Wednesday, March 9, 2022

Bitcoin Support presents The Remnant Advanced cold storage solution for the Bitcoin Remnant.

This text is originally taken from our blog.

https://blog.bullbitcoin.com/blog/bitcoin-support-presents-the-remnant

Advanced cold storage solution for the Bitcoin Remnant.

The Remnant is often alone in their battles against the Parasites and Masses of the world. Therefore, they must be adequately protected on all fronts against the threats that such foes could present if ever they are found to be in positions of power or are totally corrupted.

We can’t provide you with all of the tools necessary to fend off such advances, but the least we can do is provide you with the knowledge required to protect your Bitcoin from their malicious intentions. After all, Bitcoin empowers them as well and we cannot afford them to have yours. 

It is with this in mind that the Remnant Guide and accompanying Package have been created. 

Overview 

Whether you wish to use this guide or purchase the package and the assistance that comes with it, you will be going through the elements presented below. You will also understand why we have chosen them and not others, the benefits that they bring and other useful tools to use along the way. 

The Remnant setup is for those that want to max out the privacy and security benefits that a bitcoin wallet has to offer.

You will be shielded from those trying to identify your stack through transaction heuristics, will be able to fend off those that wish to steal from you through the use of physical harm or attempt to hack you and be able to recover your funds through the use of multiple, time-proof and segregated backups if the worst were to happen to your devices. 

The Remnant is best suited for those that have a large stack of bitcoin to safekeep, that need to remain on the move, but still have at least one safe house or trusted contact (they won't be able to steal from you, but will be helpful in case of emergency) and want the highest level of security and privacy without being overwhelmed with their setup when the time comes for them to use their bitcoin.

There are 6 main components, that will be broken down further, that make up this recipe that we call the Remnant that we will explore below.

Air-gapped wallet generation

We leverage the Coldcard’s microSD card capabilities in order to communicate with a device connected to the internet, such as your computer, to send signed transactions to the Bitcoin network. 

The Package also comes with a power-only USB cable, so if ever you find yourself connecting your Coldcard to your computer, no data will be transmitted between the Coldcard and your online device. 

The Coldcard uses PSBT (Partially Signed Bitcoin Transactions) natively, meaning that a transaction can be created within your wallet application and then transferred to the Coldcard via the microSD card and independently verified on the device and signed, before being transferred back to the wallet application.

Passphrase

This is an obvious security feature for us that we need to highlight. Get the benefit of having an additional security layer to your wallet backup, without complicating the backup recovery or transaction signing processes.

​​Obviously, multi-signature setups are extremely secure and hard to compete against when it comes to physical threats, such as violent theft, but it’s important to remember that threat models shouldn’t be built only on gravity but also on probable risk. Loss remains a much bigger threat than theft.

Passphrase versus 2-of-2 multisignature wallet

Passphrase-only

Multisig wallet

Recovery (lost a Coldcard)

You need the 24-word seed backup & the passphrase

You need both 24-word seed backups and the wallet file

Signing transactions

You only need the device (if you use the Lockdown seed feature), else also need the passphrase (can be saved on microSD card or memorized)

You need both signatures (devices) to approve the transaction.

If you’re suddenly on the go

Not complicated. You get your device or its seed backup. You memorize the passphrase or you save it on a microSD card. OR you just take the device with the lockdown seed function activated.

Very complicated. You need to get both signing devices or the seed backup and a device AND the wallet file, or you find someone that you can trust to sign transactions for you.

Plausible deniability

Can store some funds on your seed backup.

Can store some funds on each seed backup.Wallet file on your microSD card gives your setup away.

Physical attack protection

Yes, an attacker needs the passphrase.

Yes, an attacker needs both seeds and wallet file. 

When it comes to 2-of-3 multisignature setups, you require the same amount of signers as the 2-of-2, with the added benefit of an additional key that can come in handy if you were to lose one. However, this does require an extra secure location to store your additional Coldcard and its backup, as well as the additional setup time. 

