How to: bitcoin cold wallet storage using random dice entropy to generate a deterministic seed phrase

Print Friendly, PDF & Email

PART A

1.
Next we need to install Electrum – this is for the offline machine were building
https://electrum.org/#download – keeping a copy, so we know exactly what was used to create the wallet
sudo apt-get install python-qt4 python-pip
sudo pip install https://download.electrum.org/Electrum-2.4.tar.gz

wget https://download.electrum.org/Electrum-X.Y.tar.gz
Substitute the X.Y for what is current, as above at the time of writing.

2.
http://www.swansontec.com/bitcoin-dice.html
Download Dice to Key
https://github.com/swansontec/dice2key

wget -O dice2key.zip https://github.com/swansontec/dice2key/archive/master.zip
unzip dice2key.zip

 

3.
Now do whatever you have to do to get the printer working &

4.
zbar (this is a python library that allows you scan QR codes) This can be quite hard to out and some people have suggested just using an online service to do this, IDIOTS ignore them. You need an offline signing machine to make this setup secure, now having both PC’s that can scan QR codes is very useful.

sudo apt-get install zbar-tools
sudo apt-get install libzbar0 libzbar-dev
sudo apt-get install python-dev
sudo pip install zbar

Application usage:

user@yourpc:~$ zbarcam

5.
Disconnect this PC from the Internet – you may choose not to reconnect it for some time if ever

PART B

1.
Lets generate random numbers

See this link as for single private key generation requirements https://www.reddit.com/r/Bitcoin/comments/2akdl5/howto_use_your_own_dice_rolls_to_generate_an/

2. Terminal to the directory you unzipped dice2key
./dice2key.sh 123456123456123456123456123456123456123456123456123
51 dice rolls – the dice2key software will now warn you it’s not 100, but we’re not using it for the actual key, just the entropy, but more than 51 rolls in Electrum v2.4 creates a seed phrase greater than 13 words.

[21:51] <m1bxd> Hullo anyone, electrum make_seed –entropy=XXXXXXX can generate a seed of MORE than 13 words, will this cause a problem in the future? or does it not matter – Cheers

[22:24] <ThomasV> m1bxd: no
And it does this regardless of what you set –nbits too, so I’ll leave it up to you how many dice rolls you do… One person on IRC #electrum thought this was a bug and implied that the seed phrase length should be determined by “–nbits” – I think this is a bug too. But not a dangerous one as stated by Thomas, please consult the IRC snippet above. Who I assume was/is Thomas Vögtlin.

The output of the dice is now in HEX from dice2key

91D89C79009852800BFFCCDC406B1BA0

Can you do more dice rolls which will result in more words for a longer seed phrase?
Yes according to Electrum lead developer you can increase the entropy at the make_seed stage

normalized_seedphrase = mnemonic.prepare_seed(seed_phrase)
s = hmac_sha_512("Seed version", normalized_seedphrase)

So I cannot see a reason for not doing more dice rolls and creating more entropy for Electrum?

3.
Next we need the number for Electrum as a decimal, which we can do from the command line:

echo "ibase=16; 91D89C79009852800BFFCCDC406B1BA0"|bc

We should get something like this

193862769152946304546066490817889639328

4.

Go to the command line, NOT the console within electrum and run

electrum make_seed --entropy=193862769152946304546066490817889639328

It will generate a SEED PHRASE with thirteen words like:

useless welcome frame safe door scrap lock swear frame height hotel endless depth

5.
Print this out several times

6.
Save it to a text file on a USB or two and save the file as “SEED PHRASE.TXT” on a USB stick called ALLKEYS, to be on the safe side DO NOT save this text file to the PC, as you may in the future accidentally connect it to the Internet and it could become compromised. You may choose not to give a password for the wallet, if you choose not to, immediately disable the machines networking ability at this stage.

7.
Use this seed phrase on the offline Electrum machine to create a new wallet – give the wallet a useful name and consider using a simple password. See previous step as to why.

8.
Copy the public keys from this Electrum wallet you want to deposit to on a new USB, label it PUBLIC KEYS
and save this file as bitcoin_address_public_keys.txt – you can grab these address from the terminal screen if you executed “electrum” from the shell.

