Stepan Snigirev (CTO Crypto Advance), and renowned hardware wallet maker rejoins me on the show to talk about Specter DIY and Specter Desktop updates. We chat:

• Why make your own
• Security model vs other HWWs
• Airgapping with QR
• Use in multi sig setups
• Specter Desktop updates

Links:

• Specter DIY github:  https://github.com/cryptoadvance/specter-diy
• Specter store: https://specter.solutions/shop/specter-shield/
• Stepan Twitter: @StepanSnigirev

Prior episodes:

• SLP205 Specter Desktop Bitcoin Multi Sig with Stepan Snigirev & Ben Kaufman

Sponsors:

• Swan Bitcoin
• Knox Custody
• Unchained Capital (code LIVERA)
• CypherSafe (code LIVERA)
• Hodl Hodl

Stephan Livera links:

• Show notes and website
• Follow me on twitter @stephanlivera
• Subscribe to the podcast
• Patreon @stephanlivera

Podcast Transcript:

Stephan Livera:

Welcome back to the show.

Stepan Snigirev:

Thank you. Thank you, Stephan, for having me happy to be here again.

Stephan Livera:

Yeah. So I see you and Ben and the team and Moritz at Crypto Advance have been doing an excellent job with Specter Desktop and also Specter DIY. So I’m excited to chat a little bit about this. So can you tell us a little bit about why you went about doing this project?

Stepan Snigirev:

Yeah, so I’m very happy that I actually here now it’s like a perfect timing because we just released to make a new release of specter DIY. But yeah, first of all why basically I think that’s more hardware. Wallets is better and more different security models is also better. So originally we started designing Specter DIY as one of the Multi Signature Co-Signers for cold storage, and we also wanted to make the security model flexible because normally with hardware vendors, what you have is what they decide is good for you. And our idea was to make it more like a developer tool. And also at tweakable hardware wallets, let’s say the first hackable hardware world, even though it’s sounds terrible. Yeah, that’s you can actually adjust according to your security model.

Stephan Livera:

So you mean hacking in a good way right. And hacking in the playing around as opposed to I’m attacking you and stealing the secret out of this hardware wallet kind of way right?

Stepan Snigirev:

Yeah. So it’s more like tweaking it according to how you feel more comfortable.

Stephan Livera:

Yeah. Yeah. So can you just give us a bit of a background for listeners who are not familiar? What does it look like? What are some of the kind of key points to note about this?

Stepan Snigirev:

Yeah, so the main idea was that first we wanted to avoid supply chain attacks. So we started developing it from over the shelf components. And as a base we use just develop a board by STM Microelectronics. So it is a pretty nice board with a larger screen and the microcontroller is pretty capable, but pretty much similar to the microcontrollers that run on Trezor or Ledger and Coldcard basically on all the hardware wallets. And then because I’m paranoid. I also thought that it would be nice to have a good air gap and still convenient. So we decided to add a QR code scanner and at the moment what we have is this discovery board plus the QR code scanner so we can be completely air gapped and we have full control of the data flow.

Stepan Snigirev:

So yeah, with QR codes very limited in amount of data that it can transfer. But also you have better control. So like either you’re scanning or you’re scanning back, so you control everything and you can stop if something doesn’t look right. And recently we also added support for secure element because well better to have an option to have a secure element and we do it with Java cards. So these are basically this plastic cards that you normally use for your government IDs, that you use for banking cards and all of these kinds of things. And you can actually program it if you buy one also off the shelf, you can program it to do what you want. And we developed a javacard applet tablet for that as well, such that you can even with all this DIY approach, you can still have some hardware security.

Stephan Livera:

Great so with the Java card and what’s required to make it able to read that, do you need another part to add to the kit? Or how does it work?

Stepan Snigirev:

Yes. So unfortunately we were not able to find extension boards on the market that supports this smart card slot. So we had to design our own and this slightly ruins the idea of only off the shelf components. But as I said Specter is made very flexible, so you don’t have to use them. And yeah, so what we currently did, we manufactured a bunch of these extension boards and we are putting them online on the web shop so people can actually get them. But again, it’s not critical, I mean, it’s nice to have, but it doesn’t must to have, right. So you can live without it as well.

Stephan Livera:

I see. Yeah. And so just for listeners who might not have seen this before, there are some videos floating around on Twitter and on the internet around how to make this and what it looks like, but essentially it’s kind of iPhone sized and it’s got a screen and it’s also got the QR. So that’s just, so you have a rough idea if you haven’t seen roughly what it looks like and stuff. So can you just talk us through, what’s the process look like if you want to make one?

Stepan Snigirev:

So in our github repository that I think that we will link in the description. We have a document called shopping where we basically list all the parts that you need to buy. You need to buy this discovery board and they are available in many electronics shops like Moss or Digi-Key then the QR code scanner it is a little bit longer to wait because they are coming from China. But they’re also not security critical because it is basically a dedicated thing that only captures images and transfers this data to the microcontroller. And in principle, the only extra thing that you need is the pins to connect the wires. And these are also like 20 cents in an electronic store and for full air gap and to make it self contained you probably want to add a power bank.

Stepan Snigirev:

So the board can be powered from one of USB ports taking a normal five volts from the powerbank. So basically three components that you can put together without any soldering make sense to use some duct tape to connect it all together. But if you have a nice soldiering skills, then you can also make it a little bit more fancy. So like the very first early prototype that I made, I just put together in the day, a prototype board where I had the battery and the QR code scanner, everything wired and connected to this arduino compatible headers directly. So then it is a little bit more compact and easier to use. Yeah.

