Cold Wallet

2 Likes

Here is a typical usage with testnet coins.

Generate keys (offline computer)

This part is identical to using a paper wallet or any sapling enabled HD wallet.

[hanh@archlinux zec]$ zcash-coldwallet generate >keys.txt
[hanh@archlinux zec]$ cat keys.txt 
Seed Phrase: crew hen auto reject cart eternal abandon machine raven fortune cargo arena rival increase ribbon correct zoo ability oil siege victory chat liquid deer
Derivation Path: m/32'/1'/0'
Secret Key: secret-extended-key-test1q0a006mxqqqqpqyu7lwfg203dkgser62cjmtpx4zhsnv03xdn7798fhsujzy05q0yjkps006cyk27rx6paqpru83dffrfedef7weptj62zknm095et2q4cn2a5aex476cz70sp04ylh9l26920zt9t2pj4eulkjuknaqvjsv2tfkez3atzmxekylu6zww7m9hkuq4qdt5jhr3qhkfp7twky65c8st224mlwkm08gu3cu3p3c3ntry0q67ccfjgksxmqz9p75fag0gac8eulud
Viewing Key: zxviewtestsapling1q0a006mxqqqqpqyu7lwfg203dkgser62cjmtpx4zhsnv03xdn7798fhsujzy05q0ynvr4d0dhj80tf6hvuxm4zh5q7v4fjg2c2y0cklgrdtavwun88l5pdqgpqjxer6m2w7yg4ml2762jf5dvsjjl4rgxgyrhn26qyn0gh922tfkez3atzmxekylu6zww7m9hkuq4qdt5jhr3qhkfp7twky65c8st224mlwkm08gu3cu3p3c3ntry0q67ccfjgksxmqz9p75fag0gactwgr96
Address: ztestsapling1e4xktna53kthk8hwyef4y8fe92qkhgx29fmd25k8fvzszt93h7gwgqhu904zdnnnqmuq226uc2v

Obviously, the secret key should be kept safe.

Initialize Db (online computer)

We switch to the online computer and setup the watch-only wallet.

[hanh@archlinux zec]$ zcash-coldwallet init-db

Initialize Account (online computer)

[hanh@archlinux zec]$ zcash-coldwallet init-account zxviewtestsapling1q0a006mxqqqqpqyu7lwfg203dkgser62cjmtpx4zhsnv03xdn7798fhsujzy05q0ynvr4d0dhj80tf6hvuxm4zh5q7v4fjg2c2y0cklgrdtavwun88l5pdqgpqjxer6m2w7yg4ml2762jf5dvsjjl4rgxgyrhn26qyn0gh922tfkez3atzmxekylu6zww7m9hkuq4qdt5jhr3qhkfp7twky65c8st224mlwkm08gu3cu3p3c3ntry0q67ccfjgksxmqz9p75fag0gactwgr96

Initial Sync (online computer)

[hanh@archlinux zec]$ zcash-coldwallet sync
Starting height: 1288000
Synced to 1292576
Scan completed
[hanh@archlinux zec]$ zcash-coldwallet get-balance
Balance: 0

There is no balance at this point since we didn’t receive any coin in our wallet.

Tap test faucet

Let’s use the test faucet to get 1 tZEC.

Go to https://faucet.testnet.z.cash/ and request a test ZEC to ztestsapling1e4xktna53kthk8hwyef4y8fe92qkhgx29fmd25k8fvzszt93h7gwgqhu904zdnnnqmuq226uc2v

Sync (online computer)

After 3 confirmations, check that we have received the tZEC.

[hanh@archlinux zec]$ zcash-coldwallet sync
Starting height: 1292577
Synced to 1292579
Scan completed
[hanh@archlinux zec]$ zcash-coldwallet get-balance
Balance: 1

Prepare spending transaction (online computer)

Now we are going to send 0.5 tZEC to the same address. The balance remains the same minus the transaction fee (0.00001 tZEC).

[hanh@archlinux zec]$ zcash-coldwallet prepare-tx ztestsapling1e4xktna53kthk8hwyef4y8fe92qkhgx29fmd25k8fvzszt93h7gwgqhu904zdnnnqmuq226uc2v 0.5 tx.json
Not enough funds: 0 < 0.50001 ZEC

Coins have to mature 10 blocks before they can be spent. We need to wait longer.

[hanh@archlinux zec]$ zcash-coldwallet sync
Starting height: 1292580
Synced to 1292588
Scan completed
[hanh@archlinux zec]$ zcash-coldwallet prepare-tx ztestsapling1e4xktna53kthk8hwyef4y8fe92qkhgx29fmd25k8fvzszt93h7gwgqhu904zdnnnqmuq226uc2v 0.5 tx.json

The transaction is stored in the file tx.json. We copy this file to the offline computer (using a USB stick) and continue there.

