Justin Moon (BUIDL Bootcamp) and Stepan Snigirev (CTO Crypto Advance) rejoin me in this episode to talk about creating your own Bitcoin Hardware Wallet, and setting up Multi Signature with it. Justin and Stepan have been working on their respective projects relating to DIY Hardware Wallets, and multi signature. We talk about: 

  • Why you would make your own HW Wallet
  • How much skill it takes and what the cost is
  • The security of such a set up
  • Compatibility with Bitcoin Core and standards
  • How to build trust in the software
  • How you can learn more and get involved

DIY bitcoin hardware website: https://diybitcoinhardware.com

Justin Moon links:

Stepan Snigirev links:

SLP Hardware Wallet Interview Series: 

Sponsor links:

Stephan Livera links:

Podcast Transcript by GiveBitcoin.io:

Stephan Livera: Stepan and Justin, welcome back to the show.

Stepan Snigirev: Thanks.

Justin Moon: Hey, how’s it goin’?

Stephan Livera: Yeah, so look. I’ve obviously had both of you guys on the show in the past, so I think we don’t need to do the intro stuff. But, I hear you guys have a really cool story of how you two met. Do you want to go into that? Justin, do you want to start?

Justin Moon: Yeah, let me do that. So, I got into Bitcoin a little over a year ago. And I dove in really hard, and I took Jimmy Song’s class and I was like, “Oh man, that was great, I want to go to a conference now.” So I went to a conference in Lisbon called Breaking Bitcoin, and I did the Hackathon there. So it’s like, early in the morning, getting ready for the Hackathon, and there’s all these people sitting around. And we’re all programmers, so we’re all introverted, sort of sitting, minding ourselves. And I just started walking around, and meeting people. Like, “What are you gonna work on?” People were making a website, or just kind of boring things.

Justin Moon: Then I walk up to this Russian guy, and he’s got this big box of wonderful gadgets in front of him. I ask him, what are you going to build? And he’s like, “I’m going to build the first lightning hardware wallet.” And so I’m like, “Oh, I’m working with you.” And that’s how we met. So we ended up actually building a lightening hardware wallet. It’s more like a lightening button. Stepan, do you want to describe what we… he was the real mastermind of it. So, do you want to describe what we made?

Stepan Snigirev: Yeah. So also, from my side. So, Breaking Bitcoin was also my first Bitcoin conference. So, I seriously started thinking about moving into Bitcoin like two years ago or so, and I spent like half a year writing my own Bitcoin library, and going to Jimmy class, and so on. This conference was like I was entering this completely different world at that moment, so I had to be prepared. So I decided, “What can I do? What will I enjoy doing during this Hackathon?” And I put all my toys into the box, like NXC chips, GPS chips, and all the other stuff that I had.

Stepan Snigirev: And I was just thinking, okay, on my way there, I will figure out what exactly I want to build, but I definitely want to build some crazy Bitcoin hardware. And, probably a couple days before the conference, there was an announcement from the c-lightning team, that they had a very interesting modular structure such that they have a completely separate demon that is responsible for assigning. And I thought, “Okay, what if we just replaced this demon with the hardware, and we will have a lightening hardware wallet? And it will be definitely something fun to do, and even if we fail miserably, at least we will enjoy the time there.”

Stepan Snigirev: So I was sitting there, and connecting, gathering people around me, and we ended up with the largest team in the Hackathon, actually. It was really crazy two days, I think it was two days in a row, like 14 people or so, working on that. It was a lot of fun.

Stepan Snigirev: Eventually the ending was not even close to what we wanted, but it behaved very similarly to what it should do. So, eventually we got the first prize, even though we cheated a bit with the functionality of the thing.

Stephan Livera: No, that sounds great. I think it was one of those things that then spurred on a lot of other ideas and collaboration.

Justin Moon: One of the other interesting things there is that a bunch of the people from the team ended up going and working at a Hardware Wallet Company, Shift Crypto in particular, the makers of BitBox.

Justin Moon: And I’ve been teaching people to make hardware wallets in my class, Stepan now has a company. So, I don’t know, it was one of those really interesting experiences where some people come together, and a lot happens in two days.

Stepan Snigirev: In grief, people are connected.

Justin Moon: Yeah, exactly. And I think part of it is this topic, like Bitcoin hardware wallets, is just so interesting. Like hobbyist Bitcoin hardware wallets trying to take off the shelf pieces and put the puzzle together is really, really interesting, and you learn a ton about how Bitcoin works, and how security works. Just different considerations.

Stepan Snigirev: And how hardware works.

Justin Moon: Yeah, how hardware works, how computers work. Because you’re just dealing with this little simple machine. So that’s sort of the genesis of why we wanted to jump on the show. To share a little bit of that enthusiasm, and hopefully get a bit of a community together like we have with hardware nodes. We have the RaspiBolts, RaspiBlitz. A lot of these open node projects, which is great. I think it would be cool if we could have, at the same time, some open hardware projects where you just get off the shelf pieces, and construct them into a usable hardware wallet. So, that’s kind of the thesis here. That’s what we’re trying to communicate.

Stepan Snigirev: Yeah, and by the way, it doesn’t have to be only hardware wallets, it can be any kind of hardware. So for example, Ben (BTCSocialist) is working a lot on these point-of-sale terminals, for lightening with these small things. And also there are projects like candy machines and electric scooters and things. So it would be nice to put all this together and get more and more people experimenting with hardware and Bitcoin.

Stephan Livera: Yeah, right. And I think as you mentioned, the lightening hardware at Bitcoin 2019. I think that was the one with Open Node, who are doing the hookup for that, and Ben I think helped that. And then people could just pay with one set, and then play the little arcade game. So that was a pretty cool demonstration of real world, lightening, here you go. And it was on these little pieces of hardware that Ben was making, so that was pretty cool.

