Encrypt the PSBT file

[takuma sato]

I was testing offline transactions via PSBT and realized that the PSBT file can be decoded using this program:

https://github.com/achow101/psbt-decoder

Then it's plaintext that contains personal information about the transaction.

Code:

% psbt_dump data/worked-7.psbt

976 bytes in PSBT: data/worked-7.psbt
-- HEADER --

psbt 0xff

-- GLOBALS --

  key: 00  (GLOBAL_UNSIGNED_TX)
value:

020000000258e87a21b56daf0c23be8e7070456c336f7cbaa5c8757924f545887bb2abdd750000000000ffffffff838d0427d0ec650a68aa46bb0b098aea4422c071b2ca78352a077959d07cea1d0100000000ffffffff0270aaf00800000000160014d85c2b71d0060b09c9886aeb815e50991dda124d00e1f5050000000016001400aea9a2e5f0f876a588df5546e8742d1d87008f00000000  (154 bytes)

 Transaction: (2 inputs, 2 outputs, 0 witness)
            : txid 82efd652d7ab1197f01a5f4d9a30cb4c68bb79ab6fec58dfa1bf112291d1617b
   [in #0 ] (not signed)
            from 75ddabb27b8845f5247975c8a5ba7c6f336c4570708ebe230caf6db5217ae858 : 0
   [in #1 ] (not signed)
            from 1dea7cd05979072a3578cab271c02244ea8a090bbb46aa680a65ecd027048d83 : 1
  [out #0 ] tb1qmpwzkuwsqc9snjvgdt4czhjsnywa5yjdzglap9
  [out #1 ] tb1qqzh2ngh97ru8dfvgma25d6r595wcwqy06sqc03


-- INPUT #0 --

  key: 00  (IN_NON_WITNESS_UTXO)
value:

0200000001aad73931018bd25f84ae400b68848be09db706eac2ac18298babee71ab656f8b0000000048473044022058f6fc7c6a33e1b31548d481c826c015bd30135aad42cd67790dab66d2ad243b02204a1ced2604c6735b6393e5b41691dd78b00f0c5942fb9f751856faa938157dba01feffffff0280f0fa020000000017a9140fb9463421696b82c833af241c78c17ddbde493487d0f20a270100000017a91429ca74f8a08f81999428185c97b5d852e4063f618765000000  (187 bytes)

 Transaction: (1 inputs, 2 outputs, 0 witness)
            : txid 75ddabb27b8845f5247975c8a5ba7c6f336c4570708ebe230caf6db5217ae858
   [in #0 ] (unknown)
  [out #0 ] 2MtgN5EvHUm2kNVvqKgqsZ9v2fGH3jCpXVF
  [out #1 ] 2Mw4CE6tUQ7Ak9Zf9TKujgzbVjDZqgRbUVP



  key: 07  (IN_FINAL_SCRIPTSIG)
value:

00473044022074018ad4180097b873323c0015720b3684cc8123891048e7dbcd9b55ad679c99022073d369b740e3eb53dcefa33823c8070514ca55a7dd9544f157c167913261118c01483045022100f61038b308dc1da865a34852746f015772934208c6d24454393cd99bdf2217770220056e675a675a6d0a02b85b14e5e29074d8a25a9b5760bea2816f661910a006ea01475221029583bf39ae0a609747ad199addd634fa6108559d6c5cd39b4c2183f1ab96e07f2102dab61ff49a14db6a7d02b0cd1fbb78fc4b18312b5b4e54dae4dba2fbfef536d752ae  (218 bytes)

-- INPUT #1 --

  key: 01  (IN_WITNESS_UTXO)
value:

00c2eb0b0000000017a914b7f5faf40e3d40a5a459b1db3535f2b72fa921e887  (32 bytes)


  key: 07  (IN_FINAL_SCRIPTSIG)
value:

2200208c2353173743b595dfb4a07b72ba8e42e3797da74e87fe7d9d7497e3b2028903  (35 bytes)


  key: 08  (IN_FINAL_SCRIPTWITNESS)
value:

