An addendum to the method for storing Bitcoin SV securely, without a hardware wallet.
About one month ago I wrote an article that was intended to walk people through the steps to use ElectrumSV as a cold storage wallet and in such a way that would provide comparable security to that of a hardware wallet. The article to which I am referring to is this one.
Whilst the method for withdrawing funds from cold storage presented in that article remains sound, in the areas of UX and security there are some pros and cons as follows.
- Easy to withdraw from the cold storage wallet using a mobile wallet that can sweep private keys.
- Using a mobile wallet to sweep keys ensures that the cold storage computer remains fully air-gapped, thus increasing security in that sense.
- When you sweep private keys you are theoretically exposing those keys to the internet and run the risk, albeit very small, of compromising your wallet, such as in the case you accidentally re-use the same address (the one associated with the exposed private key) in future.
- To further minimize the small risk described in con #1, it is recommended that the wallet owner break funds up in the cold storage into small "chunks" so that withdrawals can be kept to smaller amounts (and therefore reduce risk). Managing this, so I have found in practice, can potentially be a little tedious, especially as values of crypto appreciate the definition of a "small chunk" may change over time.
Given the above, I will present here a modification to the previously presented method that takes the requirement for a mobile phone out of the equation. It has the effect, on one hand, of increasing security by virtue of the fact that in this modified method, private keys are now never exposed. On the other hand, however, it reduces security slightly by requiring that a USB stick (or other removable storage device) is used to transfer back and forth signed/unsigned transactions, in lieu of using the mobile phone to sweep private keys. After presenting this modified method (which will assume that you have read the original article linked above), I will mention a new development in another mobile wallet that may provide yet another cold storage option that is able to do virtually same thing as this revised method, whilst retaining the air-gapped pro of the previous method, and even improving the overall UX.
Withdrawing from Cold Storage
In the previous article, the method for withdrawing from cold storage was to start the off-line computer, open the ElectrumSV cold storage wallet, view the private key for the "chunk" of crypto that was required to be withdrawn. One would then use a mobile wallet like HandCash that is able to sweep the private key in order to withdraw the funds into the mobile wallet, in preparation, presumably, for sending elsewhere. Something that recently came up, however, is that HandCash is likely to deprecate the ability to sweep private keys.
If you review the twitter thread that is referenced by the above Reddit post, there is even a hint that ElectrumSV might remove sweeping support. So it seemed (at the time) that having a method that relies on sweeping private keys might not be the best to rely upon long term. (Since then, however, a different mobile wallet, SimplyCash, has announced and even improved it's ability to sweep private keys, so it's not a big a concern as it was initially).
For your reference, this is the Simply Cash mobile wallet link:
Given the uncertainty with the ability to sweep private keys and the fact that in practical terms exposing private keys (even though in this case not a big issue) is not a good habit to get into, I decided to document an alternate approach to withdrawing funds from the cold storage wallet that does not require sweeping of private keys. In fact it does away with the need for a mobile wallet entirely; instead you will need a USB stick.
The revised method for Cold Storage Withdrawal
Before I get into the revised method for withdrawing funds from cold storage it is worth noting that this method does itself have some cons (relative to the original method) as follows.
Cons with the revised method
- The UX is not as nice. Instead of sweeping a private key using a mobile wallet and instantly having the funds available, the modified method requires a three step process to generate a transaction, sign it and eventually broadcast it.
- The method requires a USB (or other removable storage device) to be used to transfer details about transactions back and forth between the off-line cold storage computer and the on-line computer.
- The previous con means that now the on-line computer cannot be a dirty machine like was previously acceptable. (See the previous article to understand what is meant by "dirty"). Since the on-line machine will be accessing the same USB device that is also plugged into the off-line machine, it eliminates the air-gap of the off-line machine. It is thus necessary that the on-line machine is kept as clean as possible. Consider using a clean VM or other approach to ensure that the on-line machine is malware free.
Of the cons above, the last one (loss of full air-gap) is probably the biggest; we will return to a discussion about this issue later in this article.
Pros of the revised method
The revised method also has some pros that are worth covering, so we know what the acceptance of the cons buys us, so to speak.
- The main pro of this method is that the need for sweeping private keys is eliminated. If in the future (bearing in mind that this process is intended for cold storage) wallets stop supporting the ability to sweep private keys, then the previous method would leave users in a sticky situation**.
- The overall process is simplified in the sense that there are less moving parts; a mobile wallet is no longer required and everything can now be done with ElectrumSV only.
