AirGap wallet- Self custody made simple and secure - Protect your crypto offline

[Pearson12]

AirGap Vault now supports MetaMask on mobile

[Pearson12]

is Sparrow wallet, Blue wallet and Specter wallet only supported Bitcoin wallets, and there is no support for Electrum?

Yes, Sparrow, Blue Wallet, and Specter are Bitcoin wallets. We do not support Electrum for now.

We use BC-UR QR code standard and electrum doesn't support it.

I have one old-new smartphone and I was thinking of testing it with AirGap.
My question is, do I have to disable all internet connection, wifi, remove sim cards, when using this mobile with AirGap wallet?

This is only necessary for the device with the vault. The Wallet is meant to be on an everyday device with a network.

[Pearson12]

I would suggest adding Vault app to open source android stores like Fdroid or IzzyOnDroid.

There were some build issues that we were unable to resolve, mostly because of time constraints, so the issue was closed. https://gitlab.com/fdroid/rfp/-/issues/1479

We'd still like to have AirGap on f-droid, so we'd appreciate any help there.

[Pearson12]

AirGap turns 5! 🎉 - Stand a chance of winning 50 XTZ

[dkbit98]

We use BC-UR QR code standard and electrum doesn't support it.

All this different QR standards are just making more confusion and regular people don't really care about them.
How hard is to make it compatible with this BC-UR QR code standard along with others you support currently?
I am sure you could create some conversion process for compatibility, and I have seen other wallets and signing devices doing the same.

[Pearson12]

We use BC-UR QR code standard and electrum doesn't support it.

All this different QR standards are just making more confusion and regular people don't really care about them.
How hard is to make it compatible with this BC-UR QR code standard along with others you support currently?
I am sure you could create some conversion process for compatibility, and I have seen other wallets and signing devices doing the same.

I'm not a developer, so I can't say how hard it is to implement, but from what I can see from our previous implementations, I assume it's a pretty complex process. AirGap already supports BC-UR and that is pretty much the standard for signing BTC transactions. So if in the future, Electrum implements this, we will automatically become compatible. If you have some experience implementing QR codes, you could make a pull request on our GitHub.

[Pearson12]

Combine Sparrow Wallet's ease of use with AirGap Vault's offline private key storage for
the most secure BTC wallet setup.

[Pearson12]

Combine Specter Wallet's advanced features with AirGap Vault's offline private key storage for
the most advance and secure BTC wallet setup.

[Pearson12]

A Grea new look: AirGap Vault revamp

[Pearson12]

Learn about AirGap plausible deniability feature

[Pearson12]

Learn about AirGap social recovery feature

[dkbit98]

Learn about AirGap social recovery feature

This splitting of seed phrase words into multiple parts sounds a lot like Shamir Secret Sharing, but you are not really eliminating single point of failure like you said in your video.
Other dangers of using something like this is that there is no standardized implementation for this method, math can't be verified by different participants.
It's much better to use regular Multisig solution that is proved and tested for years, but I would like to see some documentation for your Social Recovery feature.

[NotATether]

So I'm guessing that being an offline wallet, it can't send transactions by itself, only generate them. So how does the "pairing" with the other wallet software work for broadcasting such a transaction?

Is it entirely automated, or does a user have to manually go to the other wallet software for broadcasting stuff?

[Pearson12]

This splitting of seed phrase words into multiple parts sounds a lot like Shamir Secret Sharing,

That's exactly what it is.

you are not really eliminating single point of failure like you said in your video.

Having only the seed phrase is a single point of failure. Introducing a mechanism to recover the wallet even if you lose the seed phrase eliminates this

Other dangers of using something like this is that there is no standardized implementation for this method,

In the future, we will be implementing something more standardized like SSKR and Seed XOR.

I would like to see some documentation for your Social Recovery feature.

https://support.airgap.it/features/social-recovery/

So I'm guessing that being an offline wallet, it can't send transactions by itself, only generate them. So how does the "pairing" with the other wallet software work for broadcasting such a transaction?

The AirGap Vault signs a transaction and provides a QR code for the signed transaction. The wallet to which it is paired (e.g AirGap Wallet, Metamask, Sparrow, Spectre, Rabby) scans the QR code and broadcasts the transaction.

AirGap add support for Morpheus Network

[moderator's note: consecutive posts merged]

[dkbit98]

That's exactly what it is.

Than it's much better to call it with it's real name instead of inventing something like Social recovery feature.
It is also important for compatibility to say if your Secret Shamir Scheme is compatible with one that is available in other hardware wallets like Trezor Model T and Keystone wallet.

Having only the seed phrase is a single point of failure. Introducing a mechanism to recover the wallet even if you lose the seed phrase eliminates this

Yes it is, unless you add multiple passphrases, but we are talking about improving something and removing single point of failure, that was not accomplished with SSS because one guy controls everything.

In the future, we will be implementing something more standardized like SSKR and Seed XOR.

That is better, but I don't know who currently uses this except maybe Coldcard.