Stephan Livera: So look, I guess, for the listeners who are thinking, “Oh, hang on. Rolling my own hardware wallet? Why would I look into this? Isn’t it just much cheaper and easier to buy one off the shelf?”

Stepan Snigirev: So, it doesn’t have to be cheaper. It can be cheaper, actually. For example, one of the project that Ben is working with us at the moment is like five bucks a hardware wallet. So none of the shelf hardware wallets can cost five dollars. Even Opendime is probably more expensive.

Stepan Snigirev: And also another thing is that, do it yourself hardware wallet will never be as secure as the off the shelf hardware wallets from Trezor, Ledger, and others. Because obviously it’s do it yourself, and you are probably not better than a huge security team of a large company.

Stepan Snigirev: But if you add it into your Multisignature setup. The multisignature is additive, so every new unit increases the security. It doesn’t make the security worse. So even if you add a do it yourself thing, you actually improve it by introducing a completely different security model into the system. So, it is a very weird setup with off the shelf components, that are not a target of the supply chain attacks, for example. Even if someone will see this hardware wallet, they will probably not guess that it is a hardware wallet. It will be just a weird looking box. So yeah, you can get some security from it.

Justin Moon: And you can also get some pretty good air gaps. One of the big problems with current wallets is that almost everything uses the micro USB wire, and that’s sort of complicated, and a lot of attacks possible there. So now we have some … Coldcard uses micro SD card, which is better. But it’s quite feasible to make a QR-based … Stepan and I have both made QR code-based air gapped hardware wallets. As far as I know, you can’t really buy one of those right now. So you can get some better features, air gapping wise, that you can’t buy yet. Which is, I think, really interesting.

Stephan Livera: Yeah, right. And on that topic of QR code, let’s talk a little bit about that, because as I understand from speaking with some of the hardware wallet manufacturers, one of the concerns shared was that it’s difficult to transmit enough information inside a QR code, because the difficulty is about how much you can encode into one QR. What are your views on that?

Stepan Snigirev: Well basically we can use QR codes in two directions. First one is we show the QR code with, let’s say, unsigned transaction on the screen of the computer. And then it can be pretty large actually, because the computer screen is pretty large. In principle, you can put a few QR bytes into the QR code.

Stepan Snigirev: Normally, when we were experimenting with this, a standard transaction of a couple inputs and a couple outputs, fits in a single QR code, it’s fine. If you are dealing with a larger transactions, or if you are using a crazy multi signature set up, there are 20 cosigners for example, then you may need to split it into two or three QR codes. But still, it’s not 20, it’s just a few. And in most cases, it’s just one. And if you are using a cheap-ish camera that cannot really scan this kind of QR code, then the usability’s pretty bad. But there are pretty cheap investor of QR code scanners. So very similar to what you use in the mall, what you see in the malls. And they can scan very large QR codes of a few kilobytes, at least. So they can easily scan the QR code with the PSB key.

Stepan Snigirev: And on the other side, when you’re sending back signatures, you can really get rid of all other data, but the signature. So you basically need to display only a few signatures, and then the QR code is pretty small. Well, it depends on the screen, but I think that a few inch screen can handle a QR code like this, and the phone camera can scan it. So Justin, you worked with a smaller screen, right? So I’m using the screen that is four inches [crosstalk 00:10:36]

Justin Moon: Yeah. So I’ve been working on this little project called BitBoy. By the time the episode drops, I’ll have tweeted out a bunch of stuff about it. So, it’s a little hardware wallet, made on an M5Stack, which is a really cute, little $40 computer with a nice screen, a case, and three buttons. There’s some nice attachments you can get. The attachment I’m using is a QWERTY keyboard. So it’s BitBoy because it kind of looks like a Game Boy. It also has a QR code scanner bolted onto it in a sort of Frankenstein manner.

Justin Moon: So this screen is 320 pixels by like 240, I think. So it’s about an inch and a half across. On this screen, I’m able to display a QR code of a single signature. So when I finish signing, it just displays one QR code for every input that was singed. And this is sufficient, you have to have a nice webcam to scan it, because it’s kind of small. But it does actually work. And this is like very … with a bigger screen it would obviously get a lot better. Most transactions that everyone use is just one or just a couple of signatures, so I don’t think it’s too bad.

Justin Moon: The one tricky thing is that you do need a more powerful micro controller, to drive the screen to be able to display the QR code quickly. Mine kind of takes a little while. It’s probably because the implementation isn’t perfect. You want QR code to show up quickly.

Stepan Snigirev: Yeah because you’re also using a Micro python that is a little bit slower. Our do it yourself hardware wallet uses the screen that is four point something inches. Exactly the same as was used in first iPhones. And they’re actually the QR code with several inputs can fit in perfectly, because it is like 480 by 800 pixels resolution. Whereas QR codes can fit there.

Stepan Snigirev: Scanning again is very efficient and easy because if you use an industrial QR code scanner to … it is a little bit more expensive than the cheap-ish camera. So if you get the cheap camera, it is a few bucks, and basic QR code scanners can cost about 40. So, probably this is also a reason why we don’t really see QR codes hardware wallet, because how expensive. But yeah, these scanners works really well.

Stepan Snigirev: And another nice thing is that they have a separate chip that processes the images, and therefore you don’t put all this code of imagery cognition into your main code that is storing the secrets. So you have a physical separation between the personal images and the user data, and the main microcontroller that is controlling security critical of peripherals, and their private use.

Stephan Livera: Great, and so I guess, while we’re on this topic, let’s talk a little bit around what parts would be needed for the … Let’s say the user wants to do, roll your own hardware wallet. So we mentioned here the QR reader, we mentioned the M5, or something similar. What other parts are needed? How difficult are they to get?

