Rodolfo Novak (CEO CoinKite) rejoins me in this episode to talk about the Coldcard from Coinkite. We talk about:

Why he made the Coldcard

Basic features of the Coldcard

Bitcoiner support for the Coldcard

Multi signature with Coldcard

Wallet Recovery

Rodolfo Novak and Coldcard links:

Twitter: https://twitter.com/nvk

Coinkite website: https://store.coinkite.com/promo/livera (CODE: LIVERA for 5% off)

Coldcard documentation: https://coldcardwallet.com/docs/

Coldcard telegram chat: https://t.me/coldcard

Wallets Recovery site: https://walletsrecovery.org/

Matt Odell (TFTC) Coldcard walkthrough video: https://youtu.be/sM2uhyROpAQ

SLP Hardware Wallet Interview Series:

Sponsor links:

Kraken: http://www.kraken.com/?utm_source=podcast&utm_medium=stephanlivera

Unchained Capital: https://www.unchained-capital.com/?utm_source=Stephan%20Livera&utm_medium=Referral&utm_campaign=Affiliate

Manning Publications (code: LIVERA for 40% off): http://mng.bz/07rW

Stephan Livera links:

Follow me on twitter: https://twitter.com/stephanlivera

Show notes and website: https://stephanlivera.com/

Subscribe to the podcast: https://anchor.fm/stephan-livera/

Rate and Review the podcast: https://itunes.apple.com/podcast/stephan-livera-podcast/id1415720320?mt=2

Podcast transcript by Givebitcoin.io:

Stephan Livera: Rodolfo, welcome back to the show.

Rodolfo Novak: Hey! Thanks for having me back.

Stephan Livera: Look, man. I love what you’re doing with the Coldcard and obviously I had to get you back on as part of the Hardware Wallet Interview Series. It might be good to just start with maybe a bit of background on why did you make the Coldcard. I think the listeners would love to hear a bit on that.

Rodolfo Novak: We launched Opendime for the fun of people being able to transact off-chain, all that stuff. And then when we opened Coinkite.com, I wanted a wallet for myself and I was not very happy with the options that were available. I itched my own scratch.

Stephan Livera: That’s such a common thing as well. We see that in development, we see that … Even for me, that’s why I started this podcast. Yeah, it’s cool. And so, in your mind what was the Coldcard achieving that you weren’t so happy with about other hardware wallet products?

Rodolfo Novak: There was two main options, right? One had full open source with no secure element for anything, so essentially no physical security whatsoever. And the other one was decent physical security, but fully closed source. Neither of those worked for me. We started playing around with some ideas, and we came up with this idea of having a general purpose MCU, right? And also a very dumb secure element. We could do all the bitcoin stuff open source, but also have a place to store the seed with more security.

Stephan Livera: Yep. Just for the listeners, MCU, microcontroller unit, right?

Rodolfo Novak: Yes, a general purpose one.

Stephan Livera: Awesome. And so, as I understand, part of the difficulty with secure elements is typically, they cost a lot to make and the manufacturers of these secure elements are not happy to open source them, because from their point of view, even though we may disagree, the intellectual property part of it is what they … That’s the hold up for them.

Rodolfo Novak: It is tricky right, because, in actual technically, there is really no open source chips, really. Even the open source wallets don’t have open source chips. What you have is open source code running on top of them, but because you’re not using any closed source crypto accelerators of that chip, everything’s open. Listen, you ask different people, we’re going to disagree on some of the semantics of the classification and stuff. And that’s pretty fair. There really is no final word on this. But then, for example, when you get a secure element, right? It’s got all the protections and everything you needed.

Rodolfo Novak: It’s not necessarily super more expensive, to be honest. Not at this level of stuff we’re making. But, it does have closed source parts to it that are crypto accelerators. Essentially, imagine like hardware calculators in there that do some stuff for you, right? But you don’t have to use them. That’s the cool part. And you can also use some of them for things that are just, for example, securing the seed, but not necessarily to calculate the seed. We don’t want, as Flaxman went full paranoid, tin foil.

Rodolfo Novak: I had a great conversation with him in Dallas. We pretty much agree on everything, aside from complexity, get on to it after. Ideally, you do everything with open source code. If you using a Coldcard, everything is open source, so you can go and buy the parts yourself on Digi-Key, and simply load all the stuff into it, compile the code yourself and load into it. Right. It’s going to be quite a bit of work, but that proves that we’re using this thing in an open source manner. And we’re not using any of the closed source features, right, to do any bitcoin crypto. I hope that clear things out in terms of what is open, what is closed source?

Rodolfo Novak: When you’re using a secure element to do everything like one of the wallets does, it does increase physical security, because you have all the code inside a secure element. But that means the vendor is going to definitely tie you up to that, because you’re going to use a lot of vendor specific things that you cannot open source. Maybe there are a chip or two out there that maybe you could, I don’t know, that’s not what I’m looking for. But I know in their case, they can’t open source because of certain, and how they developed it. But, on the plus side, you do get to have some certifications and things like that. That’s not how I prefer my wallet, we did it for me.

Stephan Livera: Yeah, right.

Rodolfo Novak: Essentially, that’s like the design decisions that we made were based around that. And then, we have this mentality inside Coinkite where, we know that there is no fool proof, 100% solution, right? Everything could be broken in some way or another at some point. Right? However, we do believe that it’s our job to make it very expensive to the hackers, right, or to the physical attackers. Our model is to do really defense in depth. We do our secure bags, we have the serial number on the bag. The serial number is also the secure element of the device. And then we have a factory certificate in the secure element as well.