0400473044022062eb7a556107a7c73f45ac4ab5a1dddf6f7075fb1275969a7f383efff784bcb202200c05dbb7470dbf2f08557dd356c7325c1ed30913e996cd3840945db12228da5f01473044022065f45ba5998b59a27ffe1a7bed016af1f1f90d54b3aa8f7450aa5f56a25103bd02207f724703ad1edb96680b284b56d4ffcb88f7fb759eabbe08aa30f29b851383d20147522103089dc10c7ac6db54f91329af617333db388cead0c231f723379d1b99030b02dc21023add904f3d6dcf59ddb906b0dee23529b7ffb9ed50e5e86151926860221f0e7352ae  (218 bytes)

-- OUTPUT #0 --

  key: 02 03a9a4c37f5996d3aa25dbac6b570af0650394492942460b354753ed9eeca58771 (OUT_BIP32_DERIVATION, 34 bytes)
value:

d90c6a4f000000800000008004000080  (16 bytes)

    Address: 03a9a4c37f5996d3aa25dbac6b570af0650394492942460b354753ed9eeca58771 (33 bytes)
             = n1ExfZ1rECtYdzfBHoeYtAWzTURXsdSVkb
    HD Path: (m=0x4f6a0cd9)/0'/0'/4'


-- OUTPUT #1 --

  key: 02 027f6399757d2eff55a136ad02c684b1838b6556e5f1b6b34282a94b6b50051096 (OUT_BIP32_DERIVATION, 34 bytes)
value:

d90c6a4f000000800000008005000080  (16 bytes)

    Address: 027f6399757d2eff55a136ad02c684b1838b6556e5f1b6b34282a94b6b50051096 (33 bytes)
             = mfaZXpvjGrisYP1rW2wL2YBHJt22sCoX53
    HD Path: (m=0x4f6a0cd9)/0'/0'/5'


-- EXPECT EOF --
-- ACTUAL EOF --

If an attacker gets this, it wouldn't be nice. In order to maintain privacy, I suggest that the PSBT files can optionally be encrypted. It would prompt for a password, once entered the PSBT file is saved encrypted. As you load it on the other computer, it asks for the password. This way you wouldn't be paranoid that a man in the middle attack can be performed to steal the contents of the PSBT.

[achow101]

Almost all of the information contained in the PSBT is (or will be) public information. UTXOs are public, signatures are public, txids and vouts are public. The only thing that is not public are the BIP 32 derivation paths, and those aren't particularly useful to an attacker.

What "personal information" are you concerned about? What is the attack you are concerned about? If you are transmitting PSBTs over the internet, then you can employ third party tools for encryption, such as PGP. If you are concerned about a man in the middle between local machines, then you are concerned about an attacker who has gained remote access to your machines, in which case you have much bigger problems.

[takuma sato]

Almost all of the information contained in the PSBT is (or will be) public information. UTXOs are public, signatures are public, txids and vouts are public. The only thing that is not public are the BIP 32 derivation paths, and those aren't particularly useful to an attacker.

What "personal information" are you concerned about? What is the attack you are concerned about? If you are transmitting PSBTs over the internet, then you can employ third party tools for encryption, such as PGP. If you are concerned about a man in the middle between local machines, then you are concerned about an attacker who has gained remote access to your machines, in which case you have much bigger problems.

Carrying the PSBT file throught a border and then getting the laptop checked in customs for instance. I've heard stories of people getting their laptops confiscated if they had full disk encryption and refuse to deliver a password. In general you don't want governments or just anyone to know you are transacting in Bitcoin and PSBT shows you are in.

I guess you can always put the file inside an encrypted container. I just would like a minimalistic setup where the entire process is done with Bitcoin Core and you don't need to install anything else to store encrypted data.

[o_e_l_e_o]

Carrying the PSBT file throught a border and then getting the laptop checked in customs for instance.