Stepan Snigirev: So for our hardware wallet, we are using a developer board from STMicroelectronics. So it’s just a single developer board that you can buy from any electronic store, like Monster, Digicure or anything else. And it already includes this screen and the microcontroller and then on top of that you only need to add the QR code scanner and maybe an adapter. It says that you can just plug them together without any soldering. So ideally, in principle, you can just buy three parts. When they arrive you can just unpack them and put them together, like Lego style, and then you just connect it to the computer to upload the firmware there, and in case of these boards the firmware code works as simple as drag and drop of the file into the USB drive. With the M5stack it is a little bit different. So they’re … Justin maybe you can say what you need for BitBoy.

Justin Moon: Yeah so BitBoy’s more like … There’s sort of a difference between … I want to make a distinction between some of the stuff Stepan is working on, it’s more like a real Bitcoin hardware wallet. Mine’s sort of like for the LOLs, sort of. I teach it in my class, BUIDL bootcamp and it has a WiFi chip, so it’s not really the ideal thing to use. But the M5stack platform is really nice because they have all these amazing peripherals and stuff. The actual main piece is $40.

Justin Moon: And by the way you can go to diybitcoinhardware.com, that’s a little website we’ve setup for this to see all the little instruction lists, demos, everything we’re going to talk about, and also a history of hardware wallets. We were just looking a little earlier on GigHub at the first ever hardware wallet. It was created like seven, eight years ago. I was like, “Wow, it’s gotten a lot easier since then.” So we’re going to have that stuff up on diybitcoinhardware.com I’m sure it’ll be in the show notes. So the M5stack’s like $40, the peripheral’s like another 30 and the QR code scanner is like 25. So for about the price of a Coldcard, it’s a little less than a Coldcard, but of course it has a WiFi chip, so this is not ideal for real use, but it’s a really fun thing to learn with. And my emphasis for my project is more like making the code really easy to understand, it’s all Python, so any programmer can jump in and learn quite a bit. Whereas Stepan’s is a real thing that he’s building a company around.

Stephan Livera: One call out, and you guys mentioned this earlier, is that this potentially does dramatically reduce your risk against a supply chain attack because theoretically it’s general purpose computing device, it’s not as likely that somebody is going to try and insert some vulnerability or exploit before it arrives at your door, right?

Stepan Snigirev: Yeah mostly because well, if you see, if you are, I don’t know, a guy who is delivering DHL packages and you see a bag that is labeled as Trezor and Ledger, you know that probably this device will be used to store Bitcoins so you have a large incentive and you have a very high probability of a successful supply chain attack in this scenario. If you are delivering some random makers stuff, you don’t know if it will be a hardware wallet or maybe it will be just a meteor station that will show the weather outside of the window. The probability that this hardware will be used for Bitcoin is way lower. This way your supply chain attack is much less probable.

Justin Moon: One really cool thing about this hobby, this hardware wallet idea, is that it would be feasible with some degree, a little bit of technical sophistication, but not that much, and maybe in the next six months, not right now, it’s still a little bit of a work in progress, but you can get to a point where somebody could set up a Multisig wallet with a couple different building blocks that we’ll hopefully be able to create, and nobody in the world would know this person owns Bitcoin. Which is amazing. They’d just buy it off the shelf, and download the software over Tor, stuff like that, and they wouldn’t leak the fact that they have any interest in Bitcoin to really anybody. And that’s sort of tough if you have to buy hardware wallet from a manufacturer, or maybe you could get someone else to buy it for you. But, I think it’s just a cool, sort of push-the-edge cypherpunk idea that you could do this and nobody would even know that you’re even interested in the whole topic.

Justin Moon: And on a kind of related note, if you ever got into a situation where Bitcoin became a huge target, let’s say there was a horrible terrorist attack or something, and Bitcoin became a political target, and the hardware wallet companies were a target as well. I think an ecosystem like this would be … it’s sort of like the Blockstream Satellite, right? Hopefully we never need that, but it would be great if we have a … some of these devices in the background. So, in case something goes really wrong and we can’t depend on hardware wallet companies, not for their own fault, but for political reasons or something, it would be really, really good if we had the ability to construct hardware wallets as … people could go and construct one using just off the shelf stuff.

Justin Moon: It’s not exactly supply chain, but it is kind of supply chain, because the risk of supply chain isn’t just that it gets hacked and you lose your funds, it’s like, what if the whole thing goes down? You know? There is a chance that something like that would happen, just like there’s a chance that Bitcoin network activity would get censored, at which point the satellite becomes really useful.

Stephan Livera: Right, yeah, so I would summarize that then as helping build resilience in Bitcoin’s hardware network, let’s say, if you will. While that’s said, I think the listener at this point they might be thinking, “Well, hang on. Most of the typical hardware wallets, they’ve got a secure element. Would this DIY wallet I make, would that just be more easily hackable? Is the idea that I would use Multisignature and have Tamper Evident stickers, so I know if it’s been tampered with?” What’s the consideration there?

Stepan Snigirev: Okay, so, there are a few secure elements that you can buy and use off the shelf, like the one that Coldcard is using, and also others from Microchip. Otherwise, yeah, in principle, the security of your do it yourself thing will be lower. But, for example, in our hardware wallet, the do it yourself version that we are releasing soon, we just don’t store the private key ever. So every time you put the device you need to enter your recover phrase. And then, even if someone will get your hardware wallet, they can’t really extract your private key because it’s never there.

Stepan Snigirev: So, it’s used only when you use it. You enter it, you sign the transaction, and then it deletes the private key. So, every time … you can even use something like a disposable hardware wallet, so you buy off the shelf components, you program it, you use it for a single signature, and then you crash it with a hammer or burn it in the microwave or something. And then you know that every time you have a clean hardware and no one will ever get your private key.