Rodolfo Novak: And then, because we use a secure element, right, we can authenticate the hardware, so you don’t have to connect our device to the internet to initialize. Right? Because, once you do that, even if the wallet maker is not nefarious, you never know who’s listening in your network, right. Now somebody knows your micro serial number, and

[inaudible 00:06:35]

knows your micro serial number. It’s very easy to find your wallet again. In that matter, we believe in this privacy by default of completely air-gapped by default in increasing the cost of attacks. And so, you get your Coldcard, you take the bag out, you check the bag serial number on it. The case is clear. You inspect the case, you make sure there’s not weird stuff there.

Rodolfo Novak: We provide pictures on the website. And then, okay great. You turn it on. You turn it on with a battery. You could use the USB like a normal hardware wallet like the other ones, right. But highly don’t recommend ever connecting your hardware wallet, it’s for a huddle to anything. If you’re going to use it as your warm wallet, sure, connect it to Electrum directly, and it’s much easier. But we made it extra easy for you to do it completely offline. You take the wallet, you plug into a battery pack, it’s going to initialize.

Rodolfo Novak: It’s going through the process with you, it’s going to ask you the bug number, you confirm that. And then it’s going to ask you for the first part of the PIN, we do have an anti-phishing system there, so it’s going to show you two words. Those two words only you and the device know. And then it’s going to ask you to put a second part of the PIN, and then it’s going to ask you to confirm all that stuff. What’s cool about the anti-phishing system is that if somebody replaced your hardware, right, say an eval made replace your hardware, and you could have one that’s essentially by radio sending information to another room where they have the real one, and ready to log in as they see you logging in, right?

Rodolfo Novak: If you don’t recognize the words, they can’t slop that. And if they could, very advanced attack costing hundreds of thousands of dollars, it becomes like completely different level of attack vector, right?

Stephan Livera: And I think a key point you’re making there is around the cost to attack versus the cost of defense. And I presume then what you’re getting at there is that concept of you want to make it cheaper to defend than the cost for your attacker. And in doing so, you’ve got that asymmetry that you’re trying to drive and take advantage of that to help keep the user safe.

Rodolfo Novak: Yeah. The asymmetry on that it’s like, “Can we create barriers that make the attacker not be able to attack a specific one?” Sorry. We’re trying to force the attacker to spend all his efforts attacking a specific victim, not attack the whole. It’s going to be very expensive to attack the whole. And then by default, very expensive to attack the victim, right. We’re trying to inverse the attack asymmetry cost. Then you initialize the device, you have it there. You can do it in your bunker with your tin foil hat and tent.

Rodolfo Novak: Flaxman can stand guard outside your Faraday tent, and I’m sure he’ll be happy to do it. He will even wear Faraday underwear. And then it comes to seed time. You can create your seed, so you don’t have to trust us. I disagree with him completely. You can’t really trust … You don’t want to trust the vendor to generate the seed with their vendor randomness for you. We have this dice feature. You can throw dice and we can provably show to you that we’re using your entropy. And if you want to go full paranoia, I think is like 99 times you have to throw the dice, or like that I can’t remember now. It’s the end of the day here.

Stephan Livera: Yeah that’s a great process. I’ve seen Matt Odell has demonstrated that in the Tales from the Crypt video, so I’ll put a link to that in the description as well listeners. Make sure you check that out, because Matt Odell basically talks you through how to initialize it with the micro SD card, using the dice roll, updating the firmware, all that.

Rodolfo Novak: We’re already at the seed and you have never connected to this device to a computer, right? Which is really cool because the USB stack is a disaster, right. It’s a huge attack vector. And if not just that, there is also the power because you could try to measure the power and get things from there. Then you get to … You’re at the seed level now, you can actually create an encrypted backup of the seed into a micro SD card, right. From this whole process, you have a seed encrypted, that never touched anything to be encrypted, aside from the device that is trusted to generate in store to begin with.

Rodolfo Novak: And then you can go and put that in the bank, you write down the decryption key. And then what we do is we use PSBT, right, the Partially Signed Bitcoin Transactions for you to shuttle transactions between your Coldcard and your computer, say running Electrum, or it could a semi-cold computer on your own node or whatever you want. We believe in the wallets not knowing which hardware wallet you use. Because that increases the factor one more time, it makes it harder. That’s where we’re at now.

Stephan Livera: I really like that you’ve been quite forward with the PSBT adoption, because once you hit that tipping point of enough hardware wallets manufacturers supporting PSBT, then everyone else will start going, “Okay, we need to support this PSBT thing-

Rodolfo Novak: Exactly.

Stephan Livera: … now we need to do it.”

Rodolfo Novak: And then, we do a bunch of little clever things, we check the address for change. You can check the address of the device and we tell you when you cannot trust the derivation path. There’s a lot of neat little tiny things that we had to sprinkle around the system, so that it makes it a little bit harder for the attacker. And that’s on the … Oh, and the version Mark II second batch, which is selling now also has epoxy over the secure element. Some of the possible attacks makes it harder and more expensive as well.

Stephan Livera: Yeah. And I noticed that the Coldcard, it’s one of the only ones that I know that has a transparent casing as well. When the user buys it, they can see the inside of it and compare it to the picture on the website, and that gives you a little bit more, although not perfect, but some level of comfort that there’s not been tampering, let’s say.