Stephan Livera:

Great. And can you give us an idea of the cost involved?

Stepan Snigirev:

So I think that the discovery board is around 60 bucks. A QR code scanner is around 40, power bank. I have no idea, probably people have a power bank, so I hang around at home. So let’s say it’s free. So in principle in 100 dollars, you can get the device fully assembled then probably you want to add some costs for the 3D printed cover or something. And it’s very nice to see that people in the community to actually building this in quarters and putting them online as well. So you can either download files or buy directly from them. And yeah, so this is like $100. And if we are talking about our developer kits that this extension boards that includes both the battery and the QR code scanner and the Smart Card slot, then I think it’s around 90. If I remember correctly yeah. Something like that. So then it will be a little bit more expensive, but also you will have a possibility to have a secure element.

Stephan Livera:

Great. And so how would you compare this kind of wallet versus some of the other Hardware wallets that are out there? Something, you know, like Trezor and Ledger and Coldcard and so on.

Stepan Snigirev:

Okay. So first we introduced a few different modes of operation of this hardware wallet. So for example, with Trezor and Ledger and Coldcards the only way how you use them is how they are designed. So Trezor stores, their secrets on the microcontroller Coldcard stores it on the secure element but gets the secret every time when you want to do it in cryptography. And later does the other way around that all the cryptography is happening on the secure element and the secret stays there. Right? So in our model, we have different options. So first when you turn on the device and you enter your recovery phrase, it doesn’t actually save the recovery phase. So then it operates in let’s say amnesic mode. So whenever you turn off the device, it just forgets the secret, and it’s pretty hard to hack something that doesn’t store the secret.

Stepan Snigirev:

So if you remember your recovery phrase, for example, then you don’t really need to store the secret anywhere. You just retype it every time when you turn on the device. Then the second is more like Trezor security model. So you can save the secrets on the microcontroller itself on this application microcontroller. But this is how we call it reckless mode because yeah. Application microcontrollers are pretty easy to hack into. Yeah. You know, you probably also saw plenty of hacks on Trezor. Mostly I mean, Trezor is great, but this is what you can do is fully open source microcontroller. Then another option that we added recently is SD card support. So basically when you insert your SD card into the device and you can store your secret encrypted on this SD card.

Stepan Snigirev:

And then for example, you can keep your hardware wallet at home, and you always take your SD card with you. And only when you have both of those pieces together then you have access to the secret because it requires both the part of the secret encryption that is stored on the device and the SD cards that actually stores your Bitcoin private key encrypted. And so this is more like something in between Trezor and Coldcard, I would say hard to really align them. Yeah and then with Java cards, we have two applets now one, if you don’t trust Java cards, because they are using proprietary Java card OS and then our open source application is built on top of that then you can use the model similar to Coldcard when you secret is stored on the server secure element.

Stepan Snigirev:

But it is also encrypted. It is PIN protected but yeah, you need the device to get the secret out and you do all the cryptography on the main microcontroller. And then the last one is more like ledger in security model, where you can put your secret on the java card and all the crypto is also happening in there. And then there is no way to get the secret out of the secure element. So yeah, trying to cover all possible security models and everybody can decide what fits better for them.

Stephan Livera:

I see. Yeah. And I suppose this is one of those points where depending on how you are using the device it, like, for example, you might do it in a more, let’s say reckless way. But if you’re doing it as part of a multisignature quorum, well, then maybe that makes sense for you, depending on how you’re thinking about your security versus if you were to try using this maybe for like small amounts as kind of like a more single signature, small amount kind of warm wallet thing maybe that would make sense for you.

Stepan Snigirev:

Yeah, this is actually how I use it. So I have one of Bitcoin keys that is saved on the device that I use for well, not everyday spending, but spending from time to time. And then I also have my recovery phrase, well that I remember that I use in the Multi Signature set up with other hardware wallets and actually Specter desktop appeared as a tool for this cooperation between well, creating the multisignature a coordination of the multisignature between wallets is because we started designing it as a multisignature co-signer and so we just needed a tool that will be able to work with other hardware wallets as well. A few other things that kind of what we make slightly differently comparing from other hardware wallets. You know, so air gap is nothing new now because we have already covered that is also using QR codes for communication. Coldcards is a pioneer of air gap.

Stepan Snigirev:

So they use SD cards and yeah, ours is also air gapped. And then another thing is we are using Bitcoin Core’s library, libsecp256k1 and everybody else, as far as I know, uses something different. So Trezor and Coldcard use Trezor’s cryptographic library and ledger uses their hardware accelerated elliptic curve implementation program. So here we have also something different on the cryptography side. So that also helps for the multi signature because more your hardware. Well, if your hardware what is a very, very different than the probability of taking all of them goes to zero, basically,

Stephan Livera:

Actually one other point I wanted to go back to just with the QR codes. What’s your thought on, well, first of all how much data you can transfer through a QR code, and maybe you just want to tell us a little bit about the use now of like animated or GIF QR codes, as opposed to just the standalone QR codes. Have you found that to be a better experience or more easy to make it work?

