Bitcoin Forum
November 13, 2024, 03:07:15 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1] 2 »  All
  Print  
Author Topic: Cold wallet transmissible to my heir in a trust-minimized fashion.  (Read 309 times)
ilovecoins2014 (OP)
Newbie
*
Offline Offline

Activity: 18
Merit: 2


View Profile
November 27, 2019, 11:00:23 AM
Last edit: December 03, 2019, 06:02:26 AM by ilovecoins2014
 #1

Over the past 2 years, I have been developing a cold wallet that is:
. affordable to anyone,
. easy to use and transmit to my heir in a trust-minimized fashion.

It only requires a dedicated Android device (any repurposed old Android device will do) that is meant to be kept offline once our app is installed.

The wallet has not been publicly released yet and can only handle btc and eth for now.

Before releasing it publicly, I would appreciate if other people could test it and give me their first impressions. And don't worry, I will send you a few satoshis so that you can test my cold wallet with my money and not yours! ;-) Thanks for your support and good vibes.
Dabs
Legendary
*
Offline Offline

Activity: 3416
Merit: 1912


The Concierge of Crypto


View Profile
November 28, 2019, 07:16:20 PM
 #2

Is this a hardware wallet or some software you are working on that can run on a normal computer? (offline?)

DarkDays
Legendary
*
Offline Offline

Activity: 2030
Merit: 1189


View Profile
November 28, 2019, 08:57:28 PM
 #3

There are quite a few ways to do this, for example there are services that will automatically send emails on a certain day. You could use this to send an email containing details to recover your wallet.

You can also create time-locked Bitcoin wallets, which could also be used to lock out funds until your death.
ilovecoins2014 (OP)
Newbie
*
Offline Offline

Activity: 18
Merit: 2


View Profile
November 29, 2019, 01:22:28 AM
 #4

Is this a hardware wallet or some software you are working on that can run on a normal computer? (offline?)

The cold wallet works as follows.

1) Download our Android app on a device of your choice.

2) Keep the device on airplane mode while the Android app is installed.

3) Use the Android app to create your wallet following your own entropy.

4) Use the Android device to sign offline the transactions you generated online via our webapp (all communications offline/online are via QR codes).

5) Use our trustless mechanism based on Shamir Secret Sharing to transmit your wallet to your heir.

Here's some additional description of the cold wallet: www.selftrust.me

We give you USD 5 worth of btc to test our wallet and give us your impressions.
ilovecoins2014 (OP)
Newbie
*
Offline Offline

Activity: 18
Merit: 2


View Profile
November 29, 2019, 03:36:12 AM
 #5

There are quite a few ways to do this, for example there are services that will automatically send emails on a certain day.

Which specific services are you referring to?
malevolent
can into space
Legendary
*
Offline Offline

Activity: 3472
Merit: 1724



View Profile
November 29, 2019, 04:52:03 AM
 #6

Is it really trustless if it relies on your company not going out of business?

Which specific services are you referring to?

Even with gmail you can do it nowadays with their new 'scheduled send' feature.

And there are many similar services, e.g. https://www.deadmansswitch.net/

Google also offers a deadman's switch service: https://myaccount.google.com/inactive


Signature space available for rent.
Dabs
Legendary
*
Offline Offline

Activity: 3416
Merit: 1912


The Concierge of Crypto


View Profile
November 29, 2019, 03:41:08 PM
 #7

What makes this any different than using Electrum for Android (in airplane mode), or a separate air gapped computer with Electrum?

There is also another hardware wallet called Elipal Titan that is completely offline and uses QR Codes.

Patatas
Legendary
*
Offline Offline

Activity: 1750
Merit: 1115

Providing AI/ChatGpt Services - PM!


View Profile
November 29, 2019, 11:34:59 PM
 #8

Is this a hardware wallet or some software you are working on that can run on a normal computer? (offline?)

The cold wallet works as follows.

1) Download our Android app on a device of your choice.