Backups

We tackled the single point of failure for the backup security thanks to the use of a passphrase. Anyone that comes into contact with it won’t have access to the funds without the passphrase. 

However, if someone were to steal your backup or you lose it, and you no longer have access to your Coldcard device, then recovering your wallet would be impossible. 

This is why we implemented Seed XOR in the Remnant. This process involves splitting your backup into two parts, each one resembling a 24-word backup. You would need both of these sets of words in order to reconstruct your wallet’s main 24-word backup. Seed XOR is also BIP-39 compatible, meaning that you can use either component as a wallet in and of its own. Puts some funds on each one to offer you plausible deniability if someone were to catch you with one, or if someone takes those funds from you, it means that your secure locations have been compromised. 

In addition to having this redundant backup, your main backup and the Seed XOR one should be engraved on a metal seed plate. Your passphrase should also be engraved onto two other seed plates. We recommend the use of steel metal plates in order to make your backups time and element proof. We don’t want you to lose your backups due to an unforeseen and unfortunate event. 

Privacy

The Remnant wouldn’t be complete without you knowing how to enhance the privacy of your funds held in cold storage. You will go through the process of completing a CoinJoin using Wasabi wallet. 

This will help break any heuristics that others can use to try and track down your transactions and wallet balance to your person. You will properly understand how to transact bitcoin as privately as possible by leveraging Coin Control and Labeling. 

Understand the basics to improve your network privacy as well. It is not sufficient to just have privacy when transacting on the Bitcoin network, but also how to protect yourself when interacting online in order to reduce the chances that someone can target you.

Additional Perks

The Coldcard has much to offer in terms of features. Some of which you will learn during the workshop and the guide comes loaded with many more, the most important ones being:

BIP-85 Wallet

You can generate additional wallets that are derived in your Coldcard from your original seed. This allows you to possess additional, different backups (many formats available) from your air-gapped device.

For instance, create a wallet that consists of a 12-word backup and passphrase to use in Wasabi for your CoinJoin needs.

You can create many more for use in other wallets, such as Blue Wallet for your mobile device. The greatest benefit being that if you were to lose this new backup, you can always recover it using the original backup from your Coldcard device, which has been thoroughly secured. 

You can also provide wallets to others, like your children, close relatives or employees, depending on your needs and have an ultimate recovery method if anything were to happen to the ones you provided them with. 

Duress Wallet

This feature enables a secondary PIN in order to unlock your Coldcard device in case you are being coerced into unlocking it.

Once unlocked using the duress PIN, you will arrive in a wallet different from your original one, where you can store some of your funds (1 to 10% of your holdings depending on how much you have) in order for a potential attacker to be satisfied and leave you alone. 

Address Explorer

Use this feature to verify that the wallet application that you are using to display the wallet generated by the Coldcard is not compromised and that you are effectively using the wallet that you created.

This helps you get peace of mind, knowing that the application that you are using to display the wallet generated by the Coldcard is respecting the source of truth (your Coldcard device). 

Your Key Scheme

This last component covers everything you need to know about the distribution of your backups. You must be proactive in making sure that your secure locations are not compromised, that you understand how to recover your funds using the tools that we have provided you and to make sure that your funds are not lost forever in case something were to happen to you. 

This is unique to each individual’s circumstances, so it's important to put a lot of thought into your Key Scheme to prevent any unfortunate event from robbing your heirs of the bitcoin that you have amassed. 

Conclusion

This package covers all of the Coldcard’s advanced security features, with a few more added in the guide that you might find useful depending on your situation. Proper privacy measures are also at the core of the guide and workshop. 

You should set aside 3 hours in order to go through all of the elements comfortably, since we want to avoid making any errors or not clearly understanding what you are doing. 

You can go ahead and consult the guide here or you can also purchase this package if you wish to receive all of the necessary materials and assistance. 


No comments:

Post a Comment