Stepan Snigirev:

Yes. So it is really great. So I want to mention that Christopher Allen is doing a really great job with his team standardizing these animated QR codes dynamic characters. And this is really great because then you don’t have a limit on the amount of data that you can transfer. So you just keep scaling the large PSBT without any problems. So what’s is tricky is when you’re using QR codes then you need to process an image and then you need a pretty large image processing library somewhere that does it for you. And then more code means a larger attack surface. So what we decided to do instead of using a camera and display in the image that you’re scanning on the screen, that would be much more convenient from the user perspective.

Stepan Snigirev:

But we decided to go other way around. So we have a dedicated QR code scanning module that has a separate microcontroller that does all the image processing. And then since the data that it scans to the main microcontroller over a simple (inaudible) interface. So then we kind of decouple this additional attack surface from the main Micro controller that is controlling the secrets to a dedicated one. So I would say that it is a reasonable trade-off in terms of security. And also we use a slightly modified PSBT transaction format. So it is PSBT but in order to decrease the amount of data that we are sending back and forth we actually use some proprietary fields that are specified in PSBT standards. You can use certain proprietary fields to tell the hardware wallet, what wallet to use.

Stepan Snigirev:

So, I mean, you don’t need to pass a lot of data if you know that the hardware wallet knows about the world, you don’t need derivation paths passes for every co-signer. You don’t need xPubs, you don’t need witness scripts. You don’t need many, many things. If you assume that the hardware wallet knows about the wallet. So our approach here is that you set up the device and tell the device that, okay, this is the wallet that I want to use. It is for example seven of 11 multisig. And yeah. Now whenever I want to sign for this wallet, I just can say the hardware, wallet okay, use this wallet and you know how to derive everything for that. And this is just the last two indexes of the derivation path that you need. Otherwise you figure out everything yourself. And when we tried this, we actually saw that in 90% of cases everything fits in one pretty small QR code. So that’s also nice. So then you have one QR code in one direction and one QR code in another direction.

Stephan Livera:

Yep. Also I’m curious around whether you see any kind of the flip side, the risks around QR codes and whether that could be used to maybe I don’t know the exact term, but maybe some kind of malformed QR, or some kind of malware, or some kind of maybe sort of, kind of like a SQL injection attack, that kind of thing. Is that sort of thing possible with this approach of using QR codes?

Stepan Snigirev:

So yeah, this is a threat. If you are processing QR codes on the security critical microcontroller and has to be separated in a different one I think it’s less of a threat but also, I mean, I can say the same about SD cards. So if there is a malformed SD card that is communicating with the main microcontroller and prepares malicious packets, pretending that it is sending the file data you can also get the same. So I don’t think that there is any communication channel that is perfect in that sense and yeah, just need to be tested and better if it is really limited and unidirectional. Yeah. So SD cards and QR codes in my opinion are roughly the same yeah, on the same risk area.

Stephan Livera:

And just to clarify there, so as an example, let’s say it was some kind of malformed, you know, image or malformed SD card malware kind of thing in that sort of scenario, could it basically trick the hardware wallet into thinking it’s signing, you know, to the same address, like as an example, I’m sending to address, you know, one, two, three and like on the hardware wallet device, would it still show that, or what we’re getting at here is essentially it could be malformed in such a way that it shows, you know, four, five, six instead of one, two, three, you get what I’m asking?

Stepan Snigirev:

Yeah. Yeah. I understand, so I think there are more chances to trick the hardware wallets, not by using malicious QR code or SD card. But instead just by exploiting some vulnerabilities in the PSBT transaction parsing or something. So yeah, if, for example, the hardware wallet doesn’t verify the PSBT properly. In principle there’s still a risk that you get arbitrary untrusted data from the host or from somewhere, and there could be some overflows and maybe that can be escalated and arbitrary code execution. And if you have arbitrary code execution, then it can do whatever you want, whatever it wants with the microcontroller basically. But I think that if we put enough effort into actually checking this particular piece, so like, we really need to make sure that the data that we are getting from the host should be completely untrusted and to verify it with many, many ways. So like the size, the, well, the data fields, the format, everything and if you put a lot of effort into this piece then you are purchasing, so this is like the largest attack surface, because you are getting some random data from the host. So I mean in that sense if you have limited data flow it is better.

Stephan Livera:

Yeah. Right. I see. Yeah. And look, I think in fairness as well, it’s, it’s one of those things where you can talk about some kind of more obscure kind of attacks, but ultimately we shouldn’t let that stop us from taking additional taking steps to improve our security. And if by using this additional device, we can start using multisignature we’ll then, you know, you kind of have to take the, take the good with the bad, right. If it’s an overall net improvement. Well, then I think that’s a fair way of looking at it. And I think it’s also a really cool to point out as well, that when you do these QR scan PSBT, it’s actually a really excellent experience. Like when you I’ve tried it with Specter desktop and using like the Cobo QR back and forth and it’s like really, really cool to see the kind of scan the QR and sign it. And then basically flip the screen back and you’re showing the QR of the signed PSBT and then Specter desktop can now take that. And then now that’s ready to, you know, that’s another signature, so it’s a really cool experience for the user as well. So that’s also something that listeners can consider there also.

Stepan Snigirev:

So it is also very convenient, like even if you have for example, Specter desktop on your mobile then you can use this QR code scanning like a simple flip and flip procedure, and you don’t need to connect to anything to the USB on your phone. So you don’t need all this communication with USB hardware wallets. So it’s also easier to yeah. Much easier to to yeah. Just to use in this kind of hardware wallet.