Rodolfo Novak: This is part of our supply chain, right? Our supply chain is fairly well controlled, we also manufacture everything in Canada. The device is made here. The factory can inspect it, we can have secondary inspection also done on the devices to make sure the factory was not nefarious, and because we have a Secure Element there, we can also check that the Secure Element is what it claims to be, right. And only really with Secure Elements, you can do that, with a general purpose MCU, you can’t. There’s quite a few steps there for somebody to attack you. It does not make it impossible, but it does make it hard.

Stephan Livera: Yeah. That’s great. And let’s talk a little bit about the backup process as well. As I understand, there’s an encrypted backup process and Matt Odell goes through this in his video, can you talk to us a little bit about what that looks like and how a user would recover using that backup?

Rodolfo Novak: Right. A big beef that I had with all the wallets was one to create an encrypted backup. But I don’t want to use a computer to encrypt my data, but because computers are on. It just drove me insane. I just couldn’t do it. I’d have to hammer the computer after. I’m like the hardware wallet should encrypt the backup for me because I really trust it with the seed anyways. What we do is, you just go into the menu and say back up into a micro SD card. It does proper strong encryption of that seed and then gives you 12 words. And those 12 words are your encryption key for the seeds. We do plan on adding Shamir’s as well at some point. It’s an hour to do list. Then you would be able to split into multiple SD cards.

Stephan Livera: Just breaking that down again for the listeners. Typically when you set up your wallet, you’ve got your 24 words, and this is known as the BIP39. Basically this is how you generate … This is your seed that is used to generate your master private key and all that. And this encrypted backup is referring to the 12 words, which is the way to encrypt that 24 words, if you will. And so, this might be used for example, if you want to give it to your family. If you were to go, this is how they can help recover the seed, correct?

Rodolfo Novak: Yep. The seed is completely air-gapped. The device is completely air-gapped. If you want, you can use the USB like I said, with Core or if you like Electrum or whatever you want, and then … Sorry, then the backup is also offline. Of course you should write it down in clear text as well. Always have multiple backups. We also sell industrial grade micro SD cards that have a higher degree of durability, it’s great for backups. And then we use a bunch of features. When you scramble the screen, so it’s hard to do side channel attacks. And I guess we don’t make a computer or app wallet on purpose. We don’t believe that hardware wallets should have apps, it’s the same for Opendime.

Rodolfo Novak: We want open source wallets to be a community based thing because that’s how we get the most eyes on it. And I guess so. Now we’re working on the third version of it, which should be … I don’t have a date yet, but will be out at some point, we will then also know. But the third version, we’re upgrading the Secure Element to the next level of it so we can close some loops there. We’re also upgrading for more memory on the MCU so that you can do confidential transactions, you can do hopefully TOR, private keys and a little protocol there as well and … What else? We’re going to add some more side channel protections. We believe iterating, right. And the more harder people buy from us, the more we’re going to develop. It’s as simple as that.

Stephan Livera: That’s fantastic. I think Coldcard really enjoys a lot of community support amongst what I’m going to call the hardcore bitcoiners. I think typically, a lot of longer time bitcoiners will recommend to their friends, they’ll say, “If you’re a newbie, you get a Trezor, kind of thing. But then once you’re into this and you understand a little bit more about how to use them, then go for the Coldcard.” But I suppose that’s something I think might be interesting to talk about with you as well, because from your perspective, how do you think about whether the Coldcard should be … Should it be for newbies as well? Or is it seen as more like an advanced user wallet?

Rodolfo Novak: It doesn’t look like it, but it’s fairly easy to use. If somebody just walked you through, or you watch one of those videos, it’s really not harder than any of the other harder wallets if we’re all using Electrum is all the same really. I think the main difference is that we don’t support any shitcoins, right? We want to concentrate on bitcoin features, right. And when concentrating making it more secure device as opposed to just doing for profit more. Because we get emails from shitcoins, offering all kinds of money for us to integrate their stuff. But normally the polite answer, “Fine $1,000,000 and we’ll do it.”

Stephan Livera: Everyone’s got a price.

Rodolfo Novak: Exactly. Fine, we’ll make your version $1,000,000. Deposit in advance, here’s the bitcoin address.

Stephan Livera: Look, that’s great. I think it’s a thing where it might be difficult for a newbie to get around the idea that there’s no default wallet and they’ve just got to know, “Oh, okay, I’ll just use Wasabi wallet. I can even …” Let’s say you’re a newbie and you don’t even want to do air-gapping, you can just direct plug.

Rodolfo Novak: Yeah. You can use Wasabi, you can use Core, you can use Electrum. Soon you’re going to be able to use Samourai. You can use a lot of wallets with Coldcard and it just works. I think GreenAddress is working on it as well. Eventually, everybody’s going to be PSBT. That’s just … We don’t want to put the pain on the wallet makers to understand our protocol or anything. We have a Python script to deal with USB stack, and then you have … Then if you’re just using PSBT, then you don’t need anything really.

Stephan Livera: Yeah, and that’s great. I think that’s really hopefully the approach that everyone goes down and it just becomes … I think it looks to me like that is the approach people are going. It’s just a matter of time. That’s great.

