First-Class Bitcoin Self-Sovereignty Using SeedSigner https://ift.tt/gPXM7OL

How an open-source Bitcoin signing device can change lives. SeedSigner provides an alternative for people to use bitcoin in economically oppressed countries.

Why Bitcoin Matters In Palestine

Fadi Elsalameen:

At the Bitcoin 2022 Conference, I participated in the “Bitcoin Is Freedom” discussion panel highlighting corruption in my part of the world as the biggest enemy of economic freedom and prosperity. I laid out my reasons for why Bitcoin is our best chance for a better future for Palestinians.

(Source)

Palestinians are denied financial freedom. Wire transfers are blocked if you are a critic of the corrupt authorities or if you don’t pay a bribe to the Palestinian Monetary Authority. I found my passport, my bank statement and other personal details on the front page of a newspaper owned by the terrorist organization Hezbollah. The smear article was a “hit job” by Mahmoud Abbas (president of the Palestinian National Authority), his intelligence agencies and the Bank of Palestine itself in retaliation for my anti-corruption work against the Palestinian Authority.

Palestine exists under a repressive economic policy decided entirely by Israel. Palestine doesn’t have a central bank and has no control over monetary policy. According to outdated agreements like the Paris Accords, Palestinians must use the Israeli shekel as their currency. It is no surprise that 72% of international aid to the Palestinians ends up in the Israeli economy. The panel’s moderator, Alex Gladstein, chief strategy officer of the Human Rights Foundation, noted, “Just imagine the psychological effect of having to use your occupier’s currency. There’s something deeply distressing about that.”

Bitcoin provides an escape from this corruption and financial repression. Gladstein highlighted the benefits of adopting bitcoin in his book “Check Your Financial Privilege.” He points out that 70% of Palestinians are connected to the internet and could achieve financial independence by adopting bitcoin as their preferred medium of exchange.

As Gladstein writes in “Can Bitcoin Be Palestine’s Currency Of Freedom?”:

“In Gaza, Uqab told me, there is no Venmo, no PayPal and no easy way to transact with the outside world. The financial infrastructure is collapsing just as badly as the physical and social infrastructure. But today, he can do with Bitcoin what was impossible before: send and receive money to and from family abroad, quickly, directly, with barely any fees.”

Bitcoin provides economic freedom and hope to not only Palestine; Gladstein has written extensively on Bitcoin in Afghanistan as well as on Bitcoin as a solution for African nations suffering under French monetary colonialism.

In order for Bitcoin to bring about a brighter future for these places that so desperately need it, Palestinians, Afghans, Africans — people throughout the world — will need affordable access to the tools necessary to securely take control of their own money through bitcoin.

This is why I’m so excited to introduce you to my friends working on the SeedSigner open-source project: “SeedSigner” (the pseudonymous creator of the project) and Keith Mukai (lead developer).

Bitcoin Self-Custody Options, Struggles

The importance of being able to “be your own bank” through Bitcoin is hard for us to really appreciate here in the U.S. But as Elsalameen lays out above, this economic self-sovereignty is a desperately needed solution for so many repressed or neglected parts of the world. But bitcoin self-custody can be complicated and bewildering, with a wide array of options and often risky trade-offs. We will quickly explore the primary bitcoin self-custody options available and explain why the SeedSigner project is particularly well suited to address people’s needs in Palestine and throughout the world.

“Hot” Wallets May Cause Burns

The simplest option for beginners is to create a new “hot” wallet on a smartphone using an open-source app like BlueWallet. You can move your funds off of a custodial exchange into this new wallet that only you control. More relevant to Palestine, family from overseas could send bitcoin directly to your wallet with no government intermediaries, no gatekeepers demanding kickbacks. Bitcoin is completely permissionless. You could also use your wallet to use bitcoin as a medium of exchange to buy or sell products or services, again with no limitations or restrictions.

(Screenshot/BlueWallet.io)

But this sort of wallet is considered “hot” because the “secret” that controls your bitcoin — your wallet’s unique private key — is stored in the wallet software itself which is on a device that’s connected to the internet. This unfortunately puts your private key at constant risk of being extracted by hackers, should they find an exploit.

Your private key secures your bitcoin; if anyone else gets it, they can steal all of your funds. Similarly, if someone gets access to your phone and opens the wallet software, the private key and all your bitcoin are there for the taking.

Hot wallets are easy and convenient, but should only be used for “walking around” money; if you wouldn’t feel comfortable with, say, $2,000 cash in your pocket, you shouldn’t store that much on a hot wallet, either.

Enter: Hardware Wallets

For greater security, it would be ideal to keep it easy to receive bitcoin at any time, but have more protection around the ability to spend your bitcoin. A “watch-only” wallet contains only enough information to receive funds (“receive-only” would’ve been a better name!), but it doesn’t have the private key and therefore it cannot spend your bitcoin.

(Screenshot/BlueWallet.io)

Instead, in such setups your private key is safely stored elsewhere, within a separate custom-engineered device referred to as a hardware wallet (a regrettably confusing name; “keystore” or “secrets vault” would’ve been better). This device is specifically designed to withstand attempts to extract the private key from within it.