2) Keep the device on airplane mode while the Android app is installed.
Ignore me if I sound stupid but how would you download the app when your phone is on the airplane mode? It needs the internet to download the App right?  Huh

3) Use the Android app to create your wallet following your own entropy.

4) Use the Android device to sign offline the transactions you generated online via our webapp (all communications offline/online are via QR codes).

5) Use our trustless mechanism based on Shamir Secret Sharing to transmit your wallet to your heir.

Here's some additional description of the cold wallet: www.selftrust.me

We give you USD 5 worth of btc to test our wallet and give us your impressions.
Is the feature available only for Android at the moment? I would give it a shot on an iPhone any day. Also, kinda skeptical about going online to your web-app when things are supposed to be "offline."
joniboini
Legendary
*
Offline Offline

Activity: 2366
Merit: 1806



View Profile WWW
November 30, 2019, 04:28:40 AM
 #9

Ignore me if I sound stupid but how would you download the app when your phone is on the airplane mode? It needs the internet to download the App right?  Huh

Pretty sure you need to be online first and then switch to airplane mode, or download from another phone and send it to your 'wallet phone'. In both cases, it still needs to connect with the internet or another device, and not as 'cold' as you think it would be.

▄▄███████████████████▄▄
▄███████████████████████▄
████████▀░░░░░░░▀████████
███████░░░░░░░░░░░███████
███████░░░░░░░░░░░███████
██████▀░░░░░░░░░░░▀██████
██████▄░░░░░▄███▄░▄██████
██████████▀▀█████████████
████▀▄██▀░░░░▀▀▀░▀██▄▀███
███░░▀░░░░░░░░░░░░░▀░░███
████▄▄░░░░▄███▄░░░░▄▄████
▀███████████████████████▀
▀▀███████████████████▀▀
 
 CHIPS.GG 
▄▄███████▄▄
▄████▀▀▀▀▀▀▀████▄
███▀░▄░▀▀▀▀▀░▄░▀███
▄███
░▄▀░░░░░░░░░▀▄░███▄
▄███░▄░░░▄█████▄░░░▄░███▄
███░▄▀░░░███████░░░▀▄░███
███░█░░░▀▀▀▀▀░░░▀░░░█░███
███░▀▄░▄▀░▄██▄▄░▀▄░▄▀░██
▀███
░▀░▀▄██▀░▀██▄▀░▀░██▀
▀███
░▀▄░░░░░░░░░▄▀░██▀
▀███▄
░▀░▄▄▄▄▄░▀░▄███▀
▀█
███▄▄▄▄▄▄▄████▀
█████████████████████████
▄▄███████▄▄
███
████████████▄
▄█▀▀▀▄
█████████▄▀▀▀█▄
▄██████▀▄▄▄▄▄▀██████▄
▄█████████████▄████████▄
████████▄███████▄████████
█████▄█████████▄██████
██▄▄▀▀▀▀█████▀▀▀▀▄▄██
▀█████████▀▀███████████▀
▀███████████████████▀
██████████████████
▀████▄███▄▄
████▀
████████████████████████
3000+
UNIQUE
GAMES
|
12+
CURRENCIES
ACCEPTED
|
VIP
REWARD
PROGRAM
 
 
  Play Now  
trapcoder666
Copper Member
Full Member
***
Offline Offline

Activity: 234
Merit: 135



View Profile
November 30, 2019, 04:43:31 AM
 #10

You can't consider it as a cold wallet if its on a phone. Eventually the phone will go online unless if you're keeping it offline 24/7 without wifi, data then there won't be use of using a phone anyway. Plus not to mention the fact that you have to preload a third party app.
o_e_l_e_o
In memoriam
Legendary
*
Offline Offline

Activity: 2268
Merit: 18747


View Profile
November 30, 2019, 10:02:05 AM
Merited by BrewMaster (1)
 #11

I've had a look at your website, and there are a number of things which concern me enough to not want to use your service. Perhaps you can address them.

Quote
Cold wallet made simple
A phone is not a cold wallet.

Quote
can easily audit (even without reviewing our open-source code)
I can't find a link to your open source code anywhere, and the "audit" link simply links to your wallet generator.

