Hardware wallets & ElectrumSV

This article is intended to serve as a reference for people who want to use hardware wallets in ElectrumSV. It will be fleshed out as more information becomes available. If you have to get one, get a Keepkey.

Introduction

The ElectrumSV testing hardware wallets.

We support four different makes of hardware model:

  • Digital Bitbox.
  • Keepkey.
  • Ledger.
  • Trezor.

Each of these makes will be documented below in a way that is intended to help users with those devices, to be able to more easily use them with ElectrumSV.

Why use a hardware wallet?

But you have to be prepared to accept that they don’t provide absolute protection and they don’t really allow a user to do much beyond simple payments.

Do you understand how well it protects you?

Do you know what you can use it for?

Digital Bitbox (AKA BitBox01)

This device is a simple USB key. When you make a payment, ElectrumSV asks you to confirm the payment and put your finger over the light until it detects it and confirms it. You have to use their smartphone app to ensure you can view the details of the transaction. The secured data stays on the USB key, and the app provides display and confirmation capabilities without access to that secured data. It’s complicated, but a nice enough model.

A Digital Bitbox hardware wallet.

The future of “Digital Bitbox” support in ElectrumSV

Using the USB key without the app at best it prevents an attacker from making a payment until they can subvert your next one, something that is definitely an improvement over the basic protection of the ElectrumSV wallet password. But in the scheme of things, it can never provide the certainty that a solution that ensures payment goes to the correct people has — as the app should allow as an extension of the USB key.

This would be the first hardware wallet whose support we remove from ElectrumSV. I cannot advocate anyone should buy one of these as I cannot guarantee we will retain support. If the makers of this device step up and provide all necessary work to ensure a reasonable level of support for their device, we would retain support because it is already present. However, I have never met a user of this device who says they use it with ElectrumSV.

Limitations

  • Only supports P2PKH payments. Does not support other forms of payment, like multi-signature payments.
  • Forces firmware updates on the user. As the Digital Bitbox has been end of lifed by it’s makers, it is unlikely there are updates that are incompatible with ElectrumSV. It is more likely that an out of date device cannot be used because the makers no longer support firmware updates. We can actually disable the firmware check in ElectrumSV and should do so.

Keepkey

A good sign for this hardware wallet is that we pass “BitcoinSV” to it when identifying what cryptocurrency it is signing for. Nice one Keepkey!

Compatibility

User guide

Imagine that logo slides left and right like a screensaver.

As you attempt to sign a transaction, the screen will change to show a virtual keyboard that can be used to securely enter your pin number in ElectrumSV.

Keepkey virtual keyboard to aid in secure pin entry.

For each number in your pin, you click on the location in the grid in ElectrumSV until your complete pin is entered. It’s a little painful, but not more painful than losing your funds to some loser who hacks computers for a living.

ElectrumSV virtual keyboard for Keepkey.

Having successfully entered your pin number, the Keepkey has you confirm the value sent to each of the addresses you are paying to. It will silently verify your change address is correct and not ask you to confirm that.

Keepkey confirmation of values and destinations.

Having confirmed the destinations, it will then get you to confirm the total value of the transaction and how much the fee is.

Keepkey confirmation of the total transaction value.

At this point, ElectrumSV has the signed transaction and can send it wherever necessary.

Limitations

Ledger

These have a display and a process where unrecognised payment addresses are visually verified by the user.

Device — Ledger Nano S

The latest firmware (version 1.6) of this device is from November 2019. There should be no compatibility problems with ElectrumSV.

User guide — signing with this device

As poor build quality of the Ledger Nano S resulted in a non-working device, it is not possible for me to provide a guide for this.

Device — Ledger Blue

The latest firmware (version 2.1) of this device is from May 2018. It is very unlikely it has been updated since then. There should be no compatibility problems with ElectrumSV.

User guide — signing with this device

When you go to sign a transaction, ElectrumSV will request you do so on the Ledger Blue device which you have connected to your computer by a USB cable.

