Get the latest BitBoxApp here: https://shiftcrypto.ch/download
Monte Rosa
Markets are going crazy, FUDders calling Bitcoin monopoly money again. And we have a bit of everything we love in the first BitBox update of 2021: this is why we chose to call it the Monte Rosa update, the queen of Swiss Alpine Club (SAC) mountain huts, the blue prime real estate on the SAC Monopoly edition (yes, that’s a thing!).
Here are three highlights from this update:
- Buy crypto directly in the BitBoxApp: this addition finally makes our app a true one-stop shop. Get a BitBox02, stack some sats (and weis and lits) and rest assured that your funds are safe.
- Roll your own seed: we like to take advanced features and make them easy to use. With the new “verifiable seed generation” feature, you have the option to pick your own recovery words and the BitBox02 will do the rest. No additional air-gapped computer and technical computer scripts necessary.
- Protection against leaking private keys: a little known attack vector is for a malicious wallet software to encode secrets into crypto transaction signatures, where they can be read by the attacker. We contributed to the secp256k1-zkp cryptographic library to allow for protection against this attack, and implemented it in the BitBox02.
As you can see, we’re active on multiple fronts: from making sovereign custody easier for the next million users coming into Bitcoin, to improving the base layer of the whole system. This is why we have the best jobs in the world. :)
Buy your coins directly in the BitBoxApp
You want to enter the crypto space, but on your own terms, where you’re in full control of your funds? With a BitBox you have everything you need.
Of course that’s only true if you can actually get Bitcoin and other cryptocurrencies directly in the BitBoxApp, without the need to sign up to exchanges and manually transferring the funds to your hardware wallet.
With this update, we bring you a comfortable way to regularly stack some sats. After a thorough evaluation of different candidates, we partnered up with MoonPay to bridge the fiat/crypto gap. Our criteria were the following:
- Worldwide coverage
We enjoy a worldwide user basis and with this integration we can provide this feature to our users in over 160 countries. - Attractive fee structure, with a wide range of payment methods
Buying crypto with your credit card is easy, but fees are higher due to chargeback risks. This is why we insisted on a solution that supports bank transfers (ACH / SEPA) as well. - Minimal, easy KYC
Unfortunately, there’s no way around KYC for an easy-to-use buy feature. With Moonpay, the process is straightforward and directly integrated. Up to $5000 per month, a one-time selfie and identity document is sufficient.
Simply click on “Buy crypto” in the sidebar to access this new feature.
Roll your own seed
True randomness is the inevitable starting point for every private key generation. The BitBox02 gives you near-perfect randomness:
- Using five different entropy sources (factory setup, secure chip, regular chip, host computer + device password)
- Combining these sources so that randomness can only increase with each additional source
- Everything is fully verifiable due to open-source firmware and reproducible builds
Still, some users want to create their own seed based on their own randomness. Because creating randomness is extremely hard for humans, the best way is to use casino-grade dice for this.
So, what’s stopping you from just picking 24 recovery words at random? The main challenge is that you can’t simply pick any word as your 24th word because it needs to be calculated using a hashing algorithm. This last word is in fact a checksum over the first 23 words and it’s near to impossible to compute it manually.
But we’ve got you covered: the BitBox02 now enables you to create your own seed, including the correct 24th word, without relying on additional air-gapped computers and computer scripts.
We'll publish detailed instructions on how to securely use this feature in the coming days.
Protection against leaking private keys through signatures
Did you know that a malicious wallet could potentially leak your private keys by hiding them in regular signatures, where an attacker could then just read them off the blockchain?
This is called a “nonce covert channel attack” because the secret information is hidden in the “nonce”, an arbitrary number used just once in a cryptographic communication and that is part of the transaction signature. Although the signature (and with this also the nonce) is stored on the blockchain, it can be biased by the hardware wallet, giving it a communication channel to the outside. This is a very good reason to only trust a wallet that is...
- open source: the source code can be audited, and
- reproducibly built: the software you install is guaranteed to come from this open-source code
(see our comparison table for Bitcoin wallets)
The BitBox02 now goes one step further: it is the first hardware wallet that ships with protection against this potential attack, first for Bitcoin and Litecoin, in a later release also for Ethereum. The BitBox02 mitigates this attack by provably including a nonce contribution from your host wallet, such as the BitBoxApp, Electrum or any wallet that uses the Hardware Wallet Interface (HWI) .
The foundation to enable this protection is the contribution of our lead developer benma to the secp256k1-zkp cryptographic library. It was over a year in the making, but now it has arrived in your BitBox02 to further protect your coins.
We’ll publish more on that, with the appropriate thanks to reviewers and contributors, in a separate post.
How can I stay up-to-date?
We encourage you to sign up to the BitBox news to stay up to date with our latest news, including release notes and bug fixes.
As always, please do not hesitate to contact us at [email protected] if you have any questions.
Thank you for your continued support.
Shift Team
Shift Crypto is a privately held company based in Zurich, Switzerland. Our international team of specialists across engineering, cryptosecurity and Bitcoin core development build the BitBox products and provide consulting services. The BitBox02, a second generation hardware wallet, equips individuals to easily store, protect, and transact cryptocurrencies. Its companion, the BitBoxApp, provides an all-in-one solution to securely manage your digital assets with ease.