Rodolfo Novak: I guess one thing I’d like to bring up is the options for PIN and things. We support two PIN. You can have … Sorry, three PIN really. You can have one PIN for your new wallet and that’s the PIN that you signed the firmware with. And then you can have a secondary PIN and both of them will have two wallets each, the decoy and the normal. And then we have my favorite, which is the brickme PIN.

Rodolfo Novak: I grew up in Brazil, I have a little bit of experience on how these bad guys come to you physically, and I can tell you that you did not want to mess with the idea of having decoys with a lot of bad people. They’ll just keep on beating you. You know what? It’s like, “Here’s my brickme PIN. The device is toasted. They don’t really have access to the seeds. Now buddy, you choose what you want to do with me. You can’t really get anything out of me.”

Stephan Livera: I see. Yeah. And because then … Presumably at that point, if the attacker has got you, and it’s gun to the head and you would then give them a PIN, which is really a brickme PIN, they would punch it in on the device and then the device gets bricked and now they’ve got to decide. Are they going to try to make you show them where you’ve got your backup? And so long as your backup is geographically somewhere else, and they’re going to have to bring you there-

Rodolfo Novak: Yep there’s nothing they can do. You’re not going to want a homicide to the charges. Right. You’ll probably get punched in the face before they leave.

Stephan Livera: Yeah, it’s a tough one because I guess everyone’s trying to think about ways to obviously make themselves secure but also keep it backed up and available for their family, or for their heirs, or for their friends, or whoever as a way to keep it backed up one, and then two, estate planning reasons.

Rodolfo Novak: I guess that’s where really I bring up the fact that … Most people in my years of experience in bitcoin screw themselves out of their own bitcoins more than they get attacked, hacked, or anything else. Right. I think one of the most important features is privacy. Right. If you share your xPub with any service, doesn’t matter how good they’re or how anon they’re, they know your coins. If they know your coins, that’s one more attack factor now, right. Because if nobody knows anything, then they don’t know what to get. It’s super important to have privacy on your coins.

Rodolfo Novak: Second one is to segregate coins. You have your cold one, your super cold one, you have your warm stuff, you have your hot stuff. They’ll have different necessities of security. And the amounts are going to depend on your comfort level and how you’re in your life. And I guess the third thing is simplicity, right? And this is one of the reasons why I’m very down on multisig for now, at least for the average person, is because multisig, it’s quite amazing really.

Rodolfo Novak: But the scripts are not necessarily Bitcoin, right? Bitcoin doesn’t care what the script is. It cares for a valid signature on your transaction, right? You’re essentially adopting standards and vendor specific things for multisig, right? There are some more adopted multisig scripts, right? But you’ve got to be really careful with multisig because just having your seed is not enough, you have to know the redeem script in case the vendor goes away. And also the vendor may not be able to run away with the coins, but you are doxing your coins. Depending on your level of need, right, say you’re billionaire who’s already … Everything is already doxed anyways, and well, so be it, right?

Rodolfo Novak: Maybe in your life, Bitcoin is not the priority, right? Maybe your whole life savings are in Bitcoin. Well now you must care about this stuff. Right? I think different solutions for different people are important to do. And even though a very smart person comes on a podcast or goes and writes a beautiful article of like, “What is the most paranoid, most amazing security you can do?” Right? Maybe that’s not true for you. Because their set up is based on the fact that they understand this thing completely upside down, right? You may not, so you might want to keep things more simple as you start to learn and as you get better so that you don’t screw yourself out of your own coins.

Stephan Livera: That’s a very fair point because … You’re right. It is that whole idea of complexity is the enemy of security. But then also that complexity might be the enemy of your own security-

Rodolfo Novak: Yeah.

Stephan Livera: If you can’t access the coins. Now hopefully over time it becomes simpler. And I think the approach that I think I’ve seen you advocate in the past is become very comfortable with the single signature setup and doing that correctly first. And then once you become more technically proficient, that’s when you would start to look at, “Okay, how do I do multisig?”

Rodolfo Novak: Exactly. And you can still use passphrases, right? Passphrases do increase the level of security substantially. They do avoid most of the physical attacks. It’s essentially a second part of the secret, right? It’s not necessarily multisig, but it does act in a similar way. Another thing, for example, I heard people talking about using QR codes, right? QR codes that are unusable for transactions because a PSBT file could be like, say two, three megabytes at some point, right? If they’re more complex, especially with multisig. So, you can’t use QR codes, you’re going to need like a hundred, more than that for you to transact out, or in of a wallet. They’re great for address sharing, but not necessarily for transactions. Right?

Rodolfo Novak: There is really no simple answers, and I think education is the only solution. I don’t think we’re ever going to abstract Bitcoin away enough because of this central idea that things have to be open to the user, so that the user doesn’t have to trust anything. You have to choose, you either trust things or you make them easy. You can’t have both. You really can’t. Because see if you’re making it easy, you’re abstracting things away more. Right. That means there’s more layers of trust. We can do a lot to make it better.

Stephan Livera: Yeah. It’s difficult because again, most people who … Not everyone has the time to become an expert on bitcoin and learn how to do redeem scripts, and craft their own transactions and so on. People I guess are looking for something that can be done with a reasonable amount of time and reasonable amount of knowledge, but not having to go to this crazy level.