Before you do so, the first step is to tap on the “Bitcoin Cash” app.

The Ledger Blue dashboard.

Doing so will show you the Ledger Blue screen waiting for you to initiate a signing process.

The Ledger Blue Bitcoin Cash app.

At this point, when you initiate the signing process, it will display the details of the transaction and allow you to verify they are what you think you did in ElectrumSV and confirm the transaction should be signed.

The Ledger Blue Bitcoin Cash transaction confirmation screen.

At this point, if your device is more reliable than mine (sometimes not working but sometimes working) you can see the address you can verify it is the one you think you are paying to, and can confirm the payment. Then ElectrumSV will be able to finalise the transaction and send it on it’s way.

Warning

  • Ledger Nano S. This was used maybe two or three times, was never dropped or anything like that. One of the buttons just did not work when it was taken out of storage for testing, and apparently this is not an unknown problem. I contacted them about returning the device for a replacement, but it was more hassle than it was worth.
  • Ledger Blue. When this device displays the payment address from the transaction it is signing, for confirmation, it on many occasions has shown screen distortions directly over the address and nowhere else! If the address cannot be seen, then it becomes only a mild improvement over the somewhat pointless Digital Bitbox USB key.

Limitations

  • The existing ElectrumSV code for these wallets claim it can only have one payment output. This means that if the user tries to pay to multiple addresses with one transaction, how the Ledger will behave is undefined.
  • The existing ElectrumSV code for these wallets claim it can only have one change output per transaction. This means that if ElectrumSV uses more than one change address, the Ledger will say “What is this strange address you are paying to, do you recognise it?” And the user will probably complain their wallet is broken as they won’t have any idea where it comes from.

Trezor

It is an awkward process to get a Trezor hardware wallet working with ElectrumSV, requiring a firmware downgrade. It also does not support Bitcoin SV and usage appears as if one was using Bitcoin Cash. Keepkey is based on the Trezor source code and does support Bitcoin SV.

Device — Trezor Model T

The latest firmware (version 2.3.1) of this device is from June 2020. It is incompatible with ElectrumSV. It is however reported that 2.3.0 does work and that the problem with 2.3.1 is due to a faulty release, and that with the next it should be compatible with ElectrumSV again.

Downgrading Trezor firmware is reported to wipe the device, which makes sense, so make sure you backed up your seed words and this will not cause any loss of funds. Bernhard Müller has kindly written up a guide for users who need assistance in downgrading the firmware.

User guide — signing with this device

If you have set up your Trezor Model T with a normal set of seed words, this guide is for you. However, if your device is set up with Shamir secret sharing (you will know if you did this) then you can make use of Bernhard Müller’s guide on that topic.

Unlike the Keepkey and Trezor Model One, the Trezor Model T is unlocked on the Trezor Model T device itself and not in ElectrumSV. The user taps to unlock the device.

Unlock your Trezor Model T first.

Before the device can be used to sign, the user has to tap their PIN on the touch screen. This is a lot easier than the unlocking indirectly in ElectrumSV.

Enter your pin on the Trezor Model T touch screen.

On initiating the signing process in ElectrumSV, it will prompt the user to complete the process on their Trezor device. First the user will be shown the total value of their transaction, and what address payment is being made to.

Confirm the value and destination of your Trezor Model T transaction.

Next the user will be asked to confirm the block height. Their eyes will glaze over and they will just confirm this not knowing why they are being asked or what it means.

Confirm the locktime of the Trezor Model T transaction.

Finally the user will be shown the exact value of the transaction and how much of that value is being paid in fees, and they then hold their finger down to finalise the transaction.

Final summary confirmation screen for Trezor Model T.

Then ElectrumSV will be able to finalise the transaction and send it on it’s way.

Additional references

Bernhard Müller has written a guide for setting up a shared secret-based wallet on a Trezor Model T. Normally people set up their wallet using 12–24 seed words, but this is an alternative option that Trezor now offers.