Quote
If, within 6 to 12 months (depending on the plan you purchased), you do not renew or cancel your plan, selftrust.me assumes you passed away and automatically emails your heir the cryptogram it holds.
This is not trustless. We have to trust you not to go out of business, or hold our coins ransom whilst demanding our heir pay for the other half of the secret. At the moment we also have to trust your secret generation and transmission process, since there is no link to your source code.

There is also no mention of your pricing model. Why would I pay an ongoing subscription and trust an unknown third party, when I could just split my seed myself and pay a one-off fee to place half of it in my will with a reputable law firm?
ilovecoins2014 (OP)
Newbie
*
Offline Offline

Activity: 18
Merit: 2


View Profile
December 01, 2019, 04:02:22 AM
Last edit: December 01, 2019, 06:39:32 AM by ilovecoins2014
 #12

What makes this any different than using Electrum for Android (in airplane mode), or a separate air gapped computer with Electrum?

There is also another hardware wallet called Elipal Titan that is completely offline and uses QR Codes.

1) To my knowledge, you cannot use your own entropy on Electrum. With our wallet, you can generate and use your own entropy very easily.

2) Using an air-gapped mobile phone (Vs. an air-gapped computer) brings you convenience (i.e. you have access to your cold wallet almost anywhere). It is also easier to scan QR codes with an air-gapped mobile phone.

3) Elipal is expensive and has the typical hardware wallet vulnerabilities: https://en.bitcoin.it/wiki/Hardware_wallet
With our wallet, since you choose your own hardware to install our app, you considerably mitigate such vulnerabilities.
ilovecoins2014 (OP)
Newbie
*
Offline Offline

Activity: 18
Merit: 2


View Profile
December 01, 2019, 05:07:03 AM
Last edit: December 01, 2019, 06:40:20 AM by ilovecoins2014
 #13

Ignore me if I sound stupid but how would you download the app when your phone is on the airplane mode? It needs the internet to download the App right?  Huh

Pretty sure you need to be online first and then switch to airplane mode, or download from another phone and send it to your 'wallet phone'. In both cases, it still needs to connect with the internet or another device, and not as 'cold' as you think it would be.

Once you download our app on an Android device, you must keep this device in airplane mode as long as the app is installed.
You can also (as I  did myself) ask your local mobile shop to physically remove remote connectivity from your device (i.e. remove sim card slots, wifi modem, bluetooth...) before using our app.

In any case, once offline (in airplane mode or after physically removing all connectivity), you can use our app to create your wallet with your own entropy and offline-sign transactions via exchanging QR codes.

This way, by design, your secret keys are really yours (created with your own entropy) and are always kept offline. This is the definition of a cold wallet as you can see here: https://en.bitcoin.it/wiki/Cold_storage
trapcoder666
Copper Member
Full Member
***
Offline Offline

Activity: 234
Merit: 135



View Profile
December 01, 2019, 09:29:36 AM
 #14

Ignore me if I sound stupid but how would you download the app when your phone is on the airplane mode? It needs the internet to download the App right?  Huh

Pretty sure you need to be online first and then switch to airplane mode, or download from another phone and send it to your 'wallet phone'. In both cases, it still needs to connect with the internet or another device, and not as 'cold' as you think it would be.

You can also (as I  did myself) ask your local mobile shop to physically remove remote connectivity from your device (i.e. remove sim card slots, wifi modem, bluetooth...) before using our app.



This is too much work and to get a shop to open up the phone and get all those removed it will not only cost a lot and chances of it working again is quite slim as the kernel is built around controlling this connectivity modules. What if they have an expensive iphone and or another expensive device?

It will be much more easier for them to just get a HTC Exodus 1S which has a secured partition specially for crypto wallet. Having one integrated with the phone is far more secured than running a third party app.

All in all, keeping a paper wallet in a bank storage would be so much easier and cost effective in terms or legally making a will in case something happens to the owner , etc or a trezor.