Rodolfo Novak: I guess, I’m trying not to lie to users. It’s like there is a certain reality of incurring the benefits and the risks of being your own bank, right? If you decide to hold your life savings in gold in your house or in cash in your house, you’re going to have major security considerations too. And you’re going to have to understand how to keep the doors extra secure, how to make sure that you don’t have windows that are not breakthrough. Do you have lights everywhere? Do you have a security system? Do you have guns in the house for the countries that you’re allowed to have?

Rodolfo Novak: You’re going to have to really understand physical security very well. And you can’t skip that step. Right? I think the same applies to Bitcoin. You’re going to have to understand all the considerations you have to have, to be your own bank in Bitcoin. It doesn’t matter, you have to learn. Because you can’t let your coins be in custody of others because they could take it. Know your keys, know your coins. Right?

Stephan Livera: Yeah. Right. No, that’s 100%. Right. On this topic of multisignature, let’s talk a little bit about how it’s done with the Coldcard. Can you talk to us about that process?

Rodolfo Novak: Yeah. It works exactly like the other wallets, right? You just have to use a wallet on the computer or on the phone that supports PSBT and multisig. Then it’s fairly easy. One cool thing with Coldcard though is, you can actually create a multisig quorum and script without ever touching a computer. You can do it with the computer, like in the other wallet for the USB on Electrum, whatever.

Rodolfo Novak: But that’s not fun. What you do with Coldcard is, you put a micro SD card in it, and then you go into the multisig menu, and you say, “Create multisig.” And it’s going to ask how many signers and how many you need to sign for, right? And then it’s going to write to the micro SD. And then you take that one and you put it into the other Coldcard and you’re going to say, “Join multisig.” And then the other, “Join multisig.” I think its up to 12.

Rodolfo Novak: And then you can just get that and load it into, say, Electrum. We create a skeleton file for you to just log into Electrum and boom, it works. And then when you have a transaction, you can take it out, put it in sign, put it in the other one sign, all without touching the internet. For example, you can leave, say a Coldcard in a safe deposit box. You can’t trust the bank, right? But if it’s just one of the legs of the multisig, you could leave one there that stays in that box, you just take a battery with you, you plug it in. Those places don’t really have cell signal. You plug it in and then you sign the transactions and you just leave with a micro SD card with partially signed transaction.

Stephan Livera: Yeah. Fantastic. Let’s talk through a good setup then if you, if the user wanted to do that. Typically they might need Electrum personal server or like ElectrumX or Electrum rust server on their laptop or their computer, and they would connect up the Electrum client on their computer to their ElectrumX, Electrum rust server whatever you’re using for your server and then you would have, say a two or three Coldcards set up and you could set it up like that. Ferrying the SD from card, to card, to card. And you would set up-

Rodolfo Novak: Right, so you could have one that’s USB connected and the other one that’s not the bank one, right? You can mix and match things, but yeah. Ideally you run your own node because self validation is important. And then you have your say Electrum server connected to it. Or you can have your Bitcoin connected directly to Bitcoin code. Right now there is no UI for that. It’s hard for the average person. Then you make sure the whole stack is controlled by you, right? The Node, Electrum server and Electrum client and your Coldcard. Everything is vertically integrated offline.

Stephan Livera: Yeah, it’s a very clever set up. That’s I guess the air-gap way of doing it, and using the Coldcard directly to create the multisignature. And then another way that’s I suppose, easier for people to do using a GUI is the Electrum way. Now I understand there is a pull request pending, but hopefully once that is in, then it’ll be quite easy to do Electrum multisig with Coldcard. Can you talk to that?

Rodolfo Novak: Yeah. The pull request is there. Essentially implements PSBT, and I think once that one is merged, we’re also implementing PSBT for a general purpose Electrum as well. For like the whole Electrum too, not just our plug in. You can actually use our fork, from Electrum right now, the one that’s in PR if you want to use it. But then what’s cool is that then you can do say, you can use other hardware vendors, as part of the multisig as well. Actually you already can use … Actually you don’t even need that. If you’re using USB, you can just connect say other vendors and us in the same multisig. I think we just can’t be the initiator right now. It has to be one of the other ones who is the first one.

Stephan Livera: Oh, I see. So you actually can use Coldcard. Let’s say you put in a Trezor, and you make that the first key and then you put in a Coldcard, and then you put it in say Ledger. You can already do that now.

Rodolfo Novak: Yeah. I can’t fully remember because I run my own version of Electrum.

Stephan Livera: Right. Yeah, yeah. Because as far as I understood, it was still pending on that pull request. Oh, and by the way-

Rodolfo Novak: No that pull request is for PSBT.

Stephan Livera: Got it, yeah.

Rodolfo Novak: That Pull request is to be able to do all this stuff with PSBT, not as a partly signer.

Stephan Livera: I see. Yeah, yeah. Got it. Let’s talk about backups and recoveries. And so let’s say the user has set up a multisignature with maybe they did two or three Coldcards or three or five Coldcards even. And let’s say one of those has been lost. Now at that point you would need to … Oh, maybe you suspect it’s been tampered with and you need to make a new device and rotate into that.

Rodolfo Novak: We show you right on the board where you should shoot it. If you think it’s been compromised, just destroy it. If you have a backup of course. Just destroy it. The cost of these things is too low for you to be worth any danger. Just buy a new from us, and then you just load that seed or you can load that seed in a different hardware wallet too, right? Because as long as we’re using the same derivation, the same everything, it’s all good. And then now you just load that seed back into the device, and there you have it. You’re good to go. And what’s really cool is if you have the encrypted backup from us, the micro SD backup, you just put that back into the device, will actually encrypt into the device and import it.