9.
Export both bitcoin public addresses and bitcoin private keys to the USB labelled ALLKEYS
Wallet -> Private Keys -> Export

“File” bottom LHS navigate to your ALLKEYS USB stick “electrum_private_keys_john.csv” -> “Export”

If you open up this file there will be a column of private keys next to your public bitcoin addresses. These  are “WIF Compressed Private Keys”, 52 characters base58, starting with a ‘K’ or ‘L’.

For example:

KyPiXS1uPGo1yRnu4tXhz72qLzmYsAKhrnBQBdzKHT6xPYjXb5Hr

Print them out along with your seed phrase and seed phrase QR code.

Why print/save these “WIF Compressed Private Keys”? They allow you to recover your bitcoin without Electrum in the future, should you loose pretty everything in this tutorial. You can redeem and “sweep” / import them in the future to probably any other bitcoin wallet. Thus if you transfer bitcoins to the public bitcoin addresses to which you have an offline copy of this private key on the ALL KEYS USB or paper / QR code. If like me, you like paper and would regard it as more stable than taking another USB copy – you’ll be wasting a bit of paper doing some duplicates. Also take a laser process photocopy of these so that you’ve used another process which will by it’s nature have different image stability, especially if you did the original print outs on ink jet with low grade ink and paper.

Do not save this file to the computer if you have chosen to password protected your wallet, it renders the password process useless if you do. If you are never going to connect this PC to the internet again – it doesn’t matter about the password on an Electrum wallet and can due to human fragile memory be more of a hinderance than a help.

Also copy your wallet folder at /home/$USER/.electrum/wallets to this ALLKEYS USB stick

10.
Study this page and follow the instructions at https://electrum.orain.org/wiki/Cold_storage

Export the public master key from the Electrum machine to the PUBLIC KEYS USB stick, it will start
xpub661XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Save it in a separate file from the bitcoin address PUBLIC KEYS. Say for example call it public_master_key.txt

11.
Install Electrum on a standard Internet PC and create a new wallet using the instructions above, this is called a watching wallet.
It will contain the bitcoin public addresses, it can observe the transactions against them, but the wallet cannot sign any transaction on the wallet and therefore if this machine is compromised in anyway you cannot loose any bitcoin.

Only the offline machine can sign the bitcoin transactions. You then take the signed transaction generated on the offline machine, typically moving bitcoin from one address to another address.

Copy the transaction to a blank USB or other means like printed QR codes and webcams, to create an off-gapped setup.
Or use a mobile phone as a dumb intermediary to scan and display the transaction to the watching wallet / transaction broadcasting machine.

USB Stick key summary

PUBLIC KEYS
public bitcoin addresses for transferring coins to cold storage – start 18PNEanH83XXXXXXXXXXXXXXXXXXXXXX
public master key – start xpub661XXXXXXXXX

ALLKEYS
SEED PHRASE.TXT
public bitcoin addresses for receiving and the private keys associated with each address

PART C

So you’ve transferred some bitcoin to one of your public bitcoin addresses on the offline cold storage, which you can also see with the watcher wallet on the Electrum installation that is internet connected but how do we spend them again?

1.
Go to the watcher wallet, go to Send, nominate your amount to transfer then you will need to sign the transaction that has just been generated on the the signed by the offline setup.

2.
Export the transaction to be signed.

The easiest way to do this is to scan the barcode with your mobile or print out the transaction.

3.
Import transaction at the offline machine.

Go to Tools -> Load transaction -> From QR code

4.
Sign it after scanning or however you choose to import it.

5.
Turn the signed transaction back into a QR code.
Scan it with your phone or print it out.

6.
Return to your watcher wallet which is online

Go to Tools -> Load transaction -> From QR code

Select “Broadcast”

7. (There should always be a seven)

That’s it job down.  However if you wish to keep your bitcoin quantum computer secure, you should always transfer the whole of the amount of each bitcoin deposited on any singular address which have kept in a cold wallet when you move them to a new unused bitcoin address.

For example if you have 5 btc on one address in your cold wallet, if you want to 1btc to more accessible wallet you should do two bitcoin sends.

You should send 1 btc to your easy wallet and you should send 4 btc to an unused address on the cold wallet.

Leave a Reply

Your email address will not be published.