Then don't carry it through customs. As achow has said, it is going to be publicly viewable to the entire world once you broadcast it, so you can store it on the cloud, email it to someone else or yourself, post it on a blog, any method of digital storage which you can access later once you arrive at your destination. If you do all this with a brand new and otherwise anonymous cloud/email/whatever account, then there is minimal additional risk to your privacy.

I've heard stories of people getting their laptops confiscated if they had full disk encryption and refuse to deliver a password.

If border agents are interested enough in you to force you to decrypt your entire disk, then they are going to be interested enough in individual encrypted files or containers to force you to decrypt them too. If you really want to hide something from border agents, then don't take it across the border with you. If you must, then a hidden volume with some "decoy" encrypted data is probably the way to do it, which is far outside the scope of Bitcoin Core.

[achow101]

Carrying the PSBT file throught a border and then getting the laptop checked in customs for instance.

Wallet software is way more obvious than a PSBT. And wallet software will contain far more private information than a PSBT.

PSBTs are just base64 strings, you wouldn't know that it is Bitcoin related unless you are looking for it specifically.

And again, you can just encrypt the PSBT with a third party tool. Then it will look like an encrypted file, instead of specifically an encrypted PSBT as adding an encryption standard would make.

[takuma sato]

Carrying the PSBT file throught a border and then getting the laptop checked in customs for instance.

Then don't carry it through customs. As achow has said, it is going to be publicly viewable to the entire world once you broadcast it, so you can store it on the cloud, email it to someone else or yourself, post it on a blog, any method of digital storage which you can access later once you arrive at your destination. If you do all this with a brand new and otherwise anonymous cloud/email/whatever account, then there is minimal additional risk to your privacy.

I've heard stories of people getting their laptops confiscated if they had full disk encryption and refuse to deliver a password.

If border agents are interested enough in you to force you to decrypt your entire disk, then they are going to be interested enough in individual encrypted files or containers to force you to decrypt them too. If you really want to hide something from border agents, then don't take it across the border with you. If you must, then a hidden volume with some "decoy" encrypted data is probably the way to do it, which is far outside the scope of Bitcoin Core.

I can't agree with this logic of "the entire world will know". The entire world will know X transaction happened but not that it's tied to you. The problem is linking this data to you. It's the basic pseudonymous principle of making transactions in Bitcoin. So if for instance you save a .psbt file in an usb pendrive and you forget to delete it, and someone gets access to the USB physically and manages to tie this USB pendrive to you, then they would know you are an owner of bitcoins. So you have now become a target.
But assuming this will remain as it is then you'll just have to guarantee that the file is put inside a Veracrypt container or something before it leaves your airgapped laptop.
As far as cloud storage. All of these "anonymous email" services aren't really anonymous. And "anonymous cloud services" require that you dox yourself via paying a subscription usually. You would to find one that accepts BTC and mix the coins and hope it all goes well. There's also the problem that you never know what happens with this data if you don't control the servers physically. I haven't found any reasonable way to store stuff in the cloud and call it "safe".

Carrying the PSBT file throught a border and then getting the laptop checked in customs for instance.

Wallet software is way more obvious than a PSBT. And wallet software will contain far more private information than a PSBT.

PSBTs are just base64 strings, you wouldn't know that it is Bitcoin related unless you are looking for it specifically.

And again, you can just encrypt the PSBT with a third party tool. Then it will look like an encrypted file, instead of specifically an encrypted PSBT as adding an encryption standard would make.

I have always wondered why the wallet.dat is not fully encrypted, but in any case you wouldn't move the wallet.dat file around to sign between computers as you would with the PSBT ones. Of course it's the same thing: never move the wallet.dat file around if it's not fully encrypted with a third party software.

[o_e_l_e_o]

The problem is linking this data to you.

I agree, which is why I said to use an anonymous account to store it.

As far as cloud storage. All of these "anonymous email" services aren't really anonymous. And "anonymous cloud services" require that you dox yourself via paying a subscription usually. You would to find one that accepts BTC and mix the coins and hope it all goes well.