Stephan Livera: Yes, that’s very easy.

Rodolfo Novak: Yep.

Stephan Livera: That is even in the case of a multisig as well, right?

Rodolfo Novak: Exactly.

Stephan Livera: It is part of a multisig.

Rodolfo Novak: A Backup is a backup of the device.

Stephan Livera: Because ultimately it’s the backup of the seed words, right. And then that is what’s used based on the derivation path to figure out.

Rodolfo Novak: Yeah, and we add a few more bits there that helps you get back into your Coldcard with the settings and everything.

Stephan Livera: Right. I see. Yeah. That’s really clever. I like that. Let’s talk about this project you’re working on right now, which is walletsrecovery.org.

Rodolfo Novak: Yeah, .com.

Stephan Livera: I’m sorry.

Rodolfo Novak: I think I have the.org as well. Do I? No, it’s .org. You’re right.

Stephan Livera: It’s .org. Yep.

Rodolfo Novak: I get a lot of PMs from people saying, “Hey, this wallet that I used to use on my phone disappeared. It’s not available anymore. Or I have this wallet, it doesn’t work for me. I have the seed, so I’m safe. Right?” And then I go like, “Yeah, so do you know the derivation path for their wallet?” Because even though they may use one of the BIPs, so BIP44 or BIP39, BIP89, there’s a bunch. They might use the BIP, they probably have a lot of them would have their own implementation, right. Because it’s one standard to dominate them all until you make a new one. Right.

Rodolfo Novak: I got tired of googling for it and I started making a list of the wallet, which derivation path to use, or the options and sort of redeem scripts they use or whatever weirdness they do to create addresses, right? Because see, you might be able to sign with your private key or seed, but you need to know what to sign, right? That wallet would have generated multiple addresses for you to deposit bitcoin on, but you need to find those addresses in an address space, right, which is huge because there’s also sub accounts, right?

Rodolfo Novak: And then there is the change accounts. It gets tricky. And then there’s also again, those weird scripts, especially if it’s multisig, right? You might have vendor specific stuff. And I noticed that I’d go to this wallet websites and it’s like, “Okay, great, but where is the information about your derivation path, or your redeem script or something?” Right. And a lot of them don’t have it. I’ve decided to make a list and … The name is Janine also [crosstalk 00:37:45]-

Stephan Livera: Janine from BlockDigest.

Rodolfo Novak: … I showed this to somebody, to Shino and he told me that Janine was also working on something similar, and she’s a much better writer than I am. And so we merge a lot of her stuff into my stuff and put this together in the last couple of days. And I made it public today and I hope that people add more wallets there. We’re trying to back up recovery scripts, recovery information. When, not if wallets go away, you still have access to it. Think about like email clients from the 90s. Right? You got to be hard pressed to find one left. Imagine if the email client is gone and none of the information that you needed for some specific way they did things, it’s not available. Right. So, you can’t redeem your stuff.

Stephan Livera: Right? Yeah. And so for listeners who aren’t familiar with some of what Rodolfo was just discussing, make sure you listen to my earlier episode with Andrew Chow Number 99, where we talk a little bit about derivation paths. And then we also talk about this newer idea that Bitcoin Core is going towards, which is output descriptors, which is the nice way to succinctly put some of these parts in such a way that an external person could help you recover using your seed.

Rodolfo Novak: Yup. No, it’s pretty cool stuff. With everything like Core, pre-BIP, I’d rather like not … I don’t assume it’ll exist. I think he probably will. But I rather not touch on any of that because this stuff is already confusing enough for people. I’d rather work with what’s available for this stuff. That’s the reason why Opendime still using 1 addresses. The idea behind Opendime is pure simplicity, right? No app, no nothing, no seed. There’s just an actual wrap up private key in there that you get, then you can just redeem, you don’t need anything to do it. The idea behind that one is … We have a nuclear holocaust, a cockroach finds an Opendime. The cockroach goes Orange Coin Good. And redeemed into version one of Bitcoin Core. And it’s going to work.

Stephan Livera: Yes. Let’s try and disambiguate, just clarify some of that down a little bit. You’ve got your 24 words and that is essentially your seed that represents this massive, massive, massive number. And then from that you’re able to generate, I think using the software, it creates your master private key, which is like an xPriv. And then from that xPriv you need the derivation path to know where are the coins stored on which-

Rodolfo Novak: Well, it’s even worse than that. Because you can create multiple xPrivs from your main xPriv.

Stephan Livera: Right.

Rodolfo Novak: Practically you can create multiple private keys from your main private key. And then from those private keys you can create multiple xPub keys. And then from those you can create multiple address, and then multiple address, multiple accounts and all that stuff. This thing is like an endless three. It’s like it’s a completely hopeless to go through this stuff without knowing.

Stephan Livera: Yeah. And I suppose it would be difficult for somebody to just try and figure it out on their own because they just wouldn’t have a way to know how to, I guess, traverse that pathway without having this.

Rodolfo Novak: That’s right. You want to map of the stars there.

Stephan Livera: Yeah. Excellent. It’s also about what’s the pathway for these things to become more standardized? Because for a person who has … Let’s say someone passed away and then you need to be able to access those coins, what’s the pathway?

