A Look At The Future Of Specter And Bitcoin Sovereignty With Moritz Wietersheim

Specter is a Bitcoin wallet provider that builds tools for the entire Bitcoin usage stack, from commercial to individual use.

The core principle and design goal of Bitcoin was to be “a purely peer-to-peer version of electronic cash.” While this statement from the whitepaper is traditionally viewed as being related solely to the processing of payments independent of a financial institution, there are other aspects of Bitcoin that are incredibly important to maintain in order to keep it a peer-to-peer system that empowers its users to maintain control over their own finances. Self-validation is one of the most important things for a Bitcoiner to do in order to maintain their own sovereignty over their money. Privacy is another thing that is also incredibly important in relation to self-sovereignty. Obviously in addition to these two aspects, managing your own keys is key (get it?) to having full control over your own bitcoin.

Specter is a family of open source projects that have been working to make all of these important qualities accessible and easy to use for Bitcoiners since 2018. Moritz Wietersheim from Specter was kind enough to give some time to answer questions regarding the past, present state and future plans of the Specter team in expanding their software and hardware devices to continue simplifying the process of using Bitcoin in the most sovereign way possible.

The project began in 2018 in Lisbon during a steak dinner after the Building on Bitcoin conference. Wietersheim met Stepan Snigirev during the conference, where Snigirev had won the hackathon event with a prototype of a hardware wallet with integrated Lightning Network support. During the course of the dinner, Wietersheim and Snigirev decided to start working together on what would become the Specter DIY (Do-It-Yourself) hardware wallet. This became the core piece for an entire ecosystem of different tools for interacting with Bitcoin.

Specter DIY

The Specter DIY Wallet was designed at a time when the hardware wallet space was much less mature. A comprehensive breakdown of many of the vulnerabilities discovered during that time period can be found at Saleem Rashid’s website as well as the Wallet.Fail presentation at the Chaos Communication Congress. At the time it was an almost monthly occurrence for pretty nasty vulnerabilities to be found in different hardware devices. Although the space has matured quite a lot since that time period, I think it is important to note the environment at the time to give context to the thinking behind Specter DIY.

The Specter DIY is built around the STM32 microcontroller, the same MCU (microcontroller unit) used by hardware wallets such as the Coldcard, Trezor, Bitbox, etc. It’s mounted on a Discovery developer board which has both an SD card slot and USB for communication with software wallets. It also has optional support for a QR code scanner. The original notion of a “stateless” signing device — one that does not persistently store the mnemonic seed or private keys on the device — was pioneered by the Specter DIY. This design decision was made because of the MCU’s lack of physical security when storing sensitive data (the STM32 has been physically compromised to extract secrets many times in the past).

By not persistently storing your private keys on the device, you limit the attack surface any malicious actor can exploit if they are able to gain physical access to the device. Without the seed, the most an attacker can hope to do is access your device, compromise it to persist or transmit your keys instead of wiping them and then replace it and hope you do not notice it has been tampered with before the next time you load your keys on the device. This is by no means perfect, but in the world of security nothing is, and this is a huge improvement compared to simply persistently storing your keys on the STM32 where they can be accessed by anyone with the time to compromise the chip. You can deactivate this mode and store the private key data in the MCU, but unless you can physically secure your device with a very high degree of certainty, this should be something you consider carefully before doing. As well, without a secure element it would be advisable to use a passphrase with such a setup.

The software side of the project is built using the embit library. It is a MicroPython/Python 3 library for interacting with Bitcoin data that was built specifically for use with the Specter DIY (it’s also used by SeedSigner and krux, both of which are stateless signing device projects; an LNBits watch-only extension; the Specter Desktop software wallet). The library supports BIP39/BIP32 (mnemonic seed generation and derivation paths for keys), PSBT support for versions one and two, custom SIGHASH flag support (signing different parts of the transaction instead of the whole thing), and output descriptors and miniscript (datastrings to store what’s needed for wallets to find UTXOs it controls and a high level language to make creating Bitcoin scripts easier). It also has experimental support for Shamir Secret Sharing, the Liquid Network, and Taproot (still in progress). For cryptographic functions it uses the libsecp256k1 library maintained by Bitcoin Core. The library is very well rounded with features necessary to meet the basic needs of wallets today, as well as features laying the groundwork for future improvements in existing functionality and the incorporation of expanded features not yet widely deployed in most wallets. Overall it’s a very solid foundation to build from and was all initially put together for the Specter DIY.

In addition to the basic Specter DIY, an extended version called Specter Shield is a major increase in physical security. This is a custom extension board for the main STM32 Discovery board that the base model is built around. The files necessary to have one produced by a PCB board manufacturer are available on their Github repository (linked above). The Shield board has a QR code scanner, a battery and a smart card reader slot. This last feature is really what makes this extension board important. With the extension board and a smart card equipped with a secure element, the wallet can function with the same security model as something like a Coldcard. The key material can be stored on the secure element in a smart card and loaded onto the device during use, but only persistently stored on the smart card. Communication between the MCU and the secure element on the card are encrypted, so the information passed between them is not accessible to the microcontroller handling the smart card interface.