I could use Tor to sign up to a brand new ProtonMail account, and then upload an encrypted PSBT and save it as a draft. When I arrive at my destination, I use Tor to access the ProtonMail account, download and then decrypt the PSBT.

I haven't found any reasonable way to store stuff in the cloud and call it "safe".

Again, I completely agree, and would never advocate storing any sensitive data online in any manner. But the goal here is not "prevent all access to this data" (which is near impossible to achieve once you upload something to any cloud storage or similar), but rather "prevent this data from being linked to me", which is far more realistic.

[odolvlobo]

Is there something about the structure of a PSBT that would benefit more from including encryption in the protocol over encrypting the PSBT in a transmission layer?

[n0nce]

In general you don't want governments or just anyone to know you are transacting in Bitcoin and PSBT shows you are in.

PSBT file is relative small, you could always hide it inside regular file (e.g. png or docx).

I really love this idea! It's quite easily possible to store whole papers in jpegs with minimal modification of the look of the image when opened in an image viewer.

Here's an online tool to try Steganography.

From https://en.wikipedia.org/wiki/Steganography, very impressive:

According to https://protonmail.com/support/knowledge-base/human-verification/, it's harder than you expected. If they decide to ask email or SMS as verification, your only option is either perform the verification or upgrade to paid plan using Bitcoin.

That's correct, I tried to create a Protonmail account via Tor Browser a few times already and compared to accessing the site over clearnet, it asks for verification using Email, SMS or payment.

[Dabs]

Slightly off-topic, but there are ways to create gmail accounts anonymously. It's a bit harder and well, gmail is owned by Google. But it can be done and then forever accessed through Tor so gmail never has your ip address, except maybe the first time (so the first time, when it is created, you have to do it from some public wifi hotspot or coffee shop or mall.)

You can then use those gmail accounts to maybe sign up for protonmail, maybe? I've only had to make one protonmail account and I don't even use it.

I find it's much easier to hide as a normal looking sheep with the other 1 billion users of gmail.

Crossing international borders is always a risk. I find that the officers don't normally take too much interest in phones or cameras, and sometimes even laptops. As long as you keep all of those devices off and encrypted, they're usually not going to bother. You can also just tape a microsd card to your device without actually inserting it? That way you can "smuggle" up to 1 terabyte of data without anyone knowing.

But, like implied, that might be a hassle for the OP to do.

[o_e_l_e_o]

If they decide to ask email or SMS as verification, your only option is either perform the verification or upgrade to paid plan using Bitcoin.

Then I could buy a pre-paid SIM card for a dollar anonymously using cash for the sole purpose of receiving this SMS verification. Or try various disposable email address for verification. Or I could email them and directly request an invite, since the only reason they require verification is to prevent spammers, and it's highly unlikely a spammer is going to email them directly for the purpose of opening a single account. Or I just pay the $5 to open a Plus account for a month, not a big deal.

Although if you are going to encrypt the PSBT before uploading it, you don't even need to use ProtonMail - just host it somewhere you can access via Tor and it won't get deleted. Open a GitHub account and stick it on there. You could probably open a topic on the Archival board here and stick it there. Message it to yourself using an encrypted communication app like Signal. There are multiple possibilities.

[Dabs]

Expiring pastebin? https://pastebin.com/vpfUWaaU (this link will expire in 2 weeks and is empty). Used Tor, so even pastebin doesn't know the real ip address.

Here's an alternative site I've used:

https://paste.ee/p/OuwLN

Description: test will expire in 1 hour
Submitted on October 2, 2021 at 10:44 PM
Expires on October 2, 2021 at 11:44 PM (59 minutes from now)

Also used over Tor.

[takuma sato]

Slightly off-topic, but there are ways to create gmail accounts anonymously. It's a bit harder and well, gmail is owned by Google. But it can be done and then forever accessed through Tor so gmail never has your ip address, except maybe the first time (so the first time, when it is created, you have to do it from some public wifi hotspot or coffee shop or mall.)

