Extending Split-Bitcoin to Support Offline Key Validation (avoiding metadata leakage)

Zaro · August 30, 2021, 10:19am

Hello,

I intend to use separate applications which all need a full running bitcoin core.

I am running each application in its own VM. However, I don’t have enough storage for running 5 separate VMs with their own Bitcoin cores.

I want some help with running a single bitcoin core, which is online, and communicates with other bitcoin core applications that are being run in offline VMs.

Thanks.

deeplow · August 30, 2021, 11:05am

In general we call these split configurations. What you probably want is split-bitcoin, I guess: https://www.qubes-os.org/doc/split-bitcoin/.

Zaro · August 30, 2021, 11:06am

Hello,

I have already read it.

Zaro · August 30, 2021, 11:07am

any community members who have created full core daemons on the qubes OS?

Zaro · August 30, 2021, 11:11am

I am looking for a general deployment of the Join Market setting, where the Join Market VM is offline, can communicates with the Online BitcoinD daemon, via the qrexec, to make and broadcast transactions, without compromising the private keys.

deeplow · August 30, 2021, 12:59pm

Pardon my ignorance, but then this setup has nothing to do with the protection of bitcoin wallets, correct? (if that were the case I guess split-bitcoin would suit your needs, which you say doesn’t).

What would you call the asset you’re trying to protect here? (just trying to figure out a better title for the thread).

Zaro · August 30, 2021, 1:33pm

The purpose of this setup is to keep the private keys offline, use zero-trust system of a full bitcoin core, save storage by avoiding multiple bitcoin cores in separate VMs, and make transactions directly from the offline VM which store the private keys.

The Key split is only compatible with an electrum wallet, and has to rely on an external server to validate and share the public keys of our wallets, compromising even the psudo-anonymity of bitcoin and other Currencies.

deeplow · August 30, 2021, 2:44pm

That makes sense. Does this new title somehow make sense? If not, feel free to change it:

Extending Split-Bitcoin to Support Offline Key Verification (avoiding metadata leakage

adw · August 31, 2021, 12:55am

I’m not aware of any way to replicate the “split Bitcoin using Electrum” setup with Bitcoin Core. Last I looked into it (years ago), Bitcoin Core didn’t seem to provide the required functionality – at least not without much more in-depth tinkering and research than I was willing to do.

Zaro · August 31, 2021, 4:09am

@adw qubes-whonix-bitcoin/1_joinmarket.md at master · qubenix/qubes-whonix-bitcoin · GitHub

I am looking to make this with bitcoin, ethereum, and other cores in qubes.

adw · August 31, 2021, 12:00pm

That’s beyond my expertise, sorry. Hopefully someone more knowledgeable will be able to help you.

Zaro · August 31, 2021, 4:19pm

@adw could you please spread this messege? so I could get more help, as it is very very important.

pietrushnic · August 31, 2021, 10:08pm

@Zaro I think my talk from Qubes OS mini-summit may be related: Qubes OS-3mdeb mini-summit 2021: Day 2 - YouTube

It would be great if you could provide executive overview, since materials you pointing to are technically very exhaustive and it is hard to grasp attention of important people without brief overview of the goals.

turkja · September 1, 2021, 1:46am

It is possible to do offline transaction signing with Bitcoin Core, but that requires some low-level usage of bitcoin-cli. That’s how people have been using cold wallets for ages with bitcoin. Same with Ethereum.

I’m doing that also with Monero, offline signing is very straightforward with monero-wallet-cli, or the Feather wallet.

I don’t use the Qubes “split” setup however, since my offline cold wallet is on real, physical offline computer.

Zaro · September 1, 2021, 4:37am

Hello,

I am primarily interested in setting up a bitcoin core in one qube, and then setting up electrum in an offline qube, and then I want to use the bitcoin core for broadcasting transactions, and I will do so via the offline qube where I have electrum, and JoinMarket.

I also intend to do the same for other Currencies like ETH, XMR, XRP, ADA, etc.

Where possible, I intend to run a full core of the respective cryptocurrency, connect that qube via qrexec to the relevant process in the offline qube.

The overall structure is something like this:

Electrum(offline) <–> Bitcoin Core (online) <–> Transaction broadcasting (Via electrum)

In this way, I remove any 3rd party that I have to trust, avoid sending txn data directly to anyone else, have a secure cold storage, and I also intend to use the same bitcoin core as a daemon for Wasabi, and join market.

github.com

qubenix/qubes-whonix-bitcoin/blob/master/1_joinmarket.md

# Qubes 4 & Whonix 15: JoinMarket
Create a VM without networking to host a [JoinMarket](https://github.com/JoinMarket-Org/joinmarket-clientserver) wallet. The `joinmarketd` daemon will run on the `bitcoind` VM, communicate only over Tor onion services, and use stream isolation.

The offline `joinmarket` VM will communicate with your `bitcoind` VM using Qubes' [`qrexec`](https://www.qubes-os.org/doc/qrexec3/).
## What is JoinMarket?
Joinmarket is an open source, decentralized, and trustless market for [coinjoins](https://en.bitcoin.it/wiki/CoinJoin). Anyone holding Bitcoin can offer coinjoins for a fee, and anyone can pay a fee to have their transactions obfuscated.