Sign transaction (offline computer)

This signs the transaction with our secret key.

[hanh@archlinux zec]$ zcash-coldwallet sign secret-extended-key-test1q0a006mxqqqqpqyu7lwfg203dkgser62cjmtpx4zhsnv03xdn7798fhsujzy05q0yjkps006cyk27rx6paqpru83dffrfedef7weptj62zknm095et2q4cn2a5aex476cz70sp04ylh9l26920zt9t2pj4eulkjuknaqvjsv2tfkez3atzmxekylu6zww7m9hkuq4qdt5jhr3qhkfp7twky65c8st224mlwkm08gu3cu3p3c3ntry0q67ccfjgksxmqz9p75fag0gac8eulud tx.json tx.raw
Payment of 0.5 ZEC to ztestsapling1e4xktna53kthk8hwyef4y8fe92qkhgx29fmd25k8fvzszt93h7gwgqhu904zdnnnqmuq226uc2v

The signed transaction is in tx.raw. We copy this file back to the online computer and finish up there.

Broadcast signed transaction (online computer)

[hanh@archlinux zec]$ zcash-coldwallet submit tx.raw
Success! tx id: "ed19603c432f2bb89380a6516dd51513665447ad68ea52a660c8cd1802c2955c"

The transaction can be checked on a testnet explorer. For example: https://explorer.testnet.z.cash/tx/ed19603c432f2bb89380a6516dd51513665447ad68ea52a660c8cd1802c2955c

Update balance

Let’s resync to update our wallet.

[hanh@archlinux zec]$ zcash-coldwallet sync
Starting height: 1292589
Synced to 1292619
Scan completed
[hanh@archlinux zec]$ zcash-coldwallet get-balance
Balance: 0.99999

As expected, we just lost the transaction fee of 0.00001 tZEC

5 Likes

Thanks for this, @hanh! It’s very clear how you would execute this project, thanks for that.

The ZOMG have had a discussion. We like anything that is related to better security.

Could you help us understand what the use case is, and what demand would be like for this could be? We want to make sure that if this is built, it has the potential to be well-adopted.

Separately, for which other crypto assets have you done this? Just for our background.

This should be useful until shielded hardware wallets arrive. Security and privacy should not be mutually exclusive and offline shielded transaction signing is important to help ensure that.

4 Likes

@Javier Exactly
@ml_sudo At this moment, hardware wallets (ledger and trezor) do not support shielded addresses. I have been following the work of the company zondax about zcash on ledger. It is promising but unfortunately, they won’t be ready for a while. So currently, if you want to use shielded addresses, you must use zcashd, lightwalletd or a wallet based on these two.
These products store the secret key in a local file. Even though it can be encrypted, the fact that the machine is online remains a concern (in my opinion). A hacker could install a keylogger or replace the wallet executable with a version that sends him the key once it is decrypted.

Many other cryptocurrencies offer a cold wallet that eliminates this problem by keeping the secret on an offline computer. For example, bitcoin has electrum. Ethereum has MEW offline. As a matter of fact, all exchanges use cold wallets nowadays.

I wrote a cold wallet for bitcoin before Electrum had this feature. GitHub - hhanh00/offlinesig: Cold storage BIP 44 wallet

4 Likes

Thanks @hanh! I’ll bring this back to the ZOMG.

Cold wallets seem to cover a different use than hardware wallets too. Hardware wallets can break, loose compatibility (USB cables get upgraded), rely on the software of the vendor…
It looks like cold wallets are a nice feature for very long term storage.

1 Like

Interesting idea.

Would you consider developing this feature on top of ZecPaperWallet? I believe this can help both the development and distribution of this project.

Also might be a good consideration for ZOMG @ml_sudo

Cheers!

3 Likes

You can use this tool to generate a paper wallet for sapling so you don’t need to use ZecPaperWallet. If you already have a paper wallet (made by ZecPaperWallet or another tool), you could use it with this tool too. In my opinion, they don’t need to be integrated and I would rather keep my tool as simple as possible.

2 Likes

This explanation was really helpful to me for understanding this. Thank you!

I’m still interested in learning more about who will use this. Was the cold wallet you wrote for Bitcoin used regularly by others? Will you use this regularly?

Will others here use this regularly? Some measure of latent demand for this would be helpful!

Hi,
First of all, thank you for your interest.

