensors, and the OLED screen).

The BitBox02 has more parts than the Trezor One, but fewer than the Trezor Model T. It also features more affordable parts than Trezor’s flagship model and offers some physical security. So if you find these qualities desirable, then you should grab your soldering gun and start ordering the parts while they’re still in stock.

And yes, your BitBox02 will work with Wasabi wallet. But just like the Trezor devices, you will have to connect to the native software (in this case, BitBoxApp) in order to perform firmware updates.

Does building your own hardware wallet have to be so hard?

Well, no. Today we have the SeedSigner, Specter DIY, and Bowser devices and they are a lot more accessible to hobbyists who don’t want to solder diodes to a PCB while consulting complex schematics. However, they aren’t as tested as the commercial devices, so there’s always a tradeoff. Find out more about how you can build these hardware wallets and the costs involved in next week’s article!

The post DIY Hardware Wallets, Part I: Building Your Own Trezor One, Trezor Model T and BitBox02 appeared first on Wasabi Wallet - Blog.

But regardless of how they’re built and to which extent their security is transparent and auditable, all hardware wallets should work very well with Wasabi. Not necessarily because the wallet software is maintained in a way which adds support for every new hardware release (though you can find separate optimizations for the Ledger Nano and the Coldcard), but by virtue of Andrew Chow’s HWI (Hardware Wallet Interface) library.

As described by Max Hillebrand on the Bitcoin Takeover Podcast, HWI is a powerful tool which allows Wasabi to keep up with the latest hardware developments wallet and provide privacy by default to a greater number of users. Unlike popular user interfaces such as Ledger Live, Trezor Suite and BitBoxApp, Wasabi wallet offers Tor routing by default, easy UTXO management (also referred to as “Coin Control”), and a trustless onboarding via automatic full node connectivity or block filter download. No other popular hardware wallet interface comes with all of these features enabled by default and there always seem to be tradeoffs and compromises involved – yet Wasabi is perfect to manage your single-sig setup.

But what about the future of hardware wallets? The devices that anyone can build and are 100% auditable? In the case of the Trezor, we expect the Tropic Square project to deliver transparent open source secure element chips by the end of 2022 – a rather ambitious promise which, if executed well, can turn into a game changer for the entire industry. And given Trezor’s excellent documentation and support, it’s very likely that the HWI libraries will get updated to support the new Trezor as soon as it gets launched.

In the case of DIY hardware wallets like Specter, SeedSigner and Bowser, there should be no compatibility issues. Specter uses PSBT, which means that you can use the wallet in the same way you would do with a Coldcard or a KeyStone. On the other hand, SeedSigner and Bowser are air gapped devices which deal with QR codes and offline signatures. You shouldn’t have any kind of problem when you plan to send or receive to Wasabi.

We’re living truly remarkable and exciting times when free markets prove their efficiency in making hardware wallets more efficient, more affordable, and accessible to non-technical people. Anyone who can afford a $5 Raspberry Pi Zero can build his own SeedSigner, while M5Stack enthusiasts can put together a Bowser wallet in only a few minutes. But as Trezor co-founder and CEO Slush mentioned, hardware will always lag behind software development. And Wasabi, as a software wallet which integrates the right tools to support hardware wallets, is part of this trend of being ahead of the curve. No matter what the future of hardware wallets holds, Wasabi will provide a stable and privacy-friendly interface which maximizes user sovereignty.

The post Wasabi and the Future of Hardware Wallets appeared first on Wasabi Wallet - Blog.