- There is no need to break funds up in the cold storage wallet into chunks, which sounds like a simple thing to do, but in practice can get a little tedious to manage. For me personally this is the biggest pro, but it will depend to a certain extend on how much emphasis you place on the risk associated with sweeping larger chunks of funds and also whether you suffer from any kind of OCD, like I do! :)
- You can send (withdraw) any amount to any location; i.e., you are not limited to withdrawing a whole chunk to the mobile wallet before sending on elsewhere.
** Regarding the sticky situation, it's difficult to believe that there would be no way in future to sweep a private key bearing in mind that paper wallet cold storage necessitates that it is possible, in some way, to sweep private keys.
The revised method for withdrawing from cold storage
This new method eliminates the need for a mobile wallet and also there is no requirement to split funds into chunks in the cold wallet, though there is no harm if you have done that. I personally took the time to sweep out my old cold storage wallet entirely and start a new one, but that is just me.
The first step to withdraw funds from cold storage involves accessing the on-line watching only wallet. In the on-line wallet, go to the Send tab in ElectrumSV and enter the particulars of the transaction in the way you would do so in an on-line wallet. i.e., The Pay to address, the Amount of BSV and optionally, a Description.
Next, click on the Preview button to view the transaction. The transaction will display in a dialog called the Transaction dialog. The Transaction ID will be "Unknown" and the Status of the transaction will be "Unsigned". It will also show the inputs and outputs. One of the outputs will represent the send transaction and likely there will also be an output for change (back to your cold storage wallet).
This is the part where you will need your USB stick, so plug that in and mount it as necessary. On the Transaction dialog, click Save and save the transaction to the USB, giving it an appropriate name. Once saved, you can close the Transaction dialog.
Now, eject the USB safely, and move it to your off-line computer. Bear in mind that this step is technically breaking the air-gap between your on-line machine and off-line machine so it is important if using this technique to ensure that your on-line machine is free of malware. I recommend that your on-line machine, if you choose to use this method, is only used for the on-line wallet, and not used for any kind of web surfing.
Once the USB is in your other computer, open the cold storage wallet in ElectrumSV and choose Tools --> Load Transaction --> From File.
You will now be looking at the same Transaction dialog as earlier, except now that you are on the off-line machine with private key information available, the dialog will give you the option to Sign the transaction. This will be by virtue of the fact that the Sign button becomes enabled (clickable). Click Sign and the wallet will prompt you for your password. Afterwards you will be able to save the signed transaction back to the same USB by clicking the Save button. Give the new file an appropriate name, or use the default. Now that the signed transaction is saved, you can safely eject the USB, and close down your off-line wallet and computer.
Finally, plug the USB back into the on-line computer, and in ElectrumSV in the on-line watching only wallet, again choose Tools --> Load Transaction --> From File. This time browse for the signed transaction. In the Transaction dialog the Broadcast button is now enabled (clickable). This is essentially the same as the Send button for a normal on-line transaction, but acknowledges the fact that the regular send also signs the transaction; here we have a pre-signed transaction and thus technically speaking, it just needs to be broadcast.
Et viola, you should now have executed a withdrawal from your cold storage wallet without needing to use a mobile wallet or sweeping (and thus exposing) any private keys!
This article presented a modified method for cold storage withdrawal that can be used as a swap-in replacement for that aspect of the overall cold storage approach as described in the article entitled "A method for storing Bitcoin SV securely, without a hardware wallet", linked at the start of this article. The article presents pros and cons of both withdrawal methods and leaves it up to the reader to decide which approach suits them the most based on those articulated pros and cons. The author is personally using the revised method mostly because it avoids the need to break up cold storage funds into chunks, at the expense of reducing the effectiveness of the full air-gap in the original method.
In a future article I plan to look at the ability to use the Simply Cash mobile wallet as a substitute for ElectrumSV as a cold storage wallet, using a very similar overall approach to that with ElectrumSV, except substituting phones in place of computers and Simply Cash in place of ElectrumSV. This may be an even easier solution to utilize for secure cold storage, especially for less computer savvy users, and may be more practical for many people by virtue of the fact that old phones are likely to be more readily accessible than old computers. Furthermore, it would seem (though I have not yet tested it properly), that Simply Cash has a better UX for the transaction signing and broadcasting steps that involves scanning QR codes instead of transferring files back and forth. That would also imply better security by maintaining the full air-gap with respect to the off-line device. Some possible cons of this approach might be ensuring that the old phone really does stay off line (e.g., making sure WiFi never turns on) and dealing with possible situations like being unable to start the phone in future due to failed battery; something I have run into with an old Samsung Galaxy S3 with which I was planning on testing this method.
Until next time....