I have a working version of this wallet that I use already.
Just to clarify, what do you mean by regularly? Because this type of wallet is not meant to be used daily. For daily usage, we have other solutions: Zecwallet, Nighthawk, etc. They work great but I wouldn’t store large amount of zec on them because of the inherent risks associated with a wallet permanently connected to the internet (hot wallet). My personal rule of thumb is to have no more than what I would have in a normal physical wallet. For the rest, I use a cold wallet.

Today, the only thing roughly equivalent to a cold wallet is a hardware wallet (Trezor or Ledger). But they don’t support shielded addresses. Therefore, users have to decide whether they want security or privacy.
Personally, I always choose security over privacy but I think it defeats the purpose of zcash.

I’ve been waiting for a shielded hardware wallet for a while but I think they will not be coming soon:

  1. Quoting from the zondax project page:

We’ve done a lot of Ledger Nano apps but it is fair to say that the Zcash App is the most complex app till today. This project involves many challenges:

  • Mixed C/Rust implementation
  • Complex cryptography and workflow (sapling’s redjubjub)
  • Rust/LLVM code and non-constant time operations in cortex-m0
  • Sapling memory requirements
  1. The ECC is actively working on the next version of zksnark: halo2. This will revolutionize crypto again and render obsolete sapling. Users will be encouraged to migrate from sapling just like they are encouraged to migrate from sprout now. Fortunately, zondax is also working on halo2 though there is no public project page yet.

So as an alternative, there is this cold wallet proposal. It will be easy to adapt it to halo 2 since it builds upon librustzcash that is maintained by the ECC and used in zcashd.

Anyway, it’s possible that most users will still use a hardware wallet with transparent addresses.

Shielded addresses aren’t used much. Maybe some users prefer z-addr but don’t want to leave their coins on a hot wallet.

2 Likes

Hi @hanh , thanks for your thoughtful response.

I am supportive of this proposal but I think there are some questions over the demand of it. As I understand only sophisticated users actually use cold wallet. So, it would be nice if user instructions are clear for this type of tool so that normies can also use it.

Can you please describe the deliverable of this project? Will there be a desktop application for Windows, Linux & Mac?

The deliverables are:

  • open source code on github under MIT license
  • documentation: background, getting started, how to, faq, troubleshooting
  • prebuild binaries for linux, windows, macos, arm (if possible)

It is a command line utility. The typical usage is described in the 2nd post.

  • maintenance and support are best effort. I intend to keep it up to date with the latest z-addr type but will not support older ones, i.e. no t-addr, no sprout.
3 Likes

This is pretty cool.

How does the sync work?

Does it use the ECC SDK? Uses librustzcash directly? Something else?

Sync connects to a lightwalletd instance. By default, it will use mainnet.lightwalletd.com or testnet.lightwalletd.com. You can specify another address with the -l option.
Internally it uses tonic as the grpc library and librustzcash. The wallet is stored in sqlite.

The ECC SDK is the android/ios wallet sdk? It doesn’t use that.

2 Likes

this was really clear. thanks for this.

Hey @hanh!

I am one of the ZOMG committee members. ZOMG is excited that there are people like yourself interested in developing things for the Zcash ecosystem. We had a few questions/comments about your application:

A project like this would be potentially used protect a large amount of ZEC from people who may not be skilled enough to audit the code themselves. For this reason we wanted to ask that:
a.) You provide some references, inside and/or outside of the Zcash community, that can vouch for you as a trustworthy developer.
b.) You arrange a security audit for the code. We feel that this is important to get a second group of eyes on the code and to help instill trust that the code is not malicious. ZOMG would gladly fund this audit and you can add the cost and timeline to your current grant application. If you need help finding an auditor you we can also do what we can to point you in the right direction.

Finally, we had some concerns over the short timeline (3 days) that you said in the grant application it would take to complete something like this. Is there a reason for the short timeline such as some of the code already being done or fragments you’ll be using from another project we can take a look at?

Please do not take our thoroughness as any judgement on your skill as a developer. This software would be trusted by many, many people and we want to make sure we are providing the proper amount of scrutiny to grant applications such as yours.

Looking forward to your reply!

4 Likes

A dumb question maybe: what would be the difference between this and the paper wallet?

With the existing tools, if you wanted to spend some funds held on a paper wallet, you’d have to import the paper wallet’s spending key to a wallet on an online computer, thereby diminishing the security of the paper wallet.

This tool would allow you to sign a transaction on an air-gapped computer, so the spending key never touches an online computer.

I think this Cold Wallet would be extremely useful and I hope that it gets funded.

7 Likes