Stephan Livera:

Yeah. And actually I’m now I’m also thinking of in the older days when people used to use the whole armory offline which I’m sure you probably are familiar with also Stepan, but I know there were, I’ve heard of stories where people were trying to use like a laptop with another laptop to try and scan the QR off, like an armory offline sort of style set up. And now, obviously in November 20 we’re much more advanced with that. And now we’ve actually got devices that can do that for us. So that’s actually very handy also,

Stepan Snigirev:

But you still can do laptops. I mean, if you don’t trust hardware, wallets you can actually use air gap laptop. And we tried that recently with Specter desktop. So you can have a Specter desktop with Bitcoin core running on the air gap machine and used as a signer and another laptop that is connected to the internet used as a coordinator online. Yeah. Yeah. And well, it’s sounds, it looks ridiculous when you try to scan a QR code on one laptop using another laptop. So it’s like this laptop sandwich, but it works. Yeah. So, and I think that there might be people that find it more useful and more confident to use this kind of setup.

Stephan Livera:

Yeah. I see. I see. And one other point, actually, just on QR, I’ve noticed, in some cases it can be difficult if you’ve got a bad webcam, for example, like sometimes depending on what laptop or computer you’re using, sometimes it’s like hard to do the QR stuff. If like the webcam on it’s like an old crappy laptop, sometimes the webcam is a bit difficult. Have you seen that kind of thing or is it more like in your experience it’s actually worked pretty consistently?

Stepan Snigirev:

So yeah. Especially if you have a very shitty webcam and you are, for example it’s late in the evening, so your lights are dim in the room, then you might have problems scanning the codes. So it can be solved. So we have this feature similar to what Cobo has like you swipe or click on the QR code. And it goes a full screen with a white background and the webcam handles it easier. But still sometimes there are problems. Yeah. So we are trying to solve it. So you need to reduce the QR code frame size, for example, and then have more sequential QR codes to get it’s scanning more reliably. I don’t really know what you can do with that. The only thing that we can do, we can use a laptop with a very bad webcam ourselves and try to find a way to make it work. Yeah. So I’m working that sense. I have a very crappy web cam.

Stephan Livera:

He’s going the extra mile. And I think the other big point of this, like the whole point, one of the points of this specter, DIY device is the idea of trying to remove supply chain risks. So how much supply chain risk do you see with, let’s say the other hardware wallets and potentially this is something that, okay, so let’s say over the next year or two, there’s the big bull market and, you know, it kind of goes crazy and it’s hard to, you know, we start seeing a lot of those resellers of the fake Trezors or whatever, I guess that’s the kind of risk that we could see in terms of supply chain. We might see more and more people try to do that kind of fake hardware wallet attack, right.

Stepan Snigirev:

Yeah, I think that they were already a few attacks like that. So I do remember that there were like there was a shop of a reseller of the Ledger on Amazon that was shipping the device with already pre initialized recovery phrase. So the guy just wrote down the recovery phrase on the recovery sheet and was shipping it with the recovery sheet that he obviously knows. So these kinds of things I think with Trezor, it might happen as well at some point. But at the moment these attacks are very simple. And if you just keep a few simple rules, like only order the device from directly from the vendor. So from the web shop of Trezor Ledger ,Coldcard and so on then it’s much harder to perform this kind of attack. There is still a possibility that some DHL delivery guy will take your device and open it and do something with it or replace it. But I think that at the moment we are not at this stage, but I am expecting that something like that may happen in the future. Yeah. So there is a risk but everybody should be careful. Yeah.

Stephan Livera:

Yeah. And to be fair to just that risk as well of coming from the hardware wallet, but it to the customer, but it could also be an upstream supply risk, so it could be unknown to that actual hardware wallet manufacturer.

Stepan Snigirev:

Mm. So yeah, if the hardware wallet is manufactured somewhere like outsourced, and then this factory workers can also do something with the chips. And it is also a little bit scary, but as far as I know, a Ledger and Trezor are manufacturing all the wallets in-house, so like in Czech Republic and in France so they kind of have a better control of the manufacturing process. And so that’s good, then they’re taking the step. Yeah.

Stephan Livera:

Yeah. all right. And so, in terms of, I guess the downsides of this wallet, I guess you would say it’s, it’s, you know, it’s relatively new it’s, you know it’s still kind of needs a bit of time to be battle tested. But do you have any other views to share on that?

Stepan Snigirev:

Yeah, so that’s definitely true. So the project is a pretty immature. So the team is pretty small. So at the moment I’m working on all the high level logic of specter DIY and Mike our security guy is doing more low-level stuff. So could we secure boot loaders, work and things like that. So basically the problem is that, yeah, we have a very small team, not enough code reviews no really like certifications or whatever. So this is very, very welcome. And also regarding the Java card applet, for example would be nice to review that because this is the thing that is storing the secrets. So, but we also have this disclaimer in the repository that it is a work in progress. So I still think that specter can be used either for small amounts or as a signer in the monitors, et cetera. Because yeah, I mean, I hope I believe it will happen for sure that the project will become more mature. And we also be able to confident to say that, okay, this is now a secure hardware wallet that you can use for your main funds, but I mean, multisig is always better. It adds little bit of complexity of the backup. But otherwise yeah, as I was saying in all my talks, everything can be hacked including hardware wallets,

Stephan Livera:

So, yep. Yep. So if we were to talk about using it as part of a multisig, so obviously you can use it as part of with alongside Specter desktop, which is a great multi-sig coordinator app. Can tell us a little bit about what that looks like if you want to use it as part of a multisig quorum?

