bitcoinhodler / glacier-psbt Goto Github PK

The way I'm doing the wallet import on the online node is based on my question on StackExchange, but it turns out that is unsupported and likely to change in the next major release of Bitcoin Core. See bitcoin#15932 for details.

So, wait for v0.18 release, then redo how the import works.

Bitcoin Core 13932 adds three new RPCs that might be interesting. See Bitcoin Optech issue 34 for lots of interesting things.

I am trying to get a sense as to why this proposal would degrade the security of the current version of the protocol and if there are ways to fix it.

IMHO introducing PSBT's would be of great benefit and would actually increase the overall security of the protocol.

1. It would allow to sign transactions without having to have all the required keys at one single place in time.
2. Advocating full node usage and having a watch only node is a drastic security improvement and it aligns well with the philosophy behind bitcoin.

For the sake of discussion, let A be the full node computer and B a glacier quarantined laptop.

The current concern is that if Glacier gets compromised then an attacker could potentially coordinate his actions on A and B to inject the keys on B and extract them when we access the transaction at A.

As far as I can see this could be mitigated by having (in the ideal scenario) a quarantined laptop C that runs a live Ubuntu with bitcoin core as its only installation.

Then, the transaction signed at B is transferred to C and we use bitcoin-cli to check its validity.

Am I missing something here?

Could we see in the current guideline what the exact output to process 3 is? Specifically the data (transaction?) that will later be used to feed on the quarantined laptop.

I guess I could figure it out from the input passed process 4, but I'd like to have a clear visual representation of what data gets later passed to the guaranteed HW. It would help break down the flow of data passed around and think how this needs to be addressed securely.