Hardware wallets & ElectrumSV

This article is intended to serve as a reference for people who want to use hardware wallets in ElectrumSV. It will be fleshed out as more information becomes available. If you have to get one, get a Keepkey.

Introduction

Let us be clear on where ElectrumSV stands with regard to our users and hardware wallets. As long as it is practical for us to commit the time and energy to do so, we will continue to maintain the existing hardware wallet support. But the vendors who created and sell these devices do not maintain them, and some actively do not support users on Bitcoin SV. The devices are very limited and cannot be used for many things that are possible on ElectrumSV. However, they can still be used for simple payments to addresses, and they provide a level of security it is difficult to obtain otherwise.

The ElectrumSV testing hardware wallets.

We support four different makes of hardware model:

• Digital Bitbox.
• Keepkey.
• Ledger.
• Trezor.

Each of these makes will be documented below in a way that is intended to help users with those devices, to be able to more easily use them with ElectrumSV.

Why use a hardware wallet?

Most of the makes of hardware wallet that ElectrumSV has support for, have a display. When a user signs a transaction, the hardware wallet identifies all unknown addresses and gets the user to confirm they are correct. This means that even if their computer and ElectrumSV have been compromised, it is much less likely that they can make payments to someone they weren’t planning to.

But you have to be prepared to accept that they don’t provide absolute protection and they don’t really allow a user to do much beyond simple payments.

Do you understand how well it protects you?

If your computer is compromised, and you are comparing an address shown somewhere on that computer to the hardware wallet, then you cannot know for sure that the original address you are using came from where you think it did anyway. It is much less likely that it can be compromised, but it is still possible.

Do you know what you can use it for?

Hardware wallets only support a small range of payment types. Realistically, they actually only support one type of payment called “pay to public key hash”. This is effectively just a payment to an address. They do not allow payments to multi-signature accounts, nor anything else beyond simple payments to addresses. And worse, there are often limits to how that simple payment can be constructed, it really has to be literally a simple payment.

Digital Bitbox (AKA BitBox01)

Summary: Was promising but unsupported and app was not great. Do not buy.

This device is a simple USB key. When you make a payment, ElectrumSV asks you to confirm the payment and put your finger over the light until it detects it and confirms it. You have to use their smartphone app to ensure you can view the details of the transaction. The secured data stays on the USB key, and the app provides display and confirmation capabilities without access to that secured data. It’s complicated, but a nice enough model.

A Digital Bitbox hardware wallet.

The future of “Digital Bitbox” support in ElectrumSV

As the company behind this have moved onto an updated version we have no support for, BitBox02, it is unknown if they have an incentive to continue to support the use of the smartphone app with BitBox01. I’ve never used their app, and have no idea how good a job it does helping the user confirm the transaction details are valid but I suspect it probably works better than any of the other devices we support.

Using the USB key without the app at best it prevents an attacker from making a payment until they can subvert your next one, something that is definitely an improvement over the basic protection of the ElectrumSV wallet password. But in the scheme of things, it can never provide the certainty that a solution that ensures payment goes to the correct people has — as the app should allow as an extension of the USB key.

This would be the first hardware wallet whose support we remove from ElectrumSV. I cannot advocate anyone should buy one of these as I cannot guarantee we will retain support. If the makers of this device step up and provide all necessary work to ensure a reasonable level of support for their device, we would retain support because it is already present. However, I have never met a user of this device who says they use it with ElectrumSV.

Limitations

• Can only sign at most 14 inputs. What this might mean is that if the coins in your wallet are low value, you will have to manually combine them if more than 14 of them are needed to make up the desired amount you wish to pay.
• Only supports P2PKH payments. Does not support other forms of payment, like multi-signature payments.
• Forces firmware updates on the user. As the Digital Bitbox has been end of lifed by it’s makers, it is unlikely there are updates that are incompatible with ElectrumSV. It is more likely that an out of date device cannot be used because the makers no longer support firmware updates. We can actually disable the firmware check in ElectrumSV and should do so.

Keepkey

Summary: The best option. Buy this if you want a hardware wallet.

A good sign for this hardware wallet is that we pass “BitcoinSV” to it when identifying what cryptocurrency it is signing for. Nice one Keepkey!

Compatibility

There are no known compatibility problems with the latest firmware.

User guide

On plugging in your Keepkey, it will show an atypical screensaver where their logo moves back and forwards across the screen.

Imagine that logo slides left and right like a screensaver.

As you attempt to sign a transaction, the screen will change to show a virtual keyboard that can be used to securely enter your pin number in ElectrumSV.

Keepkey virtual keyboard to aid in secure pin entry.

For each number in your pin, you click on the location in the grid in ElectrumSV until your complete pin is entered. It’s a little painful, but not more painful than losing your funds to some loser who hacks computers for a living.

ElectrumSV virtual keyboard for Keepkey.

Having successfully entered your pin number, the Keepkey has you confirm the value sent to each of the addresses you are paying to. It will silently verify your change address is correct and not ask you to confirm that.

Keepkey confirmation of values and destinations.