Some hardware wallets plug into internet-connected devices, which, yes, re-introduces some moderate, but not unreasonable risk. Others maintain a complete “air gap” where they are never physically connected to any other device in order to provide extra assurances that your private key cannot be transmitted. Regardless of the design philosophy, using a hardware wallet to separate your private key from a “hot” wallet is fittingly called “cold storage.”

As long as you keep your hardware wallet secure, no one else can move your bitcoin.

There’s a whole industry of manufacturers producing various hardware wallets for the retail market, such as Coldcard, Trezor, BitBox02, Keystone, Passport, etc.

So Hardware Wallets For All?

But there’s a “but” here. The most popular hardware wallets range from $60 to $140 with some options even reaching $300. For bitcoin savers in places like the U.S., a hardware wallet is a modest outlay to secure your stack once it has grown beyond that “walking around” level of value.

Unfortunately in places like Palestine, buying and taking delivery of a hardware wallet from a retail vendor can be difficult (remember those intrusive gatekeepers), excessively expensive (over-regulation, bribes) or can even be outright dangerous in many places in the world that are hostile to bitcoin and financial self-sovereignty.

Even if these costs and complications can be overcome, hardware wallets are meant to protect a single private key. Person X may be able to acquire a hardware wallet and set up their own cold storage, but Persons Y and Z are still left looking for their own solution. It is technically possible to share a hardware wallet with others but, in practice, it’s extremely cumbersome and creates additional security and more serious operational risks.

Ultimate Self-Sovereignty: Multisig

The most advanced form of bitcoin self-custody is a wallet that is secured by a collection of private keys instead of just one. Such wallets require multiple cryptographic signatures to authorize a spending transaction, thus the common shorthand name: “multisig.” A typical multisig is a “2-of-3” where three private keys are used to create the multisig wallet but any two of them can spend the funds. This allows for better redundancy (you can lose one private key, but still recover your funds) and better security (thieves need to steal more secrets to succeed).

Multisig is considered the best, safest way to store your bitcoin.

(Screenshot/Keep It Simple Bitcoin)

And, of course, each key that participates in your multisig should ideally be “cold” (secured and kept separate from any internet-connected device) in its own hardware wallet.

Multisig For Me But Not For Thee

Realistically, this renders true multisig cold storage nearly impossible for the vast majority of people in the world; it’s quite difficult and costly for Palestinians to acquire a single hardware wallet, let alone three of them. Now, sure, other schemes exist where a single hardware wallet might be paired with a few “hot” keys (some of the private keys are somewhat at risk on an internet-connected device) to form a “not-quite-cold” or “luke-warm” multisig wallet. You could even do a 100% “hot” multisig arrangement with no hardware wallet at all. There are also third-party collaborative custody services where you trust them with one of the private keys (though these services are currently limited to mostly just U.S. customers). All of these compromise schemes obviously include some unfortunate security trade-offs.

So bitcoin savers in Palestine and elsewhere are largely relegated to being second-class bitcoin users because they just aren’t able to take advantage of the best self-custody approaches available.

We can do better.

SeedSigner Fixes This

SeedSigner is a completely open-source Bitcoin hardware wallet project that is built around an incredibly counter-intuitive approach: it doesn’t remember your private key. When it’s turned off, its memory is completely wiped. Nothing is written to any kind of persistent storage. When it’s turned back on, it’s a clean slate, as if it had never been used before.

As you’ll see, this “stateless” twist makes all the difference.

SeedSigner with “Orange Pill” enclosure (Photo/@SeedSigner)

Quickly: The Nuts & Bolts

The SeedSigner project launched as a DIY (do-it-yourself) proof of concept in early 2021. It can be built from commonly available off-the-shelf components, centered around the ultra low-cost Raspberry Pi Zero 1.3. This hardware has no wireless data connectivity — no WiFi, no Bluetooth — and is powered via an external battery or USB wall plug. Once the components are assembled, the user just has to download the free, open-source software and write it to the device’s SD card. A growing variety of open-source 3D-printable enclosure designs are freely available to download, though a case isn’t even necessary.

Standard Raspberry Pi camera, Zero 1.3 board, Waveshare display hat and SD card. (Photo/seedsigner.com)

One SeedSigner, Infinite Keys

Let’s return to SeedSigner’s core concept: What good is a hardware wallet that doesn’t remember your private key (aka “seed”)?

You’ll have to re-enter your seed every time you need to use it. This sounds terrible, of course! Entering your 12- or 24-word mnemonic backup phrase into a tiny device that doesn’t have a keyboard is no fun.

However, we’ve created a unique way to instantly load your seed: convert it into a QR code that the onboard camera can read. For various security reasons, the only safe way to create this “SeedQR” is to transcribe it by hand! Yes, this sounds insane at first but the guided user interface built into SeedSigner makes it easy enough that Mukai’s young nieces could do it on their own.