You can then use those gmail accounts to maybe sign up for protonmail, maybe? I've only had to make one protonmail account and I don't even use it.

I find it's much easier to hide as a normal looking sheep with the other 1 billion users of gmail.

Crossing international borders is always a risk. I find that the officers don't normally take too much interest in phones or cameras, and sometimes even laptops. As long as you keep all of those devices off and encrypted, they're usually not going to bother. You can also just tape a microsd card to your device without actually inserting it? That way you can "smuggle" up to 1 terabyte of data without anyone knowing.

But, like implied, that might be a hassle for the OP to do.

I wouldn't use anything Google to store anything of value. In this particular case, using gmail throught Tor the way I see it is a recipe for disaster. Google can lock you out at a random time because the IP that you are trying to connect from doesn't match the last device used, which will be the case because Tor always cycles IP's. In fact you can find people with their accounts locked because they tried to log in from an VPN, so I wouldn't even use any proxy to access anything Google, specially if you have an Adsense account. The only way to unlock it would be via doxing yourself (phone) so in this scenario it wouldn't work.

Protonmail is known for handing info when requested, but I guess it's safer when it comes to accessing it thought Tor, even tho I have had Protonmail accounts locked because the IP of the Tor node was tagged by them as "spam", so not even Protonmail is safe from getting locked but at least is less probable than Google. You could also try to get it unlocked via support and pointing to the fact that they even have an onion site so they should support Tor users. No way to do this with Google. I understand the philosophy of hiding between a lot of other users but I don't think Google and Tor get along.

If they decide to ask email or SMS as verification, your only option is either perform the verification or upgrade to paid plan using Bitcoin.

Then I could buy a pre-paid SIM card for a dollar anonymously using cash for the sole purpose of receiving this SMS verification. Or try various disposable email address for verification. Or I could email them and directly request an invite, since the only reason they require verification is to prevent spammers, and it's highly unlikely a spammer is going to email them directly for the purpose of opening a single account. Or I just pay the $5 to open a Plus account for a month, not a big deal.

Although if you are going to encrypt the PSBT before uploading it, you don't even need to use ProtonMail - just host it somewhere you can access via Tor and it won't get deleted. Open a GitHub account and stick it on there. You could probably open a topic on the Archival board here and stick it there. Message it to yourself using an encrypted communication app like Signal. There are multiple possibilities.

Github has banned Tor, or at least the last time I tried you couldn't get past the captcha. Not aware of the Archival method. The main problem would be that you don't control the servers, so even after you delete the file, the file is recoverable. With a strong 128 char random password, it should be safe to say it wouldn't be cracked even if they obtained a physical copy, but you never know.

I was thinking about methods to store a wallet.dat in the cloud too since you can't have the "spawn seed" method like on Electrum, and I just don't feel safe uploading it anywhere even with 128 char sha-512 encryption.

[o_e_l_e_o]

I was thinking about methods to store a wallet.dat in the cloud too since you can't have the "spawn seed" method like on Electrum, and I just don't feel safe uploading it anywhere even with 128 char sha-512 encryption.

Now that's a different question altogether. Storing a PSBT in the cloud, which only contains information which is going to become completely public as soon as you broadcast the transaction, is one thing. Storing a wallet.dat, seed phrase, private key, etc., is quite another thing altogether. I would never store anything which contains sensitive information in the cloud, certainly not information which could be used to steal my bitcoin, regardless of how well I thought it was encrypted or otherwise protected.

[Dabs]

I wouldn't use anything Google to store anything of value. In this particular case, using gmail throught Tor the way I see it is a recipe for disaster. Google can lock you out at a random time because the IP that you are trying to connect from doesn't match the last device used, which will be the case because Tor always cycles IP's. In fact you can find people with their accounts locked because they tried to log in from an VPN, so I wouldn't even use any proxy to access anything Google, specially if you have an Adsense account. The only way to unlock it would be via doxing yourself (phone) so in this scenario it wouldn't work.