[Pmalek]

Can you make a comparison between your Social recovery feature VS Shamir Secret Sharing VS Threshold Signatures Schemes or Multi-Party Computation, for example? Why are your methods better and recommended compared to the ones mentioned? MPC is something I recently heard about, but it's in connection with an altcoin that I don't want to be accused of shilling if I mention it. It's easy to find on the first page of a Google search and the project begins with "Q".   

[AirGap_Wallet]

Hi. I'm Andy, one of the developers on the AirGap project.

That's exactly what it is.

Than it's much better to call it with it's real name instead of inventing something like Social recovery feature.
It is also important for compatibility to say if your Secret Shamir Scheme is compatible with one that is available in other hardware wallets like Trezor Model T and Keystone wallet.

There are 2 reasons why we called the feature "Social Recovery" instead of "Shamir's Secret Sharing".

1. The term "Shamir's Secret Sharing" is known in some parts of the community, but because of the lack of a clear standard (at least at the time when we added the feature many years ago), we didn't want users to make false assumptions, eg. regarding compatibility with other implementations (there were a few CLI tools but they were not compatible with our implementation).
2. The term "Social Recovery" is clearer for less technical users.

As already mentioned above, our scheme is not compatible with any other implementation, eg. Trezor or Keystone. The main reason is that our implementation is older than the finalised SLIP-39 standard, which is used by Trezor and Keystone.

The reason we did not change to the SLIP-39 standard after it was finalised is because SLIP-39 does not allow to split up an existing 12 / 24 word mnemonic. So it does not allow you to go from BIP39 mnemonic => Shamir Shares => BIP39 mnemonic. With our implementation, this is possible.

But now that the SSKR standard was defined by blockchain commons, we are planning to adopt it in the near future.

Having only the seed phrase is a single point of failure. Introducing a mechanism to recover the wallet even if you lose the seed phrase eliminates this

Yes it is, unless you add multiple passphrases, but we are talking about improving something and removing single point of failure, that was not accomplished with SSS because one guy controls everything.

You are right, SSS does not remove the single point of failure regarding mnemonic usage, but it does solve the single point of failure regarding secret backup and storage.

In the future, we will be implementing something more standardized like SSKR and Seed XOR.

That is better, but I don't know who currently uses this except maybe Coldcard.

As far as I know, only Coldcard supports Seed XOR at the moment. Hopefully more wallets will follow soon.

Can you make a comparison between your Social recovery feature VS Shamir Secret Sharing VS Threshold Signatures Schemes or Multi-Party Computation, for example? Why are your methods better and recommended compared to the ones mentioned? MPC is something I recently heard about, but it's in connection with an altcoin that I don't want to be accused of shilling if I mention it. It's easy to find on the first page of a Google search and the project begins with "Q".   

As mentioned above, the Social Recovery feature is just a name we use for our implementation of the Shamir's Secret Sharing scheme. I don't know much about Threshold Signatures or Multi-Party computation so I can't talk about them. But from what I've heard they sound very interesting and could solve a few problems.

[Pmalek]

As already mentioned above, our scheme is not compatible with any other implementation, eg. Trezor or Keystone. The main reason is that our implementation is older than the finalised SLIP-39 standard, which is used by Trezor and Keystone.

So if I set up a social recovery option, and then AirGap wallet with all its services ceases to exist 5-10 years from now, how can I regain access to my funds if the scheme doesn't work with other hardware/software wallets? If you adopt the SSKR standard at one point in the future, does it affect all previously configured social recovery setups? Those created before your adoption of SSKR or whatever other model you decide to go for?

[AirGap_Wallet]

So if I set up a social recovery option, and then AirGap wallet with all its services ceases to exist 5-10 years from now, how can I regain access to my funds if the scheme doesn't work with other hardware/software wallets?

The code of our apps is completely open source and the part of the social recovery is only a few lines of code. I would recommend that you use an old deployed version of the app (eg. an APK from GitHub). You could also run the project yourself, or someone could build a standalone version of the recovery feature.

If you adopt the SSKR standard at one point in the future, does it affect all previously configured social recovery setups? Those created before your adoption of SSKR or whatever other model you decide to go for?

SSKR is a completely separate standard, so it is not compatible with our implementation. Once we add SSKR, the generation part will be replaced completely, so going forward it will only be possible to create SSKR shares. But our apps will always support recovery of "old" social recovery setups, we'll never remove that.

[dkbit98]

There are 2 reasons why we called the feature "Social Recovery" instead of "Shamir's Secret Sharing".

Both reasons you mentioned are proof that people should not use and trust any form of Shamir's Secret Sharing.
Lack is clear standards and confusion between different implementations are big disadvantages, and this was never widely accepted by bitcoin community.
Sure it can be better in some cases than holding simple paper with seed words, but this could be mitigated with one or more passphrases.
Adding extra complexity with obscure incompatible system is no go for me, and until I see compatibility with other wallets I don't think it's safe enough to use Airgap wallet social feature.