After you scan your SeedQR into SeedSigner, the device now has your private key in memory. At this point it can act just like any other hardware wallet. It can sign transactions with your private key, initialize your wallet software, participate in multisig setups, etc.

But SeedSigner can also be used to securely create new private keys. You can make two, three, even 100 new seeds. And of course you can make a SeedQR for each new key for instant loading.

(Photo/Keith Mukai)

Can you see it now?! Your SeedSigner can read in any private key, use it to sign a transaction, blank itself and then read in a completely different seed and sign a completely different transaction. This is a radical departure from typical hardware wallets which are built to work with just one seed.

So SeedSigner isn’t just another hardware wallet; it’s like having an infinite number of traditional hardware wallets!

This means that even bitcoin savers of modest means could immediately have access to the first-class security of true multisig cold storage. Palestinians don’t need to overcome the cost and difficulty of acquiring multiple hardware wallets. They can just create the new seeds they need and fully manage their multisig — or even multiple multisigs! — with one SeedSigner.

@blackcoffeebtc “Retro Pill” enclosure (Photo/@jeremycady)

Real-World Trust Plus Trustless Bitcoin

The implications of SeedSigner’s stateless approach are mind-boggling. It’s so different that we don’t even like to call SeedSigner a hardware wallet. Instead we prefer “signing device,” akin to how a pen is a signing device for a paper contract. No one cares how many different contracts the pen is used to sign — or how many different people sign with it.

This leads us to the next realization: a single SeedSigner could even be shared within close trusted personal networks: family, friends, neighbors … “Can I borrow your pen?” Sure.

Now the analogy isn’t perfect; sharing a Bitcoin signing device does introduce considerable threats. If someone were to tamper with the device or load malicious code, every user of that SeedSigner would be at risk. So if a SeedSigner is going to be shared at all, it should only be within your most trusted circles.

But you can see how this could be a massive Bitcoin force-multiplier for areas like Palestine!

“Open Pill” enclosure (Photo/@SeedMint21)

Ubiquitous Smart Phones, Meet Air-Gapped Signer

A SeedSigner is almost completely isolated from the outside world; it has no onboard WiFi or Bluetooth capabilities and it should never be wired directly to a computer. SeedSigner can only communicate via its integrated display and onboard camera. This isolation is called an “air gap” and offers significant security (anti-hacker) assurances compared to much riskier internet-connected devices.

SeedSigner reads specialized QR codes from a wide variety of Bitcoin wallet software using its onboard camera. The final signed transactions are conveyed back to the wallet software by displaying corresponding QR codes on the SeedSigner display.

This extremely limited form of data exchange keeps your private key “cold” — safely isolated in the air-gapped SeedSigner — while still being able to manage your bitcoin funds using your internet-connected wallet software.

This innovative means of communication has a huge additional advantage: it makes SeedSigner compatible "out of the box" with any smartphone that has a camera. No USB adapters or other accessories required. And according to the World Bank, 83-90% of Palestinians have a mobile phone, most of which will be of the “smartphone” variety at this point.

A “hot” wallet on your phone is not a secure way to store your wealth. But a SeedSigner plus a smartphone provides a powerful, mobile-friendly way to do Bitcoin cold storage the right way in any corner of the world that is seeing smartphone adoption.

See, SeedSigner Fixes This!

SeedSigner's unique approach as a stateless, air-gapped signing device is a particularly compelling tool for bitcoin savers throughout the world. Retail hardware wallets offer a different set of security assurances but they are locked to one device, one private key. That simply cannot scale to support all the struggling communities around the world where Bitcoin is needed the most.

One SeedSigner can plant innumerous seeds of self-sovereignty across an entire circle of real-world trust. People everywhere can be enabled to finally control their own money — free of financial repression, corruption, gatekeepers — and be their own bank.

This is good for humanity, and good for Bitcoin!

Call To Action

As always, considerable challenges remain. The Raspberry Pi Zero 1.3 that is the heart of the SeedSigner DIY build is now quite difficult for individuals to find and is completely impossible to source at scale. We’re going to have to expand support to alternate hardware options, including a strong possibility that we’ll need to design and manufacture our own custom hardware. Our small open-source software project can’t do that on our own.

Fadi Elsalameen:

As I said at the Bitcoin 2022 Conference, “If you are a dreamer without illusions, Bitcoin is your solution.”

Let’s make this solution happen. If you’re inspired by what Bitcoin and SeedSigner could mean for Palestine and beyond, reach out to us to help us realize this vision. We are still figuring out how to best move forward, but we know that we will need people with a wide variety of skill sets, industry contacts, investment capital, translators and so much more.

Find us on Twitter:

@Elsalameen

@SeedSigner

@KeithMukai

Learn more at: seedsigner.com

This is a guest post by Fadi Elsalameen, SeedSigner and Keith Mukai. Opinions expressed are entirely their own and do not necessarily reflect those of BTC Inc. or Bitcoin Magazine.



from Bitcoin Magazine: Bitcoin News, Articles, Charts, and Guides
SeedSigner,Keith Mukai,Fadi Elsalameen

Post a Comment

0 Comments