Rodolfo Novak: I really don’t think … Standards are great, right? But most vendors will always try to do something interesting that nobody else agrees with them, and then they’re going to change the spec a little bit. Right? And that’s always the trap you fall into. I think it’s much better to of course have standards, right? We still try to steer the ship. Right? But it’s very important. And this is the best thing you can do is, keep a backup, not just of your seed, on your seed little bag or wherever you keep it. Make sure you also put in there a printout of, which wallet you’re are using, which password for that wallet because sometimes you don’t have to even reconstitute the seed.

Rodolfo Novak: You just forgot the password. Right? Go there and take the password and it’s still good. Put the pen, put all the information about their wallet. Go look for the recovery information of their wallet, print it, put it with your seed. Because if you’re armed with all that information, your loved ones are too, right? So that after you get hit by the bus, they can go and find all the stuff there and be able to do it. That’s one of the best step forward.

Stephan Livera: Fantastic. Let’s talk about … Also one thing that might be useful to talk about is just you can directly plug it in with say Wasabi, or not even directly plug it, but use the SD card to ferry the xPub over to Wasabi using the skeleton. And you don’t actually have to do coin joins, right? You can literally just use that as a wallet. [crosstalk 00:43:37]. If you’re new-

Rodolfo Novak: I believe that’s correct. Yeah. Many, many wallets will support an xPub, right? Same way BTCPay also works like that. There’s some security considerations with that. Right? Because now you’re trusting that software is deriving the right stuff from the xPub. But aside from that, you’re pretty good. Yeah, it’s a perfectly reasonable solution. Again, if you’re segregating funds, right? The concerns change to a much better place, right? You have a shopping cart in your store with BTCPay. You could have like … Even a computer Electrum, or a computer Electrum with a hardware wallet, that’s why a USB.

Rodolfo Novak: And then you give that xPub to BTCPay. And then every time it gets to a certain amount of funds into it, you move it to your warm wallet or to your cold wallet, then you have a more tight, complex security that you can’t really access that easily yourself. You can keep on hopping the coins that way. And I guess another thing to mention that may be worth it is … One real cool thing about the Electrum is that you can do coin selection, right? You can annotate … You know you have your addresses in one window, but then you have coins. And in your coins, your UTXOs, your bitcoin inputs which are actually where the coins are, right?

Rodolfo Novak: You can actually annotate those, and then you could select just the right ones to send to a certain address. And that way you can keep things segregated in a much better way. Right? You have a lot more privacy that way. You make sure you don’t mix your VPN paying with something else, you gain a lot with that.

Stephan Livera: Right. And I think that’s actually one good example with Wasabi because users have to label each UTXO. It forces you to learn a little bit about coin selection. That’s a good example there. In terms of interaction with Samourai Wallet is there much there in terms of if you want it to use Coldcard with that?

Rodolfo Novak: Yeah. It already works with Sentinel. They’re app for you to watch. It’s a watch-only wallet. Right? But they’re still working on PSBT for their actual wallet for you to spend. Yeah, so there’s that. And-

Stephan Livera: I know with Opendime, I think there was a connection there with Opendime, the Samourai Wallet products.

Rodolfo Novak: You can verify and sweep the Opendime on a Samourai Wallet.

Stephan Livera: Right. And that’s a good example for private transactions as well. If you wanted to do it in a more private way, where you’re buying and selling Bitcoin, you can use an open dime for that purpose. And that’s one of those things where you don’t have to sit there waiting for confirmations. You could literally just … You would plug in your Opendime, verify, “Okay, yes, there’s 5 million sats on this opendime. Okay, here’s the cash.”

Rodolfo Novak: That’s right.

Stephan Livera: And off you go.

Rodolfo Novak: Off you go, right? Because there’s nothing more annoying than make Bitcoin conversation on a local Bitcoin sale. Right? You see there’s many people we want to talk to about Bitcoin, but never the person who was buying Bitcoin from you that’s a stranger. You want to be as fast and as smooth as possible. The open time is pretty quick thing, right? You just double check if the thing’s good, then you move on. You don’t have to wait because it’s already confirmed.

Stephan Livera: Yeah, I guess that’s one difficulty that in-person traders might face. And so hopefully with the Opendime, that’s an example there where they could do that in a more private way. And that transaction never touches the blockchain as well. That’s also pretty cool.

Rodolfo Novak: Exactly. It’s a lot of privacy, right? Because that Opendime could move through 100,000 people and there’s no trace between each other digitally.

Stephan Livera: Yeah. And that also helps mess up some of the chain analysis heuristics because then you really don’t know who owns that UTXO.

Rodolfo Novak: By the way, those don’t work that well anyways. Right? So there’s a lot of fluff in those. They’re a great product to sell to law enforcement, but that doesn’t mean they get it right.

Stephan Livera: Yeah. No, I agree with you.

Rodolfo Novak: CoinJoin actually works fairly well. And the more people that use it, the better it is. We’re working on features for Coldcard to support CoinJoining, so that you could keep a Coldcard hot, right? Because that’s the thing. For CoinJoin, you essentially need a device hot. We’re working on a possible separate firmware for you to be able to do two things hot. One thing would be CoinJoin so that you can essentially stake the joint markets for example, because you make money being a bank on joint markets.

