Bitcoin Coinkite has launched its latest hardware wallet, Tapsigner, in an effort to make it easier to hold bitcoins for cold storage.
The product, which looks more like a credit card than traditional hardware wallets, comes in at $40 and is intended to serve as a more convenient device for signing Bitcoin to introduce a wide range of people around the world to a more secure Bitcoin self-saving setup.
Challenges in Bitcoin Self-Incubation
Self-locking Bitcoin is not easy. It’s come a long way over the years but it’s still far from intuitive.
Hot wallets, which are those in which private keys remain “hot” online in a phone or computer, are perhaps the most popular bitcoin wallets due to their convenience. The user just needs to download an application to their phone, create the wallet, write down the recovery words – and it is ready to use. The trade-off is security, of course: – Internet connectivity makes this setting more vulnerable to hacking, theft, and other attacks.
The alternative, cold wallets, keeps private keys “cold” offline, increasing security but at the cost of usability. Cold storage solutions usually require the user to go through several steps to transfer their bitcoins. While this may be an advantage rather than a fault of larger holdings, experiencing less flexible transactions can be a pain for smaller bitcoin stacks.
So what is the solution?
Tapsigner: a competitor to ‘frosty’ middle-earth
Coinkite’s Tapsigner attempts to bridge the gap between the world of hot and cold storage with a more intuitive user experience.
The new product, which has already begun shipping to customers, brings a secure element – the security chip inside hardware wallets – in the NFC card. Not only does this enable better portability since it’s the size of a typical credit card, but it also allows users to interact with their bitcoin holdings in an already familiar way – tap to pay, or in this case, tap to sign up.
In the background, bitcoin transactions work in stages. First, the transaction is created by selecting the user – or the application – the input (addresses sending bitcoin), the amount to be sent, the amount to be paid in fees and output (addresses receiving bitcoin). Next, the owner of the input needs to Signal Deal; Philosophically, this is the fund owner saying, “I own this bitcoin and am authorizing this transaction.” The transaction is then broadcast to the peer-to-peer network so that nodes can validate it.
While there are risks associated with every step in the process of building, signing and broadcasting a transaction, signing is arguably the most important as it directly approves the movement of funds. This is where Tapsigner comes in. The card aims to take the good in hot wallets–convenience–and combine it with the good in cold storage–security–at a lower price than traditional hardware wallets.
When used with a hot wallet, say a phone wallet, Tapsigner keeps transaction builds and broadcasts a liability to the phone while bearing the burden of signing – providing more security compared to pure hot storage and more convenience compared to traditional cold storage one can set up for their life savings. It’s the middle ground where the most frequent transactions can borrow the security of a robust cold storage setup.
Compatibility with software portfolio
Since Tapsigner completely signs transactions, it relies on a software wallet. However, not every wallet is compatible with the card.
At the time of writing this report, Users can take advantage of Nunchuka bitcoin wallet famous for its multi-user approach to multi-signatures, to make Tapsigner the key to individual signatures, key in multisig, or both. Like any private key, the card can be used in many ways with different wallet structures.
Software wallet options other than Nunchuk will be available soon, and the next Hexa Wallet is likely to be fully compatible with Tapsigner. The popular BlueWallet currently has open PR for incorporating NFC capabilities into the project.
Getting into the weeds
Tapsigner comes without special keys. The card makes use of the Bitcoin crypto library in its secure element to generate the keys before they are used for the first time with the help of the software wallet. The user can allow the wallet to provide the entropy (the randomness needed to generate a “good” private key) or alternatively provide it themselves. The card combines entropy with secret entropy, which it chooses itself, to generate the keys in the Tapsigner.
The private keys generated by the card are bound to BIP 32 instead of BIP 39. In other words, the card is bound to Extended Private Keys (XPRV) rather than the now-common primitive statements. Practically speaking, this means that users who are interested in backing up their private keys will not be able to store their backups as 12 or 24 words; Instead, it is necessary to have an encrypted backup of the private key file.
When the user requests a backup of the private keys, Tapsigner encrypts the keys with a 16-byte key printed on the back of the card. Therefore, to recover the wallet, the user will need the encrypted private key file as well as the decryption key printed on the back of the Tapsigner. If the card is lost, the user can only make use of these two pieces of data to get the money back. (Therefore, it may be helpful to write the key on the back of the card on paper.)
While a software wallet may prompt the user to save the file to cloud storage, it should be noted that symmetric encryption – used in this process – is not as brute-force-resistant as asymmetric encryption. Although the chances of compromise are still low, users are incentivized to store the backup file offline and protect the encryption key.
Other (future) contenders
Entrepreneurs and other companies are also interested in connecting hot and cold storage to find the best of both worlds. Perhaps the best known is Jack Dorsey, the tech billionaire who co-founded Twitter and the financial services company Block, formerly known as Square.
Block announced plans to build its own hardware wallet in October 2021, and earlier this year detailed what its approach would look like. The plans include a mix of software and hardware products, which the user can take advantage of to reach the optimal balance of security and convenience.
Block will create a mobile app and will be the main interface for customer interaction, while the hardware wallet will be a simple, screen-free NFC device with fingerprint authentication used only to sign larger transactions on the app.
However, there is still no clear timeline for when the Block product will be launched.