Extending Split-Bitcoin to Support Offline Key Validation (avoiding metadata leakage)


I intend to use separate applications which all need a full running bitcoin core.

I am running each application in its own VM. However, I don’t have enough storage for running 5 separate VMs with their own Bitcoin cores.

I want some help with running a single bitcoin core, which is online, and communicates with other bitcoin core applications that are being run in offline VMs.


In general we call these split configurations. What you probably want is split-bitcoin, I guess: https://www.qubes-os.org/doc/split-bitcoin/.


I have already read it.

any community members who have created full core daemons on the qubes OS?

I am looking for a general deployment of the Join Market setting, where the Join Market VM is offline, can communicates with the Online BitcoinD daemon, via the qrexec, to make and broadcast transactions, without compromising the private keys.

Pardon my ignorance, but then this setup has nothing to do with the protection of bitcoin wallets, correct? (if that were the case I guess split-bitcoin would suit your needs, which you say doesn’t).

What would you call the asset you’re trying to protect here? (just trying to figure out a better title for the thread).

The purpose of this setup is to keep the private keys offline, use zero-trust system of a full bitcoin core, save storage by avoiding multiple bitcoin cores in separate VMs, and make transactions directly from the offline VM which store the private keys.

The Key split is only compatible with an electrum wallet, and has to rely on an external server to validate and share the public keys of our wallets, compromising even the psudo-anonymity of bitcoin and other Currencies.

1 Like

That makes sense. Does this new title somehow make sense? If not, feel free to change it:

Extending Split-Bitcoin to Support Offline Key Verification (avoiding metadata leakage

I’m not aware of any way to replicate the “split Bitcoin using Electrum” setup with Bitcoin Core. Last I looked into it (years ago), Bitcoin Core didn’t seem to provide the required functionality – at least not without much more in-depth tinkering and research than I was willing to do.

@adw qubes-whonix-bitcoin/1_joinmarket.md at master · qubenix/qubes-whonix-bitcoin · GitHub

I am looking to make this with bitcoin, ethereum, and other cores in qubes.

That’s beyond my expertise, sorry. Hopefully someone more knowledgeable will be able to help you.

@adw could you please spread this messege? so I could get more help, as it is very very important.

@Zaro I think my talk from Qubes OS mini-summit may be related: Qubes OS-3mdeb mini-summit 2021: Day 2 - YouTube

It would be great if you could provide executive overview, since materials you pointing to are technically very exhaustive and it is hard to grasp attention of important people without brief overview of the goals.

It is possible to do offline transaction signing with Bitcoin Core, but that requires some low-level usage of bitcoin-cli. That’s how people have been using cold wallets for ages with bitcoin. Same with Ethereum.

I’m doing that also with Monero, offline signing is very straightforward with monero-wallet-cli, or the Feather wallet.

I don’t use the Qubes “split” setup however, since my offline cold wallet is on real, physical offline computer.


I am primarily interested in setting up a bitcoin core in one qube, and then setting up electrum in an offline qube, and then I want to use the bitcoin core for broadcasting transactions, and I will do so via the offline qube where I have electrum, and JoinMarket.

I also intend to do the same for other Currencies like ETH, XMR, XRP, ADA, etc.

Where possible, I intend to run a full core of the respective cryptocurrency, connect that qube via qrexec to the relevant process in the offline qube.

The overall structure is something like this:

Electrum(offline) <–> Bitcoin Core (online) <–> Transaction broadcasting (Via electrum)

In this way, I remove any 3rd party that I have to trust, avoid sending txn data directly to anyone else, have a secure cold storage, and I also intend to use the same bitcoin core as a daemon for Wasabi, and join market.

This github.com page is a detailed installation guide for the whole configuration for bitcoin core, with electrum wallet, for running join market.

this is configuration of the bitcoin core as backend for electrum and other applications that will need access to the whole blockchain.

My goal is to replicate the same configuration for ETH, XMR, XRP, ADA, etc, for which I need help.


Sounds like you need Electrum personal server.

It’s actually really cool, and works well. Idea is that you are running the bitcoin core yourself, and then have a lightweight Electrum server on top of that, only for you personal use.

There are lot of possibilities here. For example, you could run the bitcoin node in one appvm, and then your Electrum server + online wallet on another appvm, and of course the offline wallet on another appvm.

For XMR this is very straightforward. You run your monero node and then configure it to listen RPC localhost only. Then you have online “watch only” wallet on another appvm, connecting to the node RPC via Qubes rpc (actually, this wallet can be technically offline as well). The cold wallet on offline appvm can then sign the transactions produced by the online wallet, and transaction files can be moved around normally with qvm-copy-to-vm.

So two offline wallets, other one is “watch only”, and then the cold wallet. I’m just wondering is this necessary because you are running your own node that you trust. I think the answer is yes, because the monero node is talking to lots of untrusted remote nodes that can potentially exploit the node, and the “online” wallet (communicating via qubes rpc) can also be hacked. But the interface between two wallets is very controlled: small files you can manually verify to not contain any exploit payloads. So maybe this could be simplified by running the online wallet on the node appvm directly?

1 Like


Thank you very much for the information, on further research, I found an official guide on get monero website, which supports this via qubes OS.

1 Like

I saw your PM, @Zaro. Thanks for that.

Re: The official Monero guide vs the one I point to in a previous topic. I still find the official Monero one with outdated points and I still have no issues running mine based on the Github guide for months now.

I’ve been reading your thread with interest since you posted a couple of days ago, but unfortunately I’m unsure how to contribute when it comes to Bitcoin Core. It’s definitely interesting.

Note that this guide doesn’t do what you want (offline signing), it just separates the wallet to its own appvm and communicates to the node with qubes rpc. You may want to make this wallet “view only” and then have another wallet on another offline appvm (or on another computer).