Stepan Snigirev:

So basically the setup is very similar to any other hardware wallet. So first you need to get your master public keys into specter desktop or any other coordinator. And yeah, this is just scanning QR codes and after that you can create the multisignature wallet and you need to import this wallet into the device. As I mentioned before, we are using this assumption, whereas a human that the hardware wallet it knows about the multi sig wallet and also it helps the hardware to verify the transaction. So if it knows about the wallet, then it can say that, okay, this is actually the change. And this change goes back to exactly the same wallet or for example, you have two outputs and one goes to one wallet that I know, and another one goes to another wallet that I know. So for that in specter desktop, you just need to get the QR code with the descriptor of the wallet and specter DIY just scans this descriptor and can calculate the addresses and all other information from that. So, yeah, we are using Bitcoin core descriptors as the definition of the wallet.

Stephan Livera:

Right. And that’s a more advanced feature also as a, I don’t think many other wallets are using output descriptors natively. So that’s a cool point to note there. So I guess in practice, that’s actually two descriptors, right. Because one would be I forgot which one’s, which, but one’s the internal chain and the external chain, one’s the change chain. Right. So I guess you would have both descriptors, right?

Stepan Snigirev:

Yeah. So we simplified it a bit such that we can scan only the receiving descriptor and then if it is /0/* , then we can assume that the change descriptor is basically the same, just the derivation path is using /1/* . So basically you can scan one descriptor and get a default receiving change branches there. I think that it would be nice to have like more general descriptors such that you can define, okay, this is the receiving and this completely different thing is the change. But we didn’t implement that yet, it would be nice to have extra. Yeah. But we also don’t see the demand for it because everybody’s using currently the default multi sig with default descriptors, so we can leave right this for now. Yeah,

Stephan Livera:

I see. Yep. And also I’m curious about whether you would be interested to do this kind of feature or whether that already exists is this idea of so for example, let’s say you want to use Michael Flaxman’s guide and you want to do a seed picker. And that guide currently, you need to basically, you would pick out 23 words and then the 24th word is a check sum. So is that something that you might be able to kind of internally calculate inside the wallet or on the device?

Stepan Snigirev:

So we actually integrated this feature recently. So two features on the entropy side. The first one is you can use, like meat generated entropy. So you just throw the dice and pick the words and trend them, or like you use a hat this all the words cut up and you select 12, 18 or 24 words and the in specter DIY, you start entering this words. And then when you hit to the 12th word and enter the last 12th words it will suggest you to fix this word if it detects that the check sum is incorrect. So basically you can generate the recovery phase fully offline and using only physical entropy. And then fixed the last word similar to what seedpicker does. So the only difference is that seed picker is adding the 24th word, and we, instead are fixing the 24th word so fixing makes it the whole process a little bit more deterministic.

Stepan Snigirev:

So instead of feeling some bits with zeros, we actually use all the entropy of the user, but replace the checksum with the correct one. And then another interesting feature that we edit recently, if you are not sure about how good is the true random number generator that is on the device then when you are generating the recovery phrase it first shows you the recovery phrase that you can use just like that. Or you can click on every of the word see the corresponding, like 11 bit string and then flip the bit. So basically you can take, for example, 11 coins shuffle them and yeah, throw them and see which of the coins are heads and tails. And then on the corresponding word, you just flip the corresponding bits. So then you’re basically XOR’ing the entropy mixing together, the entropy that was generated by the hardware with your own physical entropy, and it is fully verifiable. It doesn’t change any other words except the last one to maintain the correct checksum. And then you can improve your randomness even further because if you are XOR’ing random numbers, the result is better than any of the incoming randomness.

Stephan Livera:

Yeah, I see. Yeah. So that’s the, again so this is one of those points where I don’t understand it fully myself, but there’s this function called XOR. And so that basically mixes the randomness together and that’s kind of a function that helps you get additional randomness. I wouldn’t be able to explain any of the detail around exactly how it’s doing that.

Stepan Snigirev:

Yes, sorry for going a little bit into technical details, but I think that it is also like another level of paranoia. So like, if you are a very very paranoid then you probably wants to figure out how this feature works and use it as well. Yeah. So you can use it. Yeah.

Stephan Livera:

Gotcha. Yeah. And so in terms of future plans what can you share with us there? I know so recently you were, you were chatting a little bit about the use of a secure microcontroller.

Stepan Snigirev:

So yeah the interesting thing that I figured out in conference last year, that now there is actually a microcontroller that is secure and doesn’t require NDA. So Maxim integrated the company, American company decided to make this experiment they developed a chip that doesn’t require NDA, but it has certain features like voltage and clock monitors that provide you some hardware security. So it is not like the high grade secure element because well that kind of microcontrollers normally go through the certification and then they require NDA because to get higher points in the certification, if your thing is closed source, you get extra points and this one is slightly different, but still it’s the unique thing is that it doesn’t require NDA and it has some hardware security. So we were thinking about using that and designing basically the the boards that will look exactly the same as the Java card that includes that microcontroller inside. And that can be a drop-in replacement for our current, javacard implementation. So we will still maintain the Java card parts and also make this fully opensource version that’s you can control better and we can control better. So that’s a very nice yeah. Looking forward to this.