Just my 2 cents.
o_e_l_e_o
In memoriam
Legendary
*
Offline Offline

Activity: 2268
Merit: 18747


View Profile
December 01, 2019, 08:09:00 PM
 #15

To my knowledge, you cannot use your own entropy on Electrum.
You can use your own entropy on any BIP39 supporting wallet by downloading https://iancoleman.io/bip39/ and running it offline. This also has the added advantage of being open source, so you can be sure the seed which is displayed matches the entropy you have generated. You haven't yet answered my question above about your claim that you are open source, but you provide no link to any code repositories. You can even just calculate it manually if you wanted - the only program you would need is something simple to perform a SHA256 hash for you to calculate the checksum.

Using an air-gapped mobile phone (Vs. an air-gapped computer) brings you convenience
At the risk of security. Various studies have shown that Google can track phones even while they are in airplane mode, and as soon as airplane mode is turned off, data which has been recorded while airplane mode was on can be transmitted.
Dabs
Legendary
*
Offline Offline

Activity: 3416
Merit: 1912


The Concierge of Crypto


View Profile
December 02, 2019, 04:36:25 PM
 #16

Yeah, I don't see why I wouldn't just use Electrum. You can generate the seed from either the phone or another desktop / laptop computer and it uses the computer's entropy by default which is good enough for most people. The seed has to conform to a standard or a checksum.

It's good there are other options, but the source eventually needs to be published or no one else is going to use it.

ilovecoins2014 (OP)
Newbie
*
Offline Offline

Activity: 18
Merit: 2


View Profile
December 03, 2019, 12:52:11 AM
 #17

Yeah, I don't see why I wouldn't just use Electrum. You can generate the seed from either the phone or another desktop / laptop computer and it uses the computer's entropy by default which is good enough for most people. The seed has to conform to a standard or a checksum.

It's good there are other options, but the source eventually needs to be published or no one else is going to use it.

1) As I said elsewhere in this thread, publishing the source code of the app is obviously a no brainer and will be done as soon as we are past the alpha stage (where we are now) and release the app publicly (right now, a few alpha testers play with our wallet using our money).

2) Using someone else's entropy (including Electrum's) always represents a significant risk.

3) In any case, an entropy generated by a software is not as random as an entropy generated through physical means (i.e. "physical entropy"), as you can see here:
https://en.bitcoin.it/wiki/Passphrase_generation

Our wallet facilitates the use of physical entropy. When you use physical entropy, you have the guarantee that your entropy is truly random. You can't obtain that guarantee if you use Electrum's entropy (or any software-based entropy). Yet, obtaining that guarantee is crucial since all your secret keys rely on the randomness of your entropy.
ilovecoins2014 (OP)
Newbie
*
Offline Offline

Activity: 18
Merit: 2


View Profile
December 03, 2019, 02:31:43 AM
Last edit: December 03, 2019, 06:14:32 AM by ilovecoins2014
Merited by o_e_l_e_o (1)
 #18

I've had a look at your website, and there are a number of things which concern me enough to not want to use your service. Perhaps you can address them.

Quote
Cold wallet made simple
A phone is not a cold wallet.

Quote
can easily audit (even without reviewing our open-source code)
I can't find a link to your open source code anywhere, and the "audit" link simply links to your wallet generator.

Quote
If, within 6 to 12 months (depending on the plan you purchased), you do not renew or cancel your plan, selftrust.me assumes you passed away and automatically emails your heir the cryptogram it holds.
This is not trustless. We have to trust you not to go out of business, or hold our coins ransom whilst demanding our heir pay for the other half of the secret. At the moment we also have to trust your secret generation and transmission process, since there is no link to your source code.

There is also no mention of your pricing model. Why would I pay an ongoing subscription and trust an unknown third party, when I could just split my seed myself and pay a one-off fee to place half of it in my will with a reputable law firm?

Thank you for taking the time to provide us with valuable feedback.