Having confirmed the destinations, it will then get you to confirm the total value of the transaction and how much the fee is.

Keepkey confirmation of the total transaction value.

At this point, ElectrumSV has the signed transaction and can send it wherever necessary.

Limitations

• Can only have one change output. This means that if ElectrumSV uses more than one change address, the Keepkey will say “What is this strange address you are paying to, do you recognise it?” And the user will probably complain their wallet is broken as they won’t have any idea where it comes from.

Ledger

Summary: Popular, but problematic. Cannot be recommended.

These have a display and a process where unrecognised payment addresses are visually verified by the user.

Device — Ledger Nano S

Compatibility

The latest firmware (version 1.6) of this device is from November 2019. There should be no compatibility problems with ElectrumSV.

User guide — signing with this device

As poor build quality of the Ledger Nano S resulted in a non-working device, it is not possible for me to provide a guide for this.

Device — Ledger Blue

Compatibility

The latest firmware (version 2.1) of this device is from May 2018. It is very unlikely it has been updated since then. There should be no compatibility problems with ElectrumSV.

User guide — signing with this device

When you go to sign a transaction, ElectrumSV will request you do so on the Ledger Blue device which you have connected to your computer by a USB cable.

Before you do so, the first step is to tap on the “Bitcoin Cash” app.

The Ledger Blue dashboard.

Doing so will show you the Ledger Blue screen waiting for you to initiate a signing process.

The Ledger Blue Bitcoin Cash app.

At this point, when you initiate the signing process, it will display the details of the transaction and allow you to verify they are what you think you did in ElectrumSV and confirm the transaction should be signed.

The Ledger Blue Bitcoin Cash transaction confirmation screen.

At this point, if your device is more reliable than mine (sometimes not working but sometimes working) you can see the address you can verify it is the one you think you are paying to, and can confirm the payment. Then ElectrumSV will be able to finalise the transaction and send it on it’s way.

Warning

I have two Ledger brand testing devices. One is completely unusable and the other is unreliable.

• Ledger Nano S. This was used maybe two or three times, was never dropped or anything like that. One of the buttons just did not work when it was taken out of storage for testing, and apparently this is not an unknown problem. I contacted them about returning the device for a replacement, but it was more hassle than it was worth.
• Ledger Blue. When this device displays the payment address from the transaction it is signing, for confirmation, it on many occasions has shown screen distortions directly over the address and nowhere else! If the address cannot be seen, then it becomes only a mild improvement over the somewhat pointless Digital Bitbox USB key.

Limitations

• Does not support Bitcoin SV. It has to be used in Bitcoin Cash mode to work with ElectrumSV.
• The existing ElectrumSV code for these wallets claim it can only have one payment output. This means that if the user tries to pay to multiple addresses with one transaction, how the Ledger will behave is undefined.
• The existing ElectrumSV code for these wallets claim it can only have one change output per transaction. This means that if ElectrumSV uses more than one change address, the Ledger will say “What is this strange address you are paying to, do you recognise it?” And the user will probably complain their wallet is broken as they won’t have any idea where it comes from.

Trezor

Summary: Not recommended. Buy a Keepkey instead.

It is an awkward process to get a Trezor hardware wallet working with ElectrumSV, requiring a firmware downgrade. It also does not support Bitcoin SV and usage appears as if one was using Bitcoin Cash. Keepkey is based on the Trezor source code and does support Bitcoin SV.

Device — Trezor Model T

Compatibility

The latest firmware (version 2.3.1) of this device is from June 2020. It is incompatible with ElectrumSV. It is however reported that 2.3.0 does work and that the problem with 2.3.1 is due to a faulty release, and that with the next it should be compatible with ElectrumSV again.

Downgrading Trezor firmware is reported to wipe the device, which makes sense, so make sure you backed up your seed words and this will not cause any loss of funds. Bernhard Müller has kindly written up a guide for users who need assistance in downgrading the firmware.

User guide — signing with this device

If you have set up your Trezor Model T with a normal set of seed words, this guide is for you. However, if your device is set up with Shamir secret sharing (you will know if you did this) then you can make use of Bernhard Müller’s guide on that topic.

Unlike the Keepkey and Trezor Model One, the Trezor Model T is unlocked on the Trezor Model T device itself and not in ElectrumSV. The user taps to unlock the device.

Unlock your Trezor Model T first.

Before the device can be used to sign, the user has to tap their PIN on the touch screen. This is a lot easier than the unlocking indirectly in ElectrumSV.

Enter your pin on the Trezor Model T touch screen.

On initiating the signing process in ElectrumSV, it will prompt the user to complete the process on their Trezor device. First the user will be shown the total value of their transaction, and what address payment is being made to.

Confirm the value and destination of your Trezor Model T transaction.

Next the user will be asked to confirm the block height. Their eyes will glaze over and they will just confirm this not knowing why they are being asked or what it means.

Confirm the locktime of the Trezor Model T transaction.

Finally the user will be shown the exact value of the transaction and how much of that value is being paid in fees, and they then hold their finger down to finalise the transaction.

Final summary confirmation screen for Trezor Model T.

