OP didn't say if it was a local or remote setup.
If it's a local setup, your wallet can only be operational while staying within the LAN. Some people might be fine with not having your wallet accessible on-the-go. Most users will probably find that too limiting, though.
Great post!
If someone is looking for a good UTXO management wallet on mobile, check out what we have built at Nunchuk: https://nunchuk.io/blog/coin-control
Video tutorials:
(by Wicked Bitcoin)
(by BTCSessions)
Nice update! Could you please add Nunchuk to the Watch-only support list? (Nunchuk is no different from Sparrow and Keeper in that regard).
High level: Pretty much all modern technologies require energy at their foundation to work. Invite them to sleep on that first.
Secondly, for money in particular, over thousands of years of intense selection pressure, we've learned a few characteristics of what typically makes money. One of those characteristics is "unforgeable costliness" (https://nakamotoinstitute.org/library/shelling-out/). That is, for a thing to be a good money candidate, it must be costly to make, to the extent that it is extremely difficult to make forgeries of.
Then give the concrete example of gold. Ask them why they think vastly different cultures in different eras all converged on using gold as money? (Fiat was an anomaly). Given their age, they probably have a decent understanding of gold themselves and/or they've seen first hand how people flocked to gold in times of uncertainty, such as in wars, recessions, etc.
Answer: The energy to create gold atoms is unfathomably large (collision of neutron stars). It is impossible for humans to forge gold (even with today's technology). This is precisely why gold was able to become good money. Again, this probably will resonate with them given their age and their familiarity with gold.
Bitcoin actually "copies" this characteristic of gold. Bitcoin mining consumes energy in order to ensure that each bitcoin minted (and the Bitcoin ledger in general) is exceedingly difficult to make forgeries of. If you compare the energy required to synthesize gold, to the energy required to create and maintain Bitcoin, Bitcoin is actually orders of magnitude more efficient than gold. It also inherits all properties of digital things and be able to support (almost) instant, borderless transfers, something gold can't do.
So the general approach here is to give them an anchor (gold), then explain Bitcoin from that perspective.
(FWIW, I also wrote the below article a few years back on the Anatomy of Proof-of-Work. Perhaps a bit too technical for grandpas though.)
https://medium.com/bitcoin-tech-talk/the-anatomy-of-proof-of-work-98c85b6f6667
You're welcome!
I see what you mean from the end user's perspective.
Vendors can generally make the process of firmware updates more secure and more explicit/transparent. For example, they can clearly label which firmwares have critical security fixes (and well-maintained projects usually do so), and which ones do not. From there, it's up to the user to make the decision whether to upgrade.
About things that you don't strictly need but want to experiment with: as I mentioned in the article, that is fine, but IMO you'd want to use a separate device for that. Have it as your sandbox: put some small of bitcoin in it and try things out. But isolate it from your main savings as much as possible.
Unless a firmware release has critical fixes, you want to delay upgrading until it has been widely deployed. You want to do this not only because it lowers the chance of accidentally installing malicious firmware, but also because (a) newer firmware might have bugs and (b) many vendors disallow firmware downgrade, which makes the process irreversible.
So on the balance there are things vendors can do to make things easier, but there's a certain responsibility on the part of the user that I think is unavoidable. It might be more burdensome than say, upgrading Linux, sure, but IMO that's the cost one has to pay if one truly wants to be sovereign. After all, securing generational wealth is more critical than maintaining your typical software OSes/applications.
Using a non-deterministic nonce is actually quite similar to this attack (and can be categorized under the same attack class) in the sense that they both involve messing with the process of securely generating a random nonce.
Dark Skippy is just more explicit in how it goes about it, e.g., causing the device to leak private key data into the nonce and/or blinding the nonce with a hacker-controlled key.
Right. Companies can definitely screw up w.r.t. cryptography. Sony PS3 is another famous example that comes to mind: https://arstechnica.com/gaming/2010/12/ps3-hacked-through-poor-implementation-of-cryptography/
Even when the cryptography is correct, the signature is only as good as the person/group guarding the private key. So signed firmware significantly mitigate risks, but don't completely eliminate all issues. (This is why if you're super paranoid, multi-vendor multisig is still the most rational solution).
(Author here.)
If a firmware update includes critical security fixes, then I agree 100% that you should upgrade. However, it's worth noting that a lot of firmware updates (and software updates in general) are about adding features (that you may or may not need). So merely by choosing to upgrade when absolutely necessary, you'd lower the risk of installing a malicious firmware.
All things considered, you are much more likely to lose bitcoin due to self-inflicted user errors than to lose bitcoin due to Dark Skippy. So for new users, I also agree that multisig might not be the best start. Better to start them on a singlesig wallet with a small amount of bitcoin, then help them gradually upgrade to multisig only when they're ready / have a significant amount of bitcoin.
This is great!
Just a small addition: Nunchuk can be used (and often used as such) as a watch-only wallet, with all keys being hardware keys. Similar to Sparrow. @Radentor
Does it really sound that weird? haha (I'm a non-native speaker).
Don't people say "coins", "dollars" all the time? i.e. using plural nouns when referring to units of a currency. Why would "bitcoins" be any different?
If you fail to pay, the wallet'd simply downgrade to a free one, with all keys and signing abilities intact. There's just no advanced collaboration features enabled. You'll still be able to sign, export PSBTs, send them to other co-signers to collect signatures (using out-of-band channels such as Signal), broadcast transactions, etc.
And in the absolute worst case where Nunchuk completely disappears for some reason, you can always recover the wallet elsewhere, such as Sparrow: https://nunchuk.io/blog/wallet-recovery-sparrow
The whole thing was designed to never have any single points of failure.
Try our Finney wallet, which we launched recently specifically to address this problem.
If you want, I can set you up with a free Finney wallet to try out.
Full details in our blog post: https://nunchuk.io/blog/finney
What would be a reasonable price to secure generational wealth for you?
For context, in the Western world and increasingly in developing countries as well, a lot of people spend more per year on entertainment (coffees, movies, etc.) than $250 (which is about ~ $20/month). I personally think it's reasonable, considering that securing your long term savings should be more important than those things?
Casa's inheritance protocol has many similarities with Nunchuk's, with some key differences.
I wrote a review / comparison here, for anyone who's interested: https://nunchuk.io/blog/casa
Yes, it is one of the biggest weaknesses in Casa's design: too much trust is required for the Casa app, particularly the mobile key generated by the Casa app.
What's ironic is that they've somehow turned this weakness into a feature: leveraging the mobile key for an "easy-to-use" inheritance protocol. An aspect that used to require trust, now would require even more trust. What Casa should have done, is to address the weakness of the mobile key head-on, instead of building more features on top of it.
IMO the design is not safe for long-term savings.
I wrote a full review of Casa's inheritance protocol here: https://nunchuk.io/blog/casa
You got it mostly correct the first time.
So it’s the Claimant unlocking their Tapigner locally, signing a PSBT, then Nunchuk adding its key to comprise the 2 of 3 for transfer of fund and initiate the send?
- Encrypted file downloaded onto Beneficiary's device
- Decryption happens locally
- Recovered Tapsigner's private key now is in Beneficiary's device
- Beneficiary selects a withdrawal address
- Sweep transaction is created
- Beneficiary signs the sweep transaction with the recovered Tapsigner key
- Platform Key co-signs the sweep transaction
- Sweep transaction is broadcast
You can test this flow out on testnet for free by the way.
The decryption process happens entirely locally on the claimant's device. At no point in time Nunchuk possesses two keys.