Bitcoin Forum
October 25, 2021, 09:27:06 AM *
News: Latest Bitcoin Core release: 22.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Broadcast Raw Transaction from Android  (Read 1421 times)
Razick
Legendary
*
Offline Offline

Activity: 1330
Merit: 1002


View Profile
August 08, 2014, 07:32:11 PM
 #1

I'm working on making a cold-storage wallet on a Rasperry Pi (it hasn't been delivered but I'm planning it now). The idea is that I will have a completely offline wallet on my Pi, with a paper backup of course. When I need to send transactions, I'll sign them offline and broadcast them from my online computer.

Now here's my dilemma. Chances are I won't always be at home when I need to send a transaction, so I plan to create and sign some preset transactions on my Pi and print them out as QR codes. The transactions will direct my Bitcoins to my phone wallet so that if I need to send a transaction from my phone, I can just broadcast the transaction and receive the coins without my private keys being exposed to the internet.

I can store the transactions on paper in my wallet (the kind you carry cash in  Cheesy) and scan them when I want coins on my phone. The only problem I see (tell me if you see any others) is that I don't know a good way to broadcast transactions from my phone. As far as I know the Android client doesn't support sending external transactions, and blockchain.info/pushtx seems to be broken.

Does anyone know of an app or reliable online (and easy to use on a mobile device) transaction broadcast utility? Ideally, I'd be able to include the transaction in the URL of the website so I could just scan the QR code and click the link, but I won't be too picky. Grin

ACCOUNT RECOVERED 4/27/2020. Account was previously hacked sometime in 2017. Posts between 12/31/2016 and 4/27/2020 are NOT LEGITIMATE.
1635154026
Hero Member
*
Offline Offline

Posts: 1635154026

View Profile Personal Message (Offline)

Ignore
1635154026
Reply with quote  #2

1635154026
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
shorena
Copper Member
Legendary
*
Offline Offline

Activity: 1498
Merit: 1411


No I dont escrow anymore.


View Profile WWW
August 08, 2014, 08:01:28 PM
 #2

Why so complicated? Maybe I understood you wrong, so Ill sumarize what I think you said:

#0 have awesome offline RasPi wallet
#1 print signed TX to paper
#2 carry around signed TX on paper with you until you want to spend coins
#3 broadcast presigned  TX to phone
#4 wait for conformation
#5 spend coins from phone (with another TX)

why not just:

#1 print a signed TX to paper
#2 broadcast from home to address on phone
#3 carry around in phone wallet until you want to spend coins

Am I missing something or is the "carry around signed TX on paper" part just a way to make this more complicated without gaining anything?

Im not really here, its just your imagination.
TimS
Sr. Member
****
Offline Offline

Activity: 250
Merit: 253


View Profile WWW
August 08, 2014, 08:28:24 PM
 #3

Am I missing something or is the "carry around signed TX on paper" part just a way to make this more complicated without gaining anything?
Not quite. With his plan, someone has to steal both his (physical) wallet and his phone (and then spend/transfer it before the rightful owner realizes the theft and transfers the coins elsewhere) in order to steal his coins. This is of limited use since the wallet and phone are typically carried on your person, but at least it protects against digital-only attacks, and some in-person theft scenarios.

I'd add that you should encrypt the transaction with a passphrase/password before writing it to the paper. Unfortunately, this further complicates the retrieval process: you need a decryption app on the phone. But it does mean that the paper is useless without something that only exists in your head. In this case, you could even store the TXs digitally on your phone and/or the Internet, since there is no longer a security concern.
shorena
Copper Member
Legendary
*
Offline Offline

Activity: 1498
Merit: 1411


No I dont escrow anymore.


View Profile WWW
August 08, 2014, 08:49:14 PM
 #4

Am I missing something or is the "carry around signed TX on paper" part just a way to make this more complicated without gaining anything?
Not quite. With his plan, someone has to steal both his (physical) wallet and his phone (and then spend/transfer it before the rightful owner realizes the theft and transfers the coins elsewhere) in order to steal his coins. This is of limited use since the wallet and phone are typically carried on your person, but at least it protects against digital-only attacks, and some in-person theft scenarios.

While it might* reduces the risk to some form of attacks, I would argue that they are so uncommon that the missing comfort is worse. Esp. since youd only carry around what you would otherwise carry around in a regular wallet anyway. Id also think that a regular thief would turn the phone off ASAP to avoid any sort remotly controled tracking software. Its not like a thief would specifically target someone using bitcoin.

I'd add that you should encrypt the transaction with a passphrase/password before writing it to the paper. Unfortunately, this further complicates the retrieval process: you need a decryption app on the phone. But it does mean that the paper is useless without something that only exists in your head. In this case, you could even store the TXs digitally on your phone and/or the Internet, since there is no longer a security concern.

The app should offer some form of encryption anyway. A simple 6 digit PIN like mycelium uses would be enough to go home and recover the coins.