Stephan Livera:

Yeah. Out of curiosity, do you know roughly how much that piece of equipment costs?

Stepan Snigirev:

The microcontroller costs like 20 bucks, maybe 10 bucks? I don’t know. They already ship all the microcontrollers are very cheap, even the secure element that is like high great and NDA graded. And so in certified they cost nothing really.

Stephan Livera:

Yeah. Okay, cool. And yeah. Anything else you can share with us in terms of future plans and what you’re doing with Specter DIY?

Stepan Snigirev:

Yeah. So one important thing is we start the limited edition of a limited sale of our development kit, our Specter shields. This is what I mentioned that includes the QR code scanners smartcards and also we are cooperating descriptor clocks to make the nice 3d printed casing for the board. And I think that we will put the shop online when this podcast is out. So basically there, you can buy either the fully assembled thing together with the discovery boards and the smart cards or you can only get the this extension board and all the rest of the parts that are like security critical from random suppliers. And it will be like orange edition 50 pieces because we wants to get some feedback, initial feedback from the users to see what we can improve and how we can get it and make it better because at the moment yeah, there are a few people that actually assembled the DIY themselves and are using them.

Stepan Snigirev:

And we get some feedback from that, but currently there is no easy way to get the smart card, secure element support for it. So that’s why we are starting that. Then otherwise on the future plans let’s see how it goes with with the response of the community. And maybe we can do something like a fully manufactured version of specter DIY So one thing to note here that they will always maintain the DIY kind of spirit of the project. So DIY first, and then all this stuff that we sell is more like for convenience, for lazy people, or for not very sophisticated people. Right.

Stepan Snigirev:

I mean, it would be really, really nice to have like more feedback, but also more contributions because yeah, you can do many things with these hardware wallets and like really looking forward to things like is create maybe lightning and coinjoin and liquid network, all these kinds of things are really, really exciting. So let’s see how it goes. Schnorr coming soon, that will be huge. Yeah. then other, other than that specter like the whole project we tried to make it platform independent. So in principle you don’t have to use these discovery boards and everything, all the that we selected. But actually it can be ported it to anything else. So if you wants to make a version that is with Bluetooth and using (inaudible) or m5 stack or something like that in principle, it is possible to port it there.

Stepan Snigirev:

So I think it would be very nice to have like maybe some documentation in the guide, how exactly to port it, because then you spread the risk of the supply chain even further because now people don’t know what exactly you go buy for the specter DIY. And another interesting platform to look at is actually RISC-V microcontrollers that are coming. There are a few that are very powerful already and risk five as it is a new architecture. It also has some extra security features and also don’t have a legacy lying around and potentially introducing some random back doors in your microcontroller. So that’s also nice. And in general yes, sorry, just too many plans, too many plans.

Stephan Livera:

Actually just on the risk point, risk five. So my understanding of that, it stands for, I think, reduced instruction set computing or something like that, but essentially it’s like this whole push towards open hardware, right. So I guess the idea is we want not just open software, but we want open hardware, and this is part of the push in that direction also, right?

Stepan Snigirev:

RISC-V. It is a little bit tricky. Yeah. So it is a standardized instruction set. And then the idea is that any, any Silicon vendor can implement the microcontroller that implement this set without the need to pay a royalty fees how open they are is a different question because normally the microcontrollers are not just the core and the instruction sets. They also put a lot of other components there. And most of the companies that are manufacturing RISC-V chips, now they still put proprietary stuff around it. But the nice thing is that you can actually take this instruction set and you put it for example, on the FPGA and it is like a more open and controllable platform where you basically define how transistors are wired together and then have your own RISC-V microcontroller or based on data to be a little bit more expensive, but it is way more open.

Stepan Snigirev:

So less probabilities of back doors by the manufacturer or implementer. And I think one very important project in this space is a Precursor by Bonnie. So this is the RISC-V based communication device, basically that would be a replacement for your phone or for encrypted calls and things like that. And also for storing the keys and he’s using executive implementation there. And yeah, you can also just get rid of the wireless module there, and then you get a very interesting hardware wallet from it.

Stephan Livera:

Very cool. Yeah. Thanks for clarifying there yeah, it’s interesting to see what’s happening with that stuff as well. I’m definitely excited to get a specter DIY for myself. So I’ll definitely be heading up that web store when it’s available. Also wanted to just chat while we’ve got you here also to chat a little bit about Specter desktop updates. You guys have recently put out a new version and you’ve got some, you know, new features coming and things like that. So can you tell us a little bit about the latest version and any highlights that you want to hit there?

Stepan Snigirev:

Yeah. So from the last time when we were on your podcast with Ben, many things happened, so we released the app that is actually a stand alone app. We get the Tor support that is kinda working and improving that currently we got replaced by fee that is very important feature for high fees or crazy, crazy random fees that we currently have in Bitcoin. Then in general, the app became much more stable and this is mostly due to Ben and Kim. So Kim is not so loud contributor to Specter desktop that is doing all the infrastructure, continuous integration testing and stuff. So thanks to that, thanks to his work. We became much more stable and now we are really aiming to get to version one.