Rodolfo Novak: You’d be able to do that with a Coldcard. That’s a lot more secure than keeping your keys on a computer, that’s live on the Internet. And the other one is, we want to be able to allow people to do roll your own Co-sign service. Right? Essentially you’d have a Coldcard with a separate firmware, maybe even separate, slightly hardware so that people don’t get the stuff mixed. And that Coldcard would take a policy file, right? You say, Tuesday’s 1 bitcoin or whatever. Right? You set a policy, right? And then this device would be connected to a wallet … I sorry, the idea is you would hopefully … we’re still working on it, but hopefully you’ll have a TOR private key on it.

Rodolfo Novak: There’ll be some glue on the computer, and it would provide you essentially with a bitcoin … with an onion address, right? And you leave this device running someplace somewhere. And then if this device is going to be part of multisig with another Coldcard or another wallet. What you do is, you go to this on your address and you upload your PSBT file, right? And then it’s going to tell you, “Sorry, it’s not Tuesday, or it is Tuesday transaction sign.” And it’s gonna spit out for you a partially signed or a full transaction signed for you to broadcast somewhere else.

Rodolfo Novak: What’s cool about that is that, one, its TOR, so that .onion address is very, very hard to find. And it’s very simple. There is not a lock for you to try to hack in there. The device is essentially offline, well through USB. So, it’s not air-gapped, because USB is not air-gapped. Air-gap is like literally there’s air around. And then you’d be able to so co-sign your stuff or co-sign with other co-signing services with your own.

Rodolfo Novak: Because again, for me the biggest problem is privacy, right? I want to be able to use a co-sign service, but I don’t want to do that with anybody. I wanted to do that with myself. Like how BTCPay removed the necessity of paying somebody to do your store services, right? You could have hardware that’s just running on the Internet for people who are a little bit more capable in terms of knowledge to do their own co-signing remotely.

Stephan Livera: Fantastic. That’s really interesting idea. Definitely keen to see how that works. Look we’re … Is there anything else you wanted to touch on with Coldcard or anything else you wanted to mention in terms of what’s coming up in terms of Coldcard and other CoinKite products?

Rodolfo Novak: Yeah, so we’re working on a prototype for another Opendime like device that might be able to do other things that are interesting, but that’s still not there yet. We’re actively working on the next version of Coldcard and the version after that. We’re trying to iterate, right? And with hardware, the more complexity in the change, the more issues you could have with manufacturing, with parts or whatever. So we’re trying to iterate incrementally. The plan is to keep on launching new hardware, every six months to a year thing. And until we find a comfortable place where we’re like, “Okay, you know what? It stays here.”

Rodolfo Novak: Like the Opendime, now we’re on version four, it’s a good device, it’s working well. We’re going to keep it like that for a little while. There’s a ton of software, we’re writing firmware for Coldcard. So, Shamir’s, this co-sign service I was telling you about, we’re making an address explorer for Coldcard so that you can actually transverse your addresses if you know what you’re doing inside the Coldcard itself, so you can verify addresses transversing through your derivation.

Stephan Livera: Very clever.

Rodolfo Novak: What else? Shamir … The list is big and plentiful. But people who used to use CoinKite back in the day knows that, if there’s one thing we keep on doing is adding stuff to it. We believe in developing things to the most expert user and then make it easy enough so that normal people can use it. But we don’t want to develop to the lowest common denominator. We want to develop to the highest. That’s the plan in there that I can think of. We made the Lightning Vending Machine. Hopefully we put that in a few conferences.

Stephan Livera: Yeah, I saw that. That’s really cool.

Rodolfo Novak: Yeah.

Stephan Livera: You can buy a Coldcard and it’s like a vending machine. You can pay lightning and then it pops out a Coldcard.

Rodolfo Novak: Yeah. It’s immediate. Because we were looking at making a firmware version of Coldcard for lightning. Right? But again, you’re going to have to be hot right for that, because lightning you need to be hot. The way we normally learn things is by building something for it. We’re like, “Okay, great. We want to play with lightning.” So we built a vending machine for it. And what else? The shop is full of stuff. We’re going to keep on playing with things, and if you like our stuff buy it, because that’s the only validation we care about. If it sells, we make it. If it doesn’t, we kill it.

Stephan Livera: Well then, that’s the profit and loss test. That’s great. Look, just for the listeners, where can they find you? And if they want to get a Coldcard, where do they go to get one?

Rodolfo Novak: Right? We’re working on creating an affiliate program, essentially what we call the shill army stuff. Because we want to make sure that people who contribute content and education can find some kind of, even if it’s small like some pay for what they do. This is not going to be for everybody, at least not for the beginning. But essentially we created one for you. I can’t remember what’s the discount now, but it’s going to be essentially promo code LIVERA. And it’s yours to have for as long as you keep on making bitcoin content.

Rodolfo Novak: And you go to Coinkite.com we have a list of our products there and then you can go to Opendime, Coldcard and Block Clock. We have Twitter accounts for all that stuff. We have a very big community of Coldcard. I call them aficionados now, it’s not users anymore on telegram, and I believe it’s just telegram Coldcard. Join because you know what? There’s a lot of information there and a lot of very, very smart people who can help. What else? You can find me on Twitter @nvk and yeah, I can’t really … I’m terrible at this stuff, I really don’t have good memory. I can’t-

Stephan Livera: No, that’s fine. I’ll put those in the show notes as well. I’ll put a link to the telegram, your Twitter obviously, and to Coinkite website. But, yeah, look, that’s been great. I really enjoyed that. And thank you for joining me Rodolfo.

Rodolfo Novak: Yeah, it was like a brain dump episode. Thanks for having me.