I use gmail all the time over tor. The trick is to enable 2FA before going on it through tor. The first ip address is the only thing "real" that they will get, so use any other ip address but yours to create the account, then immediately activate 2FA and save the secret. You can then log in using tor and it will ask for the code which you can enter.

If you're not concerned about google knowing your ip, then use your normal account (the one with your real name and all that)... but if you want an anon one, just create it while sipping your coffee at Starbucks or the mall using their wifi.

[kano]

Wouldn't you simply be better to access that encypted data remotely?
On a rented server, or, in you aren't homeless, access your home remotely?

Have nothing that matters stored on any hardware you carry into regions where that could matter ...

[HCP]

Wouldn't you simply be better to access that encypted data remotely?
On a rented server, or, in you aren't homeless, access your home remotely?

Have nothing that matters stored on any hardware you carry into regions where that could matter ...

This would be the approach I would take. A little raspberry pi home server (or similar) with TOR etc would be relatively cheap and easy to setup... you'd be able to store whatever you wanted on it... travel across a border with your "clean" devices and then access whatever you needed at your destination.

With the added benefit of not needing to "trust" any cloud based service.

[PrimeNumber7]

In general you don't want governments or just anyone to know you are transacting in Bitcoin and PSBT shows you are in.

PSBT file is relative small, you could always hide it inside regular file (e.g. png or docx).

I really love this idea! It's quite easily possible to store whole papers in jpegs with minimal modification of the look of the image when opened in an image viewer.

Here's an online tool to try Steganography.

From https://en.wikipedia.org/wiki/Steganography, very impressive:

Be careful with this. The “art” of Steganography is an arms race between people trying to hide data and people trying to find said data. The later group is much better funded, although they also are facing a more difficult task.

My advice is to try to hide in plain sight. I would assume that any government can decrypt anything that you possess at the border. Governments have broad authority at border crossings and they have great technology that in many cases is not publicly known.

If you are crossing a border, my advice would be as follows:
*create cloud storage prior to leaving your country
*shortly before leaving your country, move your coin to a newly generated address, encrypt the private key via something that is complex but can be memorized.
*upload the encrypted seed to your cloud storage shortly before crossing the border
*destroy copies of files showing your association with bitcoin on your computer.
*cross the border
*create a new seed
*move your coin to the newly generated seed. 

[kano]

...
Be careful with this. The “art” of Steganography is an arms race between people trying to hide data and people trying to find said data. The later group is much better funded, although they also are facing a more difficult task.
...

Indeed, since most people would have to have some original file to modify also.
That leads to the typical 'grab something "random" online' and leaves an easy path to detecting the data.
(use a google image search )

You'd have to generate the original picture offline, modify it, then ensure to destroy all copies of the original.
(and of course understand that what most people would call 'destroy' doesn't actually destroy data)
Then also have the software you could used to decode the file with parameters you'd supply, elsewhere, since having that on the same storage would also be a dead giveaway that you've used that method (since most people don't have such software lying around ...)

[Dabs]

I once prepared my laptop and phone similarly when crossing an international border. The laptop actual had dual boot and the hidden partition was encrypted. The initial boot in 1 or 2 seconds or the default is some benign looking fresh clean install of Windows 10 / Linux Mint or something that has no other files on it, save some predownloaded youtube videos about generic information.

After crossing the same border several times, I've noticed the border officials look at other indicators before they even try to search or look at your electronics. So I've gotten lazy and just don't bother since they never search me, or my phone or my laptop or my camera. I just put them through the x-ray like everyone else. They're not turned on. They are still encrypted at rest and I simply don't put anything on there anymore.

I guess it depends on where you came from, where you are going to, and the most important thing is how you look like (do you fit a certain profile? Yes, border security officials are discriminatory, so try to look like everyone else, as much as possible.) Random checks are not random.

Unfortunately, if you've ever been flagged before (like many journalists) you will forever be on some "watch this person" list everywhere you go.

These days, if I really need anything with me that I can't download fast enough on the other side, a microSD card can store 1TB of encrypted stuff.