Justin Moon: Let me jump in right there. That sort of gets to this broader question of what is a hardware wallet anyways? When I first encountered a hardware wallet, I’m like, “Okay, this is the thing I HODL.” Right? I get this, and I just protect it, right? I think that’s how a lot of people approach them, but that’s really not the way you should probably … usually use them. Because hardware wallet firmware can get out of date, the device can fail, that’s physically not a very resilient piece of device, right? You really want your private key in some sort of … either many copies of it, or in some sort of more resilient … like in Cryptosteel or something. Just so a fire doesn’t take you out. HODLing one hardware wallet is not a great way to do it. And so, these sort of hobbyist things we’re working right now, that’s how BitBoy works right now, it’s really great if it’s more like a UI for your seed, right? It’s like the minimal computing environment to turn your seed into an address and a signature. That’s really what you want. You want to be able to turn your seat, your private key, into addresses and signatures while exposing it as little as possible to the environment around it.

Justin Moon: And so that’s kind of the question … other hardware wallets generate the seed. They look for some source of randomness on the device and generate the seed. I don’t think hobbyist hardware wallets will probably be the best at that, but I think one thing they will be really good at, given that they have big screens and nice keyboards, is facilitating provable generation of mnemnonics and seeds from dice rolls just like Coldcard does. And I think that’s maybe … if you just get some good casino dice I think that’s a really good way to get your randomness. You don’t have to trust in all this magic and computing. All the stuff that could go wrong in computers you can just throw it out, and just roll your dice and enter them in. There you can get generation and interaction with your seed. It’s just not very good at storing it long-term, but hey, you just store the seed in steel form, and just introduce the hardware wallet when you want to interact with it five years later.

Stepan Snigirev: Also, side note, so first of all, ideally you want to add several sources of entropy. So you can add your dice rolls plus you add environmental noise, for example, from the antenna or analogue input, and you also can add the true random number generator that is built in in most of the chips nowadays. And then you add all of them together, and whenever you add random stuff to anything it becomes actually random. So, even if one of them is random enough, then you are safe. And another nice thing about this hobbyist approach is that you can also make your own custom tamper-proof features. For example, you can program your hardware wallet such that if someone is moving it, and then the hardware wallet wakes up and asks for the pin or whatever, and if the guy doesn’t enter the pin in ten seconds, then it erases all the secrets, for example. Or maybe something else I don’t know,

[inaudible 00:25:27]

really sci-fi anti-tamper measures, like someone crossing the [inaudible 00:25:38] Again, all the secrets get erased. So, with this approach you can experiment and go crazy, actually.

Stephan Livera: Great, and with the skill required to assemble these devices, you mentioned earlier that it’s kind of like Lego-style assembly, no soldering required, and also the powering of it as well. Is it presumably that you would do something like the Coldcard where you get a power bank and you plug it with a micro-USB to charge or to power these devices?

Stepan Snigirev: So, M5stack as far as I know has a built in battery, that lasts not for long, like for half and hour or so, but basically there you have a battery that you can charge if you want. For our thing you don’t have a battery built in, but you can just buy a battery 2000 milliampere powers or so and plug it in. So, depends on your skills. So if you want to stay really Lego-style without any soldering, then it might be a little bit tricky adding an external battery. But if you are okay with soldering then a couple hours of work and then you have a full form factor hardware wallet that has both a QR code scanner, battery and the charger that the USB ports that is only used for charging. It doesn’t even have any data lines. So, something like this.

Stepan Snigirev: M5stack is even easier. You just really build … already has a casing, and really easy to plug in.

Justin Moon: I think in terms of the skills required it’s still a lot of … this is for tinkerers, and if you don’t want to tinker stay away for another six months. But if you like tinkering, which I think a lot of people in Bitcoin do, and a lot of people’s interest drives them deeper, if that’s you and you want to tinker around then it is fun. And you’ll have to do some, maybe some command line stuff at some point, maybe you’ll edit a little Python code or something. Right now it is a little more hands-on, but hopefully we can get to the point where it’s basically as simple as updating your firmware on your Trezor or something, you know? You just plug a couple things together, plug it in, run a command, and click a button and get your firmware update. Hopefully it can get to that point over the next six months. That’s sort of the goal.

Justin Moon: So, we’re here sharing our progress a little prematurely. Part of the reason is we’d like to get some more people to both test out and contribute to these devices because we’ve had a blast playing around with them in the last year. It’s still kind of difficult now if you’re not a tinkerer, but I think in six months it could get a lot easier.

Stephan Livera: Great, and you mentioned earlier there just the firmware as well. So, what sort of firmware will these devices have? What language would they be written in? And then what’s the idea to keep them updated? Bech 32 addresses, Schnorr, Taproot, all of that?

Stepan Snigirev: So, I’m currently focusing more on C and C++, and embed framework, so early in the embed and C style, so we did a little bit of all level language. But, we are slowly moving towards Micro python and embed

[inaudible 00:29:12]

. And we are working with Justin on the MicroPython Bitcoin library, so I wrote all the low-level C codes that is basically providing some efficient primitives for elliptical curve for math and hashing. And he wrote all the Python part for hardware wallet.

Stepan Snigirev: So, it is way easier to program in MicroPython, I would say. But, unfortunately at the moment sometimes you need to go deeper to the C level, so sometimes you’ll always find some problems that you cannot solve with Micro–Python and you need to go a little bit deeper. So in that sense it’s really great that we work together with Justin because we can collaborate on both sides and so really make a big progress. So, the last thing that we did I think one month ago, right?

Justin Moon: Yeah.

Stepan Snigirev: We started to [crosstalk 00:30:19] report. And you wrote really everything. All the functionality that I had in C and C++, you wrote within this one month. That’s crazy.