PS: * I just realized that with a presigned TX the coins have to go to a known address anyway (e.g. your own phone) thus you do not even gain anything in case of an infected phone. There might be certain circumstances where you discover that your phone can no longer be trusted but do not have broadcasted the paper TX yet. I think we are officially in tin foil hat land now.

Just send the coins you want to spend that day/night to your phone and send back what you have left when you are back home.

Im not really here, its just your imagination.
Razick
Legendary
*
Offline Offline

Activity: 1330
Merit: 1002


View Profile
August 08, 2014, 10:18:59 PM
 #5

The problem I have is that the Bitcoin Android app seems so insecure. There's no password, pin or wallet encryption. For this reason, I don't want to keep much in it long term.

Also, I planned to send before the transaction was confirmed as many wallets allow (since the inputs would be from a green address for my purposes), but I just realized that annoyingly the app doesn't allow that.

ACCOUNT RECOVERED 4/27/2020. Account was previously hacked sometime in 2017. Posts between 12/31/2016 and 4/27/2020 are NOT LEGITIMATE.
TimS
Sr. Member
****
Offline Offline

Activity: 250
Merit: 253


View Profile WWW
August 09, 2014, 12:10:15 AM
 #6

PS: * I just realized that with a presigned TX the coins have to go to a known address anyway (e.g. your own phone) thus you do not even gain anything in case of an infected phone. There might be certain circumstances where you discover that your phone can no longer be trusted but do not have broadcasted the paper TX yet. I think we are officially in tin foil hat land now.
We're not entirely in tin foil hat land, because the whole point is that you have multiple papers, and only load one at a time. Let's say each paper is worth 0.1 BTC, and you carry 10 papers at any one time. Typically, you'll only load one paper at a time, so the most that can be stolen is about 0.2 BTC. I think it's fair to assume that if your coins do get stolen (because your phone can no longer be trusted), the losses are limited to 0.2 BTC, and you can simply not scan any more papers in.
shorena
Copper Member
Legendary
*
Offline Offline

Activity: 1498
Merit: 1411


No I dont escrow anymore.


View Profile WWW
August 09, 2014, 04:15:25 AM
 #7

@TimS you have a point there. I personally would not take 1 btc for a night out with me, but that depends on your budget and you probably picked an easy number for the example.

@Razick Yes, big amounts should not be storred on a phone. Even with password. I am not suggesting long term either. Just load your phone with what you need for the occasian and send it back when you return.

Not sure what your scenario is. Do you want to keep all your coins as paperwallets with you?

Im not really here, its just your imagination.
Razick
Legendary
*
Offline Offline

Activity: 1330
Merit: 1002


View Profile
August 09, 2014, 04:25:22 AM
 #8

@TimS you have a point there. I personally would not take 1 btc for a night out with me, but that depends on your budget and you probably picked an easy number for the example.

@Razick Yes, big amounts should not be storred on a phone. Even with password. I am not suggesting long term either. Just load your phone with what you need for the occasian and send it back when you return.

Not sure what your scenario is. Do you want to keep all your coins as paperwallets with you?

The idea is that I might not always know in advance when I will need Bitcoins. I don't want to keep all my coins with me, which is exactly the point. Just having a few predesignated transactions allows me to restrict my coins more and leave them at home.

Ideally, I'd do what you suggest. I only want my method as a backup.

ACCOUNT RECOVERED 4/27/2020. Account was previously hacked sometime in 2017. Posts between 12/31/2016 and 4/27/2020 are NOT LEGITIMATE.
Peter R
Legendary
*
Offline Offline

Activity: 1162
Merit: 1007



View Profile
August 09, 2014, 05:15:20 AM
Last edit: August 09, 2014, 02:33:48 PM by Peter R
 #9

I'm working on a slightly different solution to the same problem.  Instead of printing the signed transaction to a QR code, I created a small token that can sign transactions over NFC.  Your Android wallet would make a signature request to the device, and, if authorized, the device would sign it and relay the signed TX back to your phone.  Your phone then automatically pushes the TX to the network.  Similar to your solution, your private key never touches an internet-connected phone/computer.  These Sigsafe tags aren't yet available for purchase, but the first spin of circuit boards is now complete.  

You can configure these devices to only sign transactions that spend to a pre-defined hot wallet address, require a user password or cryptographic authentication from your phone, or even implement daily transfer limits.  Even if a thief took your tag, it would be very difficult for him to steal your funds .  



Here's the project thread: https://bitcointalk.org/index.php?topic=610453.0

Run Bitcoin Unlimited (www.bitcoinunlimited.info)
Razick
Legendary
*
Offline Offline

Activity: 1330
Merit: 1002


View Profile
August 09, 2014, 06:02:36 AM
 #10

Thank you for posting that, you definitely have my interest.

ACCOUNT RECOVERED 4/27/2020. Account was previously hacked sometime in 2017. Posts between 12/31/2016 and 4/27/2020 are NOT LEGITIMATE.
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!