Stepan Snigirev:

So we still need to fix a few things. But other than that I think in a month, maybe we will get to version one that we can say that, okay, specter desktop is now stable and usable and yeah, go for it. We can recommend it for sure. Yeah. I mean, I can recommend it even now, but I mean, I know that there are bugs from time to time and it was super exciting to see how people actually, how many people are actually using specter desktop and all this community support. And shout-outs, it’s just crazy. So we just, the whole team is so happy now.

Stephan Livera:

Yeah, that’s great. I think it’s yeah, you’ve had a really good community response. I think a lot of people were looking for something like this. I was also curious the recent version, it mentions an offline mode. Can you tell us a little bit about how that works?

Stepan Snigirev:

Yeah, so this I mentioned it’s a little bit earlier about this air gapped laptop. So the offline mode is that if you have an old laptop and wifi doesn’t work, or you can turn it off, for example or you buy cheap laptops where you can get rid of the wifi then you can put there basically couple of binaries Bitcoin core and specter desktop and then you can use it as a signer. So Bitcoin core will be signing the transactions. Specter desktop will take care of the user interface and scanning all the QR codes and displaying the QR codes. And then yeah, your old laptop can become a pretty good air gap machine that is used as one more signer. So you probably know about this glacier protocols, something like that. Yeah.

Stepan Snigirev:

So I think that they recommends using air gapped laptops as signers but they user for user interface and kind of all the complexity of the setup is a little bit too much for me, I would say.

Stephan Livera:

Yeah.

Stepan Snigirev:

And so we try to implement this in a little bit more user-friendly way. And yeah, we tested recently and it works and it works really great. So on the surrogate laptop, you can verify the change, you can see the outputs and addresses and everything, and you still use signing functionality of Bitcoin core. So yeah, if you trust Bitcoin core then this is probably a pretty good candidate for one of the signers.

Stephan Livera:

Yeah. Also sorry you might’ve mentioned this, but I think I missed it. So does the Specter offline mode, does that actually have private keys or how are you managing that in terms of the private key part of it for the offline one?

Stepan Snigirev:

So yeah on the offline mode, what you create, you create hot Bitcoin core wallet, even though it is not hot, it is offline. But yeah, then you enter your recovery phrase there and then this recovery phrase is converted to a private keys and loaded into Bitcoin core. So if you wants to keep it fully stateless then you probably need to clean up Bitcoin core after that. So just delete the wallet files. That Specter created otherwise it stores private keys in a Bitcoin core wallet. But I think you also can encrypt it so Bitcoin core wallet, functionality supports encryption with a long password, or I think if you use something like a stateless OS like Tails, for example, it will clean everything up for you automatically.

Stephan Livera:

Yep. Great. And also with the Tor support is that’s for is that windows and Mac, and essentially you, what would you use that to? Would you use that to try and automatically connect back to your, let’s say you’ve got a Bitcoin core node running at home? Is that the idea or what would you, how would you use that?

Stepan Snigirev:

Yes, Sir. This is the idea that you have a node in the box either myNodes or RaspiBlitz or your own home brew thing, or Umbrel and if it has a Specter or if it exposes a Bitcoin or a PC or whatever then you connect to it from your laptop. So basically in this case, what you need, you can have this remote specter that is running on your node that is managing all the walls and watching all the addresses and prepares the transaction. And then you have the app on your laptop that is providing the access to the hardware wallets for this remote specter. So this is one of the models. So you can avoid running Bitcoin core on your laptop and still use a specter for signing with your hardware while it’s, while you are somewhere on a trip or not at home. Alternatively if you don’t run remote specter on the note, and you just expose Bitcoin or PC over Tor, then you can also connect to Bitcoin RPC from your laptop and also basically do the same.

Stephan Livera:

I see. Yeah. And that might be obviously handy if you have, you know, multisig and you’ve got keys in different locations and you got the laptop and you need to go around to get signatures and et cetera to build the transaction and blah, blah, blah. One other one, would you consider bundling Bitcoin core straight into Specter desktop just to make it like a one, you know, one double click install for like newbie Bitcoiners?

Stepan Snigirev:

I think it would be interesting as an option because well, I mean, people use specter for different scenarios, so we could have like a toggle in the settings that either wants to use a built-in Bitcoin core node, and then you configure it either you want to use it pruned or whatever or you connect to existing Bitcoin core node. So I don’t think that it will happen until version one, at least. So it is an interesting feature, but it is not on the roadmap right now, but keep in mind that, yeah, that might be easier. And I also feel like people that are using specter desktop and trying to do like this multi sig and things they probably wants to be sure that Bitcoin core that they download it is actually coming from Bitcoin core.org. So, yeah, maybe but a little bit later. Yeah,

Stephan Livera:

Sure, sure. That totally makes sense to me. Also wanted to just chat about pruning while we’re here as well. So right now, if you want to download the Bitcoin blockchain, I mean, as of November, 2020 we’re talking about 350 gigabytes of download or otherwise if you want to prune it, I think you can do, let’s say 5 or 10 gigs worth. Can you just tell us a little bit about the trade-offs there, if a user wants to do specter desktop in pruned mode versus, you know, doing the full download and then what’s the, I guess what I’m asking is what’s the impact in terms of wallet scanning and wallet use, if we’re on a pruned version?