Justin Moon: Yeah, so I think part of the goal here is it takes a lot of plumbing to get something that works at all. You’re just like plumbing, and it’s boring, and you’re really low-level trying to get C code to work underneath. But, once that all works and you can access the C cryptography or display driver code, all the low-level stuff that’s got to be fast, and you can just start to just write normal Python code, which is the most accessible programming language and just pull in all this stuff that me and Stepan spent like a year building in various forms, we’ve been kind of working on it for a long time. And so, that’s the idea is I think building on top of this is going to get really easy now that we’ve put a lot of this stuff underneath all these libraries.

Justin Moon: Another thing that-

Stepan Snigirev: [inaudible 00:31:24] to prepare a toolbox that people can use that a bunch useful libraries, like for QR code display, for addresses and coding and other things.

Justin Moon: Yeah, so that’s sort of the idea, is long-term I think it would be really good to have a couple of these firmwares in different languages. Because sometimes languages have … you can have a bug in one implementation and not in the other. So, on a Multisig it’s really nice if you can have stuff written in different languages. And so, C, C++ is one MicroPython is another, Embedded Rust is a third. The idea is these would just be very simple. All they do is sign Bitcoin transactions, deal with seeds and HD wallets, a couple things like that.

Justin Moon: And so it’s very minimal, no shitcoins, which weighs down a lot of other hardware wallets. An emphasis on auditability. If you want to figure out how exactly does one of these big-time hardware wallets verify change addresses, it’s actually quite difficult. Even if you’re a programmer, there’s so much code that they’ve produced. So the idea is these things would be very auditable, hopefully less code.

Justin Moon: And another thing is it would be great if we could have some different computing platforms. Currently mine is this ESP32, it’s more of an internet-of-things platform, so not really ideal for hardware wallets. Stepan is using STM32, and there’s this risc-five or RISC-V, I never know how to say it. It’s a little more like an open-source computing platform. And actually, Wladimir van der Laan, the lead Bitcoin Core maintainer is on their Rust steering community. So there’s a lot of interest in this computing platform. So, it’d be cool to have a port in every language that targets a different platform, and you can just sort of pick these three together in a Multisig, and it’d be really a diverse setup. You’d have three different languages, three different platforms. That’d be pretty interesting I think.

Stephan Livera: Yeah, that’s fantastic. And let’s now talk about the software aspect of it. So, how would this hookup to the blockchain, how would I hook it in to Electrum, or how would that work?

Justin Moon: Well, let me take this one, I’ve been working on this a lot lately. So, I’ve been largely trying to figure out how to do Multisig in my personal life, you know? I want to graduate to Multisig like a good Bitcoin adult, and so I’m in trouble, I’m in trouble with that to be honest. Electrum works, but it’s not the easiest, and I always have trouble with my node, and my Electrum Personal Server crashes, I’m not very good at that sort of thing. So, I’ve been trying to look into how to write a UI for Multisig using Bitcoin Core directly as a watch-only wallet. And so, the idea there is Bitcoin has all this wallet code, and usually you interact with it through the Bitcoin QT, the gooey that they made, right? But the Bitcoin QT, while it’s very secure and excellent and audited by all of the Bitcoin Core developers, it’s written in C++ and it’s very legacy-code based, so it evolves slowly, and features generally show up there last.

Justin Moon: So, you pay for the security with some usability. But you can also access the Bitcoin Core wallet on a command line. And in Andrew Chow’s episode he was telling about he still uses it on the command line, and a lot of Bitcoin Core developers I’m sure use it on the command line. But another way you can do it is something called RPC. RPC means Remote Procedure Call. Usually a Procedure Call means you’re exercising a function in a programming language. A sum function would take one-two-three and then return six. So, Remote Procedure Call is like the same idea, but the source of the information might be on a different machine, for example. That would be your hardware node. So, you’d have a hardware node in your network that’s running Bitcoin Core and you can do this RPC thing to do commands and then get a response back. So, if you heard RPC that’s what it means, Remote Procedure Call. It’s like a procedure, but it’s remote, somewhere else.

Justin Moon: So the idea is this is another way you can access Bitcoin Core. I made this project called Junction, which uses RPC to create a watch-only wallet for a Multisig. And, the way it works is you set it up, it creates one of these watch-only wallets. Watch-only means it doesn’t have private keys, so Bitcoin Core on your internet-connected machine has no private keys, so if it gets hacked it’s not a problem because it has no private keys. The worst you can leak is your privacy. So you create this watch-only wallet, and then we use this HWI project created by Andrew Chow described in the previous episode with him, and there’s a command that allows you to get the xPubs, the public keys on each one of your hardware devices. And so you plug in each hardware wallet, you extract a public key which is needed to construct a Multisig script.

Justin Moon: And then once you have that you’re able to use something called the descriptor language, which Andrew Chow also mentioned, which allows you to export a huge range of addresses from my little Junction thing into Bitcoin Core’s wallet. So that means it’ll watch these addresses for incoming funds. And this is really powerful because you’re able to export huge amounts of addresses very quickly, very easily. And lastly you’d use this wallet-create funded PSBT, Andrew also talked about this. You provide the outputs you want, the address and the amount, and Bitcoin Core actually chooses the input. Bitcoin Core has a sophisticated coin selection algorithm which it uses here. And then you once again use HWI to sign this PSBT, Partially Signed Bitcoin Transaction, and broadcast with the network.

Justin Moon: So, it’s really cool, it’s this minimal UI that allows you to interact with hardware wallets and use Bitcoin Core full node for all the blockchain stuff. And the best about this thing is it’s a couple hundred lines of Python code. It really speaks to all the work that’s been done by the Bitcoin Core developers with the descriptor language, with these PSBT, with HWI. So, I think this really … we’re really close to being able to have hardware wallet UI’s that plug in directly with Bitcoin Core. Just because a few years of work into making this easy is sort of culminating now.

