Thanks!  The protocol does have steps to put smartphones or other devices in a Faraday bag during most of the protocol execution.  Appendix A (the list of "exceptional security measures" that are not part of the protocol proper) mentions larger Faraday cages (e.g. the entire room) as an additional measure one could take.

Glacier isn't a "protocol" in the sense of a language computers use to communicate with each other.  This is a "protocol" as in a written, step-by-step procedure for humans to follow.

Many people are interested in storing their own bitcoins rather than using an online wallet, either for security reasons or on principle. 

But it’s harder than it looks.  Techniques such as offline key generation are great, but not bulletproof; sophisticated malware might use WiFi even if it’s disabled in the OS, or write keys to the hard drive for re-transmission later when the system is online.  Hardware wallets are great too, but how certain are you that an undiscovered vulnerability isn’t being exploited to grab your private keys over that USB cable?

When you’re dealing with large sums of money, relatively small risks such as these may feel unacceptably large -- and these examples are just the tip of the iceberg.

We made Glacier to help people navigate around these risks.  Glacier is a free open-source protocol that walks you through cold storage, step by step. It’s designed for people storing large amounts of bitcoin who are willing to invest some time and money for very high-security storage.

We’re happy to offer our beta release as a gift to the bitcoin community:
https://glacierprotocol.org

Thanks -- these suggestions seem particularly interesting -- will make note of them.

Thanks for your comments.  Can you propose a more secure alternative?  I'm curious if you have something in mind.  Keep in mind the computer in question needs to get the key generation software on it somehow, and we certainly don't want to accomplish that by connecting it to a network.


I saw that, thank you!  It will take us some time to review all comments, but look forward to doing so.


Having everything open source definitely helps, but open source can have important vulnerabilities too (e.g. Heartbleed).  And side channel attacks, like the power analysis attack you linked.  Perhaps that can be fixed, but what other undiscovered vulnerabilities might be out there?  That USB connection just creates an incremental risk any way you look at it. 

Secure cold storage of bitcoins is difficult, and near-impossible for an amateur.  We are solving this problem and would like community feedback on our approach.

We attempted to follow the consensus advice for creating secure bitcoin storage - setting up multi-sig paper wallets using air-gapped computers. To our surprise, this common advice was difficult to follow. There were a confusing variety of tools to choose from at each step, most of which weren’t built around this use case.

We were also surprised to discover there were no good tutorials for navigating this process, despite Bitcoin being several years old.  This should not be a gap in the Bitcoin ecosystem in 2016!

We are solving this problem by creating an open source, step-by-step guide that removes all confusion from the process of creating secure cold storage.

As a first step, we’ve written a design document detailing the technical decisions we have made so far. This is not the step-by-step guide, but a summary that we have put together for more efficient critique. Please give us your most severe criticism.

The link is below. Please leave comments here or in the document itself.
https://docs.google.com/document/d/1sYK1aFubfQqj5B_5r0K4piNfYtQrSYqOU70A78DA1xs/edit#