All Trezor Model T firmware versions, including any version you may need to downgrade to, can be found on Trezor’s Model T firmware feed.

Device — Trezor Model One

The updates for this should be aligned with the Trezor Model T. It is reported by several users that 1.9.1 is incompatible, and it should follow that 1.9.0 should be compatible and the problem with 1.9.1 should be resolved in the next firmware release.

Downgrading Trezor firmware is reported to wipe the device, which makes sense, so make sure you backed up your seed words and this will not cause any loss of funds. Bernhard Müller’s guide for Trezor Model T likely provides guidance for Trezor One users who need assistance in downgrading the firmware.

User guide — signing with this device

As you attempt to sign a transaction, the screen will change to show a virtual keyboard that can be used to securely enter your pin number in ElectrumSV.

ElectrumSV virtual keyboard for Trezor.

Having successfully entered your pin number, the Trezor has you confirm the value sent to each of the addresses you are paying to. It will silently verify your change address is correct and not ask you to confirm that.

Trezor virtual keyboard to aid in secure pin entry.

Having confirmed the destinations, it will then get you to confirm the total value of the transaction and how much the fee is.

Hard to photograph Ledger One confirmation of amount paid to an address.

Having confirmed the destinations, it will then get you to confirm the total value of the transaction and how much the fee is.

Hard to photograph Ledger One confirmation of transaction amount summary.

At this point, ElectrumSV has the signed transaction and can send it wherever necessary.

Additional references

All Trezor One firmware versions, including any version you may need to downgrade to, can be found on Trezor’s One firmware feed.

Types of protection

Protection up to point of next payment

Protection with visual verification

Let me be blunt. Address comparison is not a solution for regular people. It’s a solution for tired people who’re forced to go to overly complicated lengths to protect their coins. But it’s a way that if you take the time, and you’re willing to suffer through it, you can be sure your coins are going to the addresses you think they’re going to.

Address comparison and malware

We’re already seeing malware that intercepts the clipboard and replaces an address you copied, with another address. And worse the malware is supposed to do a little work to generate an address that looks similar to the one you put into the clipboard with characters at the start and end looking the same.

If someone can get malware onto your computer that can do that, what if the malware author spends more time and manages to install for instance a browser extension (or whatever is possible to the same result) that replaces the addresses you see on the web page before you even copy. It’s always going to look like you’re sending to the right legitimate address until you find out the web page you were viewing was tampered with. Is this possible? — do you know it’s not possible? I don’t.

Limitations

These types of hardware wallet are better than “protection up to the point of next payment”, much better, but it’s still limited. You can’t send to arbitrary numbers of receiving address or change address destinations, and worse you can’t send to OP_RETURN data outputs or any non-addressable (and even then only send to P2PKH) type of destination. This means no multi-signature payments. No attached backup data to payment transactions. And more along those lines.

Protection with proper support for Bitcoin SV

What might proper support for Bitcoin SV require?

  • Ability to sign new types of transaction outputs: Bare multi-signature. Basic accumulator multi-signature. Dynamic variations of accumulator multi-signature. OP_RETURN data. R-Puzzles. WP42 shared secret derivations. Anything that opens up the world of possibilities available to use on Bitcoin SV.
  • Ability to encrypt and decrypt messages: Existing hardware wallets do not support this. It would likely be necessary to support ECIES (which ElectrumSV and Money Button’s bsv.js library use) and the Tokenized encryption standards.
  • Moving beyond addresses: Paying to addresses and visually comparing addresses is something that might always be needed, in case the need arises, but I think we can do better. What if we can get identity data on the replacement solution and can verify that any payment involving a known identity is being made to that known identity. Then instead of seeing “0.5 BSV is being paid to <SOME UNREADABLE “ADDRESS”>” you might see that “0.5 BSV is being paid to ned@ryerson.com”. Further still the replacement solution might be able to unpack any private payment context encrypted into the payment and display/verify that as well.

Final thoughts

Thanks to..

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store