Justin Moon: So, that’s the idea is we could have a UI like this and we just add a QR code scanner for these hobbyist hardware wallets. And all of a sudden, boom, since we all use a standard PSBT format, now we’re able to pass around this thing over the serial port for a Trezor, and then it goes over a QR code to Stepan’s Specter, his project, and then it goes over a QR code to my little BitBoy. So, that’s the idea is we’re moving towards that, but I think we’re … a lot of it’s just because the Bitcoin Core developers have made all these improvements to the RPC layer of the wallet, which allow application developers like me to come in and expose that to the user.

Stephan Livera: Got it. And so, from my own fooling around with Bitcoin Core, I see when you go into your Bitcoin folder and you open … you do nano Bitcoin.config

Justin Moon: Oh, there you go.

Stephan Livera: And you open up the config file, right? And then there’s an option you can set there, like RPC user equals and RPC password equals, right? And that’s where you would set the user and the password. And then presumably on your software, Justin, the Junction software, or is actually in the hardware wallet where you’re giving it, “Okay, here is my RPC username and password that I’ve previously put into my Bitcoin Core config file?”

Justin Moon: Ah, great question. It is all in this duct tape Junction layer. All the permission RPC username and password would be sorted by this UI. And none of that will be known by the hardware wallet. The hardware wallet’s really stupid. That’s the whole idea of a hardware wallet. It just knows as little as possible, it can only see the outside world through a tiny little hole, it can only respond to very simple messages, so it doesn’t know anything like that. It just says, “Hey.” If it gets a request over a QR code it knows how to respond to that, that’s all it does. So, it doesn’t know anything about the blockchain. And that’s the importance of this PSBT format. A PSBT will give the hardware wallet everything it needs to do its job, and so the hardware wallet only needs to deal with this one format.

Stephan Livera: Gotcha. And so, I guess the other question that a listener is probably thinking, “Well, what about this idea of building trust in the firmware and the software,” right? So, the idea is, “eyes on the code”. And people say, “Well, Bitcoin Core has the most eyes on the code.” How do we build trust in the firmware and the software needed for these projects?

Justin Moon: I think a big thing on the UI front is that it’s just very little code, actually. It’s all Bitcoin Core. That’s the cool thing for the Junction project, and the projects like it. Stepan’s working on a similar project for his Specter wallet. And I know a couple companies … there’s going to be a number of these coming out.

Justin Moon: The cool thing is that all the work is done by Bitcoin Core, which is awesome. Don’t do any crypto in your wallet, outsource as much of that to the Bitcoin engine, Bitcoin Core. And then for the hardware wallets, I mean absolutely, this is going to be … time will tell whether these things are actually secure over the long run, whether they get hacked a lot or whether trust builds. So, it’s more of an experiment on that front, but I think that’s probably more acceptable in Multisig situations, where loss of one key that’s different. It’s subject to a very different security model, that’s actually acceptable and maybe good in some cases.

Stepan Snigirev: Also, about the firmware part, if there will be more contributors that are like people tinkerers that experimenting with this firmware, then there will be more people that look at the code. Because it’s not enough to just open source your firmware, because for example, look at Ledger. They open sourced their firmware, and there was still a bug that was lying there for years just because people are not building on top of that. They can read the code, but they are not using it. And so what we are trying to do is actually to provide a toolbox that’s allow people to build on top of.

Stepan Snigirev: So, if people are building on top of the libraries and the toolbox that we have, they will find bugs easier, just because it is commonly used similar to Bitcoin Core, and [inaudible 00:42:25] other libraries that are popular in the community at the moment. And also why, Trezor crypto-libraries are also pretty good because it is used by all the clones of Trezor, for example.

Stephan Livera: So the secret to getting someone to audit your code is have people build stuff on top of it, eh?

Stepan Snigirev: Yes, yeah, for sure.

Justin Moon: That’s the idea. Easier said than done, I think, but we’ll see.

Stephan Livera: So, just help me compare this, right? So, most listeners will need to compare this back against something that already exists, right? Now, if you’re going commercially there’s obviously, there’s Unchained Capital, so disclosure they’re a sponsor of the podcast, and there’s also Casa, who are doing this as a product that you can have. But if you were doing this on your own, users most probably they’re using something like Electrum. And they’re using Electrum with either Electrum personal server, ElectrumX, or Electrum Rust server. And so the flow there would be something like use the web wallet, plug in … or not the web wallet, the Electrum wizard and go Multisig, hardware wallet, blah, blah, blah, two of three, whatever. What would be the main difference then in the flow of using Junction or Specter desktop versus, say, Electrum Multisig?

Stepan Snigirev: Well, you just run your Bitcoin Core and then hopefully just run the app that can talk to your Bitcoin Core. And Justin, go on.

Justin Moon: Yeah, I think that’s just the way it’s going to move. I expect a lot of these companies … I expect Casa and Unchained are also moving in this direction, right? I’m sure Casa wants their Casa Node to talk to Keymaster. I’m sure that’s coming soon. I’m sure the same is true with Unchained. I just think this is the direction it’s going to go. All of these companies that really help secure one of your keys, and help provide both software and customer service to make sure you don’t screw up, they’re going to all move to helping you talk to your own node as well.

Justin Moon: So, I think the whole group is just going to move in this direction, and I think that’s just the way … talking directly to nodes instead of …. largely this Electrum … Electrum is just such a good wallet that was built for a long time, it just made more sense to build an interface layer in between than to try to build a whole new wallet going directly to Bitcoin Core two, three years ago when Electrum personal servers were created. But I think now we’re getting to the point where you can build UI’s that go directly to Bitcoin Core pretty easily.