Stepan Snigirev:

So yeah, the pruned note it will still download all 300 gigs of blockchain data and verify that but while it is downloading, it, it will also erase like old blocks. So it will maintain your hard drive usage to like 10 gigs or so and this means that you cannot easily rescan if you’re creating or importing the old wallet that already has a transaction history. So what we currently implement is you can rescan the UTXO set, so you can find all your unspent transactions but then in order to import them into the Bitcoin core, you also need proofs that this transaction is actually included in a certain block. And at the moment with the pruned note, it is not possible. So we have privacy concerning workaround that you can use a Block Explorer for example, Blockstream.Info to get these proofs.

Stepan Snigirev:

And then you can import this into your Bitcoin core. The idea here is that yeah, you kind of tell potentially chain analysis companies what’s transactions you are interested in, but then at least you can use the wallet. So with, we may add, we will add an alternative to that such that after rescanning the UTXO set when we know that we need this and this and this block we can just connect to our peers on the Bitcoin network and we download these blocks directly and then parse them and get the proofs ourselves. But it is still in process. Yeah. So at the moment the trade-off is that right now you need to communicate with a block explorer, if you want to get your unspents and you cannot get a full transaction history. Yeah.

Stephan Livera:

So currently you let’s say you prune it you run it, you run it pruned, and then you want to start a new wallet on the specter desktop. Let’s say, you know, I’ve got a new specter DIY and it was already pruned, right. So I didn’t set it up before the pruning then does the app as currently configured or app as currently coded, does it automatically do that fetching from blockstream.info or how does that work?

Stepan Snigirev:

It doesn’t do any fetching automatically. So you control it always from the user interface. So if you’re creating a new wallet then it will not even try to rescan it. It is assuming that it is a fresh new wallet that doesn’t have any funds and you can use it as normal. And if you are actually triggering the rescan then you have a check box either you want to connect to a Block explorer to to get this data or not. And if you don’t then well probably you will get only fraction of UTXOs that are in the blocks that are not pruned yet. Yes, this is the problematic part. An alternative is that when you start your pruned node, you also create the wallet in specter desktop. And then in the wallet during this full rescan of the blockchain, it will also get all the transactions from there. So this is an alternative, but for the new wallet, you don’t really need a full node, so you can easily use it and without any privacy concerns.

Stephan Livera:

Great. also you might’ve touched on this earlier, but I’m wondering whether that’s also a future idea, whether you would look at that kind of thing of, you know, some for example, umbrel uses like a neutrino style and then transitions over to the full node. Is that something you would look at with specter of using, you know, compact block filters and things like that to try and give people the ability to more quickly start up? Is that something that you could do or is that kind of more like, not an immediate-

Stepan Snigirev:

I think it is a very interesting thing and one feature that is missing in Bitcoin core at the moment that would be very useful is to be able to use this block filters while using a pruned node, not because, okay, the prune note during the sync is done all in all the blocks, so it could potentially calculate all the all this Neutrino filters. And then you can use that to recover your full transaction history, at least find the blocks that you care about. So we can do something like that or to build a custom block filter builder in specter desktop that is checking out your pruned note and for blocks calculates this neutrino filters that would work, or we can connect to the nodes that provide this block filter.

Stepan Snigirev:

The problem here is that there are not too many nodes that announce this feature. So you have a limited set of nodes that can give you this Neutrino filters. And also you cannot really verify this unless you download the blocks, so they can lie about that. But on the other hand, there’s no real reason for lying to you about that because well, what is the benefit? So in principle, we can connect to this nodes and get all the block filters for all the blocks. And then from this information, we can get information, what books we need for the transaction history, and then get these blocks and then get transactions. It’s a little bit complicated but it is definitely a very interesting thing to try out. And I was thinking about that in the background for the last month or so, and hopefully I will find some time and prototype something that would work with Neutrino filters.

Stephan Livera:

That’s awesome. Yeah. And I just want to say, I really, I’m a big fan of specter desktop. I think it’s a great piece of software. I really like using it. And I’ve definitely, I can see why it’s been so popular amongst the Bitcoin community or at least amongst my listeners and the people I’m chatting with. Definitely very useful piece of software that actually makes multisig actually quite a good experience for the user there. So definitely really appreciate the work you and the team are doing on that. And I suppose might be a good point to wrap up here. So do you want to just tell the listeners, why should they be looking at specter DIY? Why should they go and get one and where can they get one, if they’re interested to get that?

Stepan Snigirev:

First, before I go to the wrap up, I want to shout out to the team to Ben Kim Morris and Mike who are doing a amazing job kinda pushing forward our project. So I’m very happy to have them in the team. And yeah, I love you guys. And regarding the DIY first of all, it’s a lot of fun and it is a very interesting piece of hardware that you should definitely check out. And second it is very different from the security models of other hardware wallets. So why not to include it in the multi sig if you, if you have the capabilities? Yeah, so feedback is a very, very, very welcome and we will keep improving both specter desktop and Specter DIY in upcoming months and to get it it should be, I think, shop.specter.solutions. And yeah, you can just check the check box there and get our extension shield or checkout the shopping in the shopping document, in the repository and just get everything yourself and assemble it. It is very usable without anything from us. And I think this is also a great thing.

Stephan Livera:

Fantastic. So listeners, you can find the links, they will be in the show notes, Stephanlivera.com/231 for this episode. Stepan, thank you very much for joining me today.

Stepan Snigirev:

Thank you very much for having me. I’m really enjoying talking to you every time.