See the [Bitcoin wiki](https://en.bitcoin.it/wiki/JoinMarket) for a more detailed explanation of JoinMarket.
## Why Do This?
This increases the privacy and security of your JoinMarket wallet while still maintaining full functionality. Enhanced privacy is achieved by using only Tor onion endpoints, and security is improved by removing the need for a network connection on the wallet VM.
## Prerequisites
- To complete this guide you must have first completed:
  - [`0_bitcoind.md`](https://github.com/qubenix/qubes-whonix-bitcoin/blob/master/0_bitcoind.md)

## I. Set Up Dom0
### A. In a `dom0` terminal, create an AppVM.
1. Create the AppVM for JoinMarket's wallet with no networking, using the `whonix-ws-15-bitcoin` TemplateVM.

**Notes:**
- You must choose a label color, but it does not have to match this example.

This file has been truncated. show original

This github.com page is a detailed installation guide for the whole configuration for bitcoin core, with electrum wallet, for running join market.

github.com

qubenix/qubes-whonix-bitcoin/blob/master/0_bitcoind.md

# Qubes 4 & Whonix 15: Bitcoin Core
Create a VM for running [Bitcoin Core](https://github.com/bitcoin/bitcoin), which will be built from source code and configured to:
- Allow other VMs to connect when given explicit permission from `dom0`.
- Communicate only over Tor.
- Easily plugin other applications which require a `bitcoind` backend.
- Index all transactions.
- Prefer hidden services, use them exclusively if possible.
- Use ephemeral hidden services when serving peers.
- Utilize Tor stream isolation.

## What is Bitcoin Core?
The server daemon for the Bitcoin distributed cryptocurrency (`bitcoind`), command line tools (`bitcoin-cli`), and a gui wallet (`bitcoin-qt`). These tools can be used to observe and interact with Bitcoin's blockchain.
## Why Do This?
Bitcoin Core is a [full node](https://en.bitcoin.it/wiki/Full_node), meaning it will verify that all incoming transactions and blocks are following Bitcoin's rules. This allows you to validate transactions without trusting third parties.

An indexed node can be used as a backend for other software which needs access to the blockchain, such as:
- [BTCPay Server](https://github.com/btcpayserver/btcpayserver)
- [c-Lightning](https://github.com/ElementsProject/lightning)
- [Electrum Personal Server](https://github.com/chris-belcher/electrum-personal-server)
  - Guide: [`1_electrum-personal-server.md`](https://github.com/qubenix/qubes-whonix-bitcoin/blob/master/1_electrum-personal-server.md)

This file has been truncated. show original

this is configuration of the bitcoin core as backend for electrum and other applications that will need access to the whole blockchain.

My goal is to replicate the same configuration for ETH, XMR, XRP, ADA, etc, for which I need help.

Best,
Zaro

turkja · September 1, 2021, 11:50am

Sounds like you need Electrum personal server.

It’s actually really cool, and works well. Idea is that you are running the bitcoin core yourself, and then have a lightweight Electrum server on top of that, only for you personal use.

There are lot of possibilities here. For example, you could run the bitcoin node in one appvm, and then your Electrum server + online wallet on another appvm, and of course the offline wallet on another appvm.

turkja · September 1, 2021, 12:01pm

For XMR this is very straightforward. You run your monero node and then configure it to listen RPC localhost only. Then you have online “watch only” wallet on another appvm, connecting to the node RPC via Qubes rpc (actually, this wallet can be technically offline as well). The cold wallet on offline appvm can then sign the transactions produced by the online wallet, and transaction files can be moved around normally with qvm-copy-to-vm.

So two offline wallets, other one is “watch only”, and then the cold wallet. I’m just wondering is this necessary because you are running your own node that you trust. I think the answer is yes, because the monero node is talking to lots of untrusted remote nodes that can potentially exploit the node, and the “online” wallet (communicating via qubes rpc) can also be hacked. But the interface between two wallets is very controlled: small files you can manually verify to not contain any exploit payloads. So maybe this could be simplified by running the online wallet on the node appvm directly?

Zaro · September 1, 2021, 2:43pm

Hello,

Thank you very much for the information, on further research, I found an official guide on get monero website, which supports this via qubes OS.

MrA · September 1, 2021, 7:21pm

I saw your PM, @Zaro. Thanks for that.

Re: The official Monero guide vs the one I point to in a previous topic. I still find the official Monero one with outdated points and I still have no issues running mine based on the Github guide for months now.

I’ve been reading your thread with interest since you posted a couple of days ago, but unfortunately I’m unsure how to contribute when it comes to Bitcoin Core. It’s definitely interesting.

turkja · September 2, 2021, 12:34am

Note that this guide doesn’t do what you want (offline signing), it just separates the wallet to its own appvm and communicates to the node with qubes rpc. You may want to make this wallet “view only” and then have another wallet on another offline appvm (or on another computer).

https://monerodocs.org/cold-storage/offline-transaction-signing/