Stepan Snigirev: And I think the main reason is that Bitcoin Core is really moving in that direction and making it easier to use it as a watch only wallet. Because even at the moment if you compare the current Bitcoin Core release, I think it is 18.1 versus the master branch, you will see the significant differences. So, the master branch that is not released yet is way faster in parsing and scanning all these, descriptors and watch-only addresses and so on. So, there was a lot of work done by Bitcoin Core guys to actually add support of external signers, let’s say.

Stephan Livera: Great. And I think it might also be good to get a point of view from more of a development point of view around … okay, so there’s a famous XKCD on this topic, and there are 14 different standards for doing something, and then someone says, “Oh, I know. I’ll make one standard to rule them all.” And then the next panel there’s something like, there are now 15 standards for doing this here. So, same thing with Multisignature, right?

Stephan Livera: So, as I understand there are different ways to achieve it. There are … and fundamentally you still have to know … and this also relates to an earlier episode where Rodolfo was talking about walletsrecovery.org, right? This idea of, “Well, okay, it’s all well and good for this wallet to know, but what if that wallet goes defunct, out of business, or whatever?” The user still has to have the derivation path, and ideally the redeem scripts, right? And so in this case if the user is rolling their own, they still need to make sure they’ve got the key pieces they would need, right? So, in this case it’s probably the xPubs of those say … say you were doing a two of three. You would need the xPubs for those three wallets, you would need the redeem scripts as well. So, can you comment a little bit on how does that come together?

Stepan Snigirev: So, the descriptors in Bitcoin Core should work as universal description of the wallet. So, ideally you should back up only this piece of information. It includes both the xPubs and also the order of this wallets, and also the way how to construct the redeem scripts. So, at the moment Bitcoin Core supports only single key and Multisignature descriptors, and as far as I know they want to include mini script there. And then we will be able to construct very interesting wallets that, for example, include time locks and other things like this. And they will all be displayed and configured by these descriptors language. So, I think that then the only thing that you will need to store together with your wallet, like, backup is this descriptor. So, a single text file that has all the information necessary to find your Bitcoins afterwards if you use [inaudible 00:48:18] if you lose your node or whatever.

Stephan Livera: Justin, did you have anything to add on that, or do you basically agree there?

Justin Moon: Yeah, no, I agree I think both of these, the hobbyist wallet and the new RPC Multisig UI thing, the two things we’ve been discussing here, I think both of them stress just reusing whatever the standard is. So, these hobbyist wallets just use the seed, the mnemnonic seed. Not trying to innovate there, just like reuse [inaudible 00:48:46] make a nice way to interact with it. So, I don’t think it’s a problem there. And with the Multisig wallet setup, outsource everything to Bitcoin Core. And I think it’s one less standard. All the important stuff is happening in Bitcoin Core, so I view it as the other direction. Just try to lean as much as we can on Bitcoin Core so you get the standard setup.

Stepan Snigirev: And because it is first our reference implementation, and also I would say that if there are 14 standards and then someone invents the 15 standard that goes into the BIP, then we have the standard. And 14 others.

Stephan Livera: No, those are great points guys, agreed. So, then, from an estate planning, backup, recovery point of view, as you’re saying then it’s mainly keeping the output descriptors, and obviously the private key is held on each of the, say, the three different devices. So, that would be the main thing you have to worry about there. So, what about some of the other ideas? So, things like ongoing support? Is there going to be like a chat channel for people to all support each other? What’s your view there?

Stepan Snigirev: You mean on making this do it yourself hardware wallets? Okay, so that’s why we decided to put online this website, diybitcoinhardware.com, where we hope to put also the links to the telegram and make a telegram group where people can actually ask, answer, get help with assembling this, and if people don’t want to go to open an issue on GitHub, for example, they can just text there. But we didn’t really set it up yet, so hopefully we will do it soon after the podcast and put the link in there.

Stephan Livera: Great, and also the other one that people might have a concern about … I suppose if they’re more of a tinkerer or a builder they’re not as concerned with this, but they might be wary of using it if they think, “Oh, maybe this project might fall into disrepute, or it might just go stale.” You know what I mean? What’s the hope there? Is the hope that it will just be continually built on, and then once there’s additional use then it’ll be seen more like a community project to keep updated?

Stepan Snigirev: So, from our side I can say that we are building this wallet and the desktop app to use by ourselves. So, we are just building tools for ourselves, and we desperately need something like this. This is why we started all this. So, as far as we are in Bitcoin and we keep using it we will continue working on it and adding new features. So, for me it is especially important because I am now part of the hardware company, so it will stop probably only if I die. Hopefully it will never happen, and even then if we have enough contributors and we raise enough interest in the community, then the progress will continue. And, Justin is planning to start the course on hardware wallets with MicroPython, so hopefully there will be more and more developers that are building on top of this toolbox, and starting tinkering. So, I think that to make sure that the project will survive and evolve, we really need people to start working on this, and we will try our best to get more people on board.

Justin Moon: Yeah, I would say be skeptical of us. If you’re listening to the podcast assume Stepan and I are over promising, and we’re full of crap. And that’s good. But hop in, and if you want to play around with this stuff, put some Testnet coins on it, put a tiny bit amount of real Bitcoin if you’re reckless, but don’t go and redo your entire cold storage the first week that we announce it. Be a little skeptical, wait around and adopt it gradually. Like you do with anything, right? You don’t want to go buy a new Trezor and then just stick your entire net worth on there the first time, you want to practice with it. I think that’s a big thing it’d be good to see more of, it’s just a good idea just to practice with these things, explore them, use it on Testnet all the time, and over time you get more and more sophisticated, and then you can make that final decision whether it actually is secure or not yourself because you just got to be more sophisticated.