Then ElectrumSV will be able to finalise the transaction and send it on it’s way.

Additional references

Bernhard Müller has written a guide for setting up a shared secret-based wallet on a Trezor Model T. Normally people set up their wallet using 12–24 seed words, but this is an alternative option that Trezor now offers.

All Trezor Model T firmware versions, including any version you may need to downgrade to, can be found on Trezor’s Model T firmware feed.

Device — Trezor Model One

Compatibility

The updates for this should be aligned with the Trezor Model T. It is reported by several users that 1.9.1 is incompatible, and it should follow that 1.9.0 should be compatible and the problem with 1.9.1 should be resolved in the next firmware release.

Downgrading Trezor firmware is reported to wipe the device, which makes sense, so make sure you backed up your seed words and this will not cause any loss of funds. Bernhard Müller’s guide for Trezor Model T likely provides guidance for Trezor One users who need assistance in downgrading the firmware.

User guide — signing with this device

As you attempt to sign a transaction, the screen will change to show a virtual keyboard that can be used to securely enter your pin number in ElectrumSV.

ElectrumSV virtual keyboard for Trezor.

Having successfully entered your pin number, the Trezor has you confirm the value sent to each of the addresses you are paying to. It will silently verify your change address is correct and not ask you to confirm that.

Trezor virtual keyboard to aid in secure pin entry.

Having confirmed the destinations, it will then get you to confirm the total value of the transaction and how much the fee is.

Hard to photograph Ledger One confirmation of amount paid to an address.

Having confirmed the destinations, it will then get you to confirm the total value of the transaction and how much the fee is.

Hard to photograph Ledger One confirmation of transaction amount summary.

At this point, ElectrumSV has the signed transaction and can send it wherever necessary.

Additional references

All Trezor One firmware versions, including any version you may need to downgrade to, can be found on Trezor’s One firmware feed.

Types of protection

Let’s go over the different types of protection a hardware wallet gives, or could give you.

Protection up to point of next payment

If your device has no display like a Digital Bitbox, then you are choosing to guard when the keys can be accessed to spend your coins. You have no ability to know for sure where the coins are actually spent, or how much is actually being spent, but you can choose to let someone take your coins when you go to make a payment to someone else. This is better than no protection at all, and if you keep your computer updated and never run dodgy software (we might even say builds of open source software for example) then this might be perfectly fine.

Protection with visual verification

Your device not only guards your keys, but it also analyses the transactions you are signing and shows you the details allowing you to both confirm how much you send to a given address, but that the address you are sending to is the one you think you are sending to.

Let me be blunt. Address comparison is not a solution for regular people. It’s a solution for tired people who’re forced to go to overly complicated lengths to protect their coins. But it’s a way that if you take the time, and you’re willing to suffer through it, you can be sure your coins are going to the addresses you think they’re going to.

Address comparison and malware

We’re already seeing malware that intercepts the clipboard and replaces an address you copied, with another address. And worse the malware is supposed to do a little work to generate an address that looks similar to the one you put into the clipboard with characters at the start and end looking the same.

If someone can get malware onto your computer that can do that, what if the malware author spends more time and manages to install for instance a browser extension (or whatever is possible to the same result) that replaces the addresses you see on the web page before you even copy. It’s always going to look like you’re sending to the right legitimate address until you find out the web page you were viewing was tampered with. Is this possible? — do you know it’s not possible? I don’t.

Limitations

These types of hardware wallet are better than “protection up to the point of next payment”, much better, but it’s still limited. You can’t send to arbitrary numbers of receiving address or change address destinations, and worse you can’t send to OP_RETURN data outputs or any non-addressable (and even then only send to P2PKH) type of destination. This means no multi-signature payments. No attached backup data to payment transactions. And more along those lines.

Protection with proper support for Bitcoin SV

This does not exist. There are no hardware wallets that support Bitcoin SV, with the exception of Keepkey in that it merely provides a pleasant experience for what it is, with use of correct currency naming.

What might proper support for Bitcoin SV require?

• Ability to sign new types of transaction outputs: Bare multi-signature. Basic accumulator multi-signature. Dynamic variations of accumulator multi-signature. OP_RETURN data. R-Puzzles. WP42 shared secret derivations. Anything that opens up the world of possibilities available to use on Bitcoin SV.
• Ability to encrypt and decrypt messages: Existing hardware wallets do not support this. It would likely be necessary to support ECIES (which ElectrumSV and Money Button’s bsv.js library use) and the Tokenized encryption standards.
• Moving beyond addresses: Paying to addresses and visually comparing addresses is something that might always be needed, in case the need arises, but I think we can do better. What if we can get identity data on the replacement solution and can verify that any payment involving a known identity is being made to that known identity. Then instead of seeing “0.5 BSV is being paid to <SOME UNREADABLE “ADDRESS”>” you might see that “0.5 BSV is being paid to ned@ryerson.com”. Further still the replacement solution might be able to unpack any private payment context encrypted into the payment and display/verify that as well.

Final thoughts

Thanks to..

• Bernhard Müller for the detailed information on the Trezor Model T, and firmware compatibility.