Cold Wallet

By design, with our wallet, the secret keys are really yours (created from your own entropy) and are always kept offline. This is in line with the definition of a cold wallet as you can see here: https://en.bitcoin.it/wiki/Cold_storage

Source Code

We are still at an alpha stage (that's why we propose to test our wallet with our money). We will obviously release the source code of the app once we are past this stage and publicly release our product.

Ransom threat

Imho, this threat is not a realistic possibility.

Indeed, we do not know who you are and have no way to estimate the value of the wallet you intend to transmit to your heir. Furthermore, the information you entrust us with is useless without the information that your heir already has and that we ignore.

Therefore, even if we were dishonest and planning to operate anonymously (which is not the case), we have:
. no power to steal your heir's inheritance;
. no reason to ruin our business and risk jail time by trying to ransom your heir for your wallet whose value is unknown to us.

Instead, our only incentive is to play by the rules and hopefully turn your heir into our customer.

Going out of business

If we go out of business, we'll use a customary 12-month sunset period to:
. let our customers know they need to find another solution for cold storage and for transmitting their wallet,
. allow our servers to complete pending transmissions to heirs.

Price of the inheritance service

We are still undecided but plan to charge USD 1-2 worth of BTC a month in order to make the service affordable to anyone.

Taking care of the inheritance by yourself or through a law firm.

We provide convenience and affordability. You can also use additional backup solutions beyond ours.

Now, compared to our solution, using a law firm is:
. way more costly (even with only a one-time fee),
. not anonymous,
. possibly troublesome if one alleged heir pretends to have been spoiled and sues your estate executor and/or your intended heir; this happens all the time and may delay for years your intended heir from enjoying your wallet (not to mention the hassle and legal fees your intended heir may have to face).

Android device in airplane mode

Once our app is installed on an Android device, the device is meant to be kept offline and for the exclusive use of our app.

If you don't trust Android's airplane mode to keep it offline, you can also ask your local mobile shop to physically remove remote connectivity from your device (i.e. remove sim card slots, wifi modem, bluetooth...) before using our app. I did that myself on different Android devices (it is straightforward, usually costs $5-20 depending on where you are located, and takes less than 15 minutes).

Alternatively, you can also simply remove the SIM card, delete all WIFI configurations, and never connect again to any networks once our app is installed.

Why an Android phone to shelter our app?

Hundreds of millions of people can't afford a USD 100 hardware wallet but can use a repurposed old Android phone dedicated only to shelter our app and protect their bitcoins (and possibly other crypto-assets). This is especially true in countries where people use bitcoins because they can't trust their local currencies and have no access to banking services.
o_e_l_e_o
In memoriam
Legendary
*
Offline Offline

Activity: 2268
Merit: 18747


View Profile
December 03, 2019, 08:24:41 AM
 #19

By design, with our wallet, the secret keys are really yours (created from your own entropy) and are always kept offline.
They aren't, though. A phone in airplane mode is not an isolated device, and as I said above, your phone carrier, Google, and who knows who else can still send and receive data to phones which are in airplane mode. Similarly, even if you delete the wallet before turning off airplane mode, there is no guarantee that the files don't still exist and are accessible on your phone's storage, and could be transmitted to a third party at a later date. Cold storage has to be permanently air gapped.

We are still at an alpha stage (that's why we propose to test our wallet with our money). We will obviously release the source code of the app once we are past this stage and publicly release our product.
Fair point.

Instead, our only incentive is to play by the rules and hopefully turn your heir into our customer.
Another fair point. My only concern is your statement that you do not know the value of the wallet - we do not know that to be true until your source code is released.

If we go out of business, we'll use a customary 12-month sunset period
There is no way you can guarantee that. If you go out of business because you don't have any money left, how will you pay for your servers to stay up for 12 months to complete pending transmissions?
Dabs
Legendary
*
Offline Offline

Activity: 3416
Merit: 1912


The Concierge of Crypto


View Profile
December 03, 2019, 03:47:32 PM
 #20

What if someone goes to jail for 13 months ... and you go out of business the day the person is incarcerated? 12 months is too short, there has to be a way to do it without relying on the company.

Pages: [1] 2 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!