Justin Moon: As Rodolfo explained on the previous podcast, being your own bank is a responsibility, and you can’t outsource that. You need to actually develop the sophistication yourself, and I think that’s one of the big value propositions of playing around with these hobbyist hardware wallets is it helps you develop that sophistication, so you can make good decisions yourself.

Stephan Livera: Fantastic, and Justin, maybe you just also want to comment on are there any upstream dependencies or anything that has to get merged into Bitcoin Core before this is easy for noobs to use, right? We were talking about HWI earlier, but you were also mentioning that you could just do this from an RPC point of view. Can you comment on that?

Justin Moon: Yeah, so, I mean just with my little Junction project, there are a number of little annoying things that … so it works now, it’ll continue to improve, but one of the trickiest things is that this HWI project, which is a brilliant interface, these different vendors, sort of a standard way to access these different vendors who behind the scenes all work very differently. There are some things that you just can’t do. You can’t say, “Hey, Trezor, show this Multisig address on the screen.”

Justin Moon: You really want that, because if you’re going to receive … if you’re going to redo your cold storage, receive a bunch of coins on a new address, you really, really want to be sure you actually control that address. And the idea is that the hardware wallet should be like the trusted UI, right? The desktop might be malware, the hardware wallet is like the trusted UI. This is the one UI I believe, and maybe if a couple desktop machines agree I’ll sort of believe them, but I really want to have this one hardware wallet UI that I can trust, and there’s no way to just say, “Hey, show this Multisig address.”

Justin Moon: And so that’s one of the difficulties of making a standard interface layer. They haven’t figured out how to make this work on all three devices. Another tricky thing is that it doesn’t detect change, change address, change addresses, and that’s just a decision on the part of Andrew Chow. He’s like, “I don’t see a good way to do this yet.” So, like any standards based thing like HWI, it always lacks a little bit in functionality, right? These two are good examples. But, the benefit is that you get this standard thing that everyone can plug and play with. But hopefully doing some of this hobbyist stuff like this Junction and this Junction UI we can help drive a little bit of the … give these Bitcoin Core maintainers some feedback about what use cases would be helpful, and help give some feedback and drive the development process further a little bit based on user input.

Stephan Livera: Excellent. Yeah, so that sounds great. Stepan, did you want to just give us a quick update? What’s happening … what’s the latest with Crypto Advance?

Stepan Snigirev: Yeah, so, we decided to actually publish the code of our functional prototype. That is why we are also now really doing this hardware wallet, and the desktop app that is talking to Bitcoin Core because who knows what community will find useful and interesting and what not. So, we decided to release it. At the moment, even though it is not a perfectly secure, it is not secure at all, because it is a functional prototype. This means that it can sign, it can display things, it can add new cosigners and display Multisignature addresses and things like that, but it didn’t go through the security audit yet, it is a little bit of spaghetti code everywhere, and so on. But at least this is something that already let’s people to feel the interface and capabilities of the wallet that potentially can be made. And also we are using the same prototype to experiment with new features like CoinJoin, Lightening Network, and other additions to the protocol. We also want to give it too for other developers to try it out and to see how we can improve and how the software parts of the, let’s say, Bitcoin Core or Electrum or other wallets can improve.

Stepan Snigirev: So, that is the current status, we decided to focus on this do it yourself approach for now, and get the community feedback, and then from there continue working on both the consumer hardware wallet, like a serious one, and enterprise solution and other things like in parallel with that. So, we hope to get some feedback from this do it yourself project to align ourselves for the future. So, a little bit selfish, but hopefully community will also get something from it.

Stephan Livera: Yeah, I think they will. Justin, do you want to just give us a quick update of what you’re doing with BUIDL Bootcamp, and some of your projects?

Justin Moon: Yeah, so I’ve been teaching BUIDL Bootcamp for like ten months now. So, one of the things we do is we build couple hardware wallets, build some software wallets, so if you’re interested in that please join, it’s a good group. And I made a Mooniversity class, it was called. It’s a learn to code class where everything’s about Bitcoin. So if you’re interested in coding you can check that out, interested in learning to code. So the idea is leverage people’s interest in Bitcoin to help them learn to program, because that’s a very useful skill. And the idea is eventually I’d turn that into a more subscription site where it’s all kinds of little examples of stuff you can do Bitcoin-programming wise, if you want to learn how addresses work, if you want to learn to build a Blockstore, there’s all these little projects that you do, so I’m slowly rolling that out. And yeah, I want to do a lightening class pretty soon, too. I’ve been putting that together, talking to some companies, and hopefully that will happen.

Stephan Livera: Fantastic. So, look, let’s just talk about where, if they’re listeners now, they want to find out more about Junction, or about Specter desktop and about this project, where should they go to find the info?

Justin Moon: So, let me just get this … diybitcoinhardware.com. That will sort of have everything from these. If you want to see the Crypto Advance stuff, go to github.com/cryptoadvance. They have the two projects posted, just recently posted. So, check those out. Really impressive looking. And Junction is just github.com/JustinMoon/Junction. That will probably on the … you can find that. So, yeah I think most of it is just on that Bitcoin, diybitcoinhardwarewallet.com. We’ll try to put all that stuff there. So, if you want to dive down the rabbit hole of playing with Bitcoin hardware, learning how private keys work, and tinkering, that’s where you can find Stepan and I.

Stephan Livera: We’ll put all the links in the show notes for the listeners. You guys can go and click around and have a read on the material there. So, look, thank you very much again Justin and Stepan for joining me today.

Stepan Snigirev: Thanks for having us. It was a lot of fun again.

Justin Moon: Yeah, my pleasure, it’s … I just have to mention that we have a person in Texas, we have a person in Australia, and a person in Moscow, so one of us is very tired right now in the middle of the night. Let the listener guess who that was. It’s crazy though, it’s crazy how this works.

Stephan Livera: Thanks guys.

Justin Moon: Take it easy.

Leave a Reply