The flow of the wallet (with or without the Shield extension) when persisting keys is the same as most other hardware wallets. The MCU generates a unique secret which is stored in flash memory, and in combination with a user-provided pin encrypts the actual private keys (again regardless of whether storing them on the smart card secure element or the STM32) so that an attacker would have to access both your pin and the secret on the MCU to decrypt your bitcoin keys. This puts both dominant models of bitcoin hardware devices — stateless signers and key storage devices — in the hands of people in a DIY fashion. If you prefer to not rely on a secure element and purely depend on an open source MCU, the Specter DIY can be constructed in that fashion. If you prefer the additive security of a secure element in addition to an open MCU, that can be accomplished with the use of the Shield extension board. To top it all off, it also accepts user input entropy from coin tosses to not depend on the hardware random number generator. Disruptions of supply chains internationally have made it somewhat difficult to get your hands on the necessary hardware, but if you can, the project is worthwhile.

Wietersheim and Snigirev truly accomplished quite a feat in putting together the Specter DIY. It is by no means the first DIY hardware wallet out there, but it’s the first that modularly supports in layman’s terms anything between the security model of something like a Trezor to something like a Coldcard based on what the user constructing it wants. There was just one issue outstanding: wallet software to use it with.

Specter Desktop

When looking at companion apps for the hardware wallet, everything out there seemed to fall short of what Weitersheim and Snigirev were looking for. They did like the functionality of Bitcoin Core, but despite the stability brought to the table by developers, Bitcoin Core has a very minimalistic and in some ways non-intuitive user interface. It does however have a nice interface for PSBTs (Partially Signed Bitcoin Transactions) and the HWI (Hardware Wallet Integration) interface, so Stepan hacked together the first version of Specter as a minimal user interface improvement for interacting with Bitcoin Core.

Think of Specter Desktop as a “wrapper” for Bitcoin Core. It includes a nice GUI with multisig support; hardware wallet integration PSBT communication over QR codes, SD card, or USB; verification of receive addresses over QR code and USB; RBF (Replace by fee) support; a labeling system to keep track of your UTXOs and where they came from; and coin control to select specific UTXOs when spending (as well as the ability to freeze specific UTXOs to safeguard yourself from mistakes when spending). They have even integrated an easy to use one click solution to install Bitcoin Core directly from inside Specter Desktop (although, independently installing Bitcoin Core and connecting Specter is something even Peter McCormack was able to accomplish on his own).

In addition to the feature flexibility, the fact that Specter requires spinning up your own full node as a backend is a major privacy benefit compared to many wallets available to users. Most wallets in this ecosystem utilize a third party backend to track their UTXOs, meaning that the operator of that backend is able to correlate all of your UTXOs to a single identity. As well, if not communicating with the backend over Tor or through a VPN service, the operator is able to correlate all of those coins to your IP address. This is a horrible privacy leak that is remedied by Specter’s insistence on a local Bitcoin Core instance to track your Bitcoin balance.

Specter also supports the Liquid Network, a federated Bitcoin sidechain, that also has one-click install support for a Liquid Elements full node within the Specter GUI. It supports Liquid wallets using the Blockstream Jade, Specter DIY, as well as hot wallets directly in Specter. Liquid offers a few interesting benefits with some tradeoffs compared to the main Bitcoin network itself. The sidechain is a federated system, meaning that utilizing the chain requires depositing your BTC into a multisig wallet controlled by the federation operating the sidechain, and then receiving L-BTC, a token issued on the sidechain backed by BTC custodied by the federation. For the tradeoff of trusting the federation, users have the ability to take advantage of Confidential Transactions, a basic zero-knowledge proof scheme that hides the amounts (and type of asset, in the case of Liquid’s implementation) being transacted on the blockchain. It utilizes a “range proof” which cryptographically proves money is not being printed out of thin air without revealing the amounts being transacted.

Liquid also supports the issuance of other assets. A useful example is stablecoins such as Tether (L-USDT), a dollar-denominated stablecoin that allows users to avoid the volatility of Bitcoin in a “self-custodial” way (the token still requires the issuer to honor redemption to acquire “real money” at the end of the day). Liquid asset issuance also allows the creation of other types of tokens such as equities that could be self-custodied and the scripting functionality of Liquid supports more features than Bitcoin itself, allowing more advanced smart contracts such as BTC-backed loans, all handled directly by a user through their own wallet. Specter has chosen to support Liquid to allow users to interact with Liquid in the same way as the main chain: with privacy and total self sovereignty.

Specter Enterprise

Projects such as the Bitcoin Beach wallet actually use Specter as a backend for managing their on-chain multisig funds. They are not the only company using Specter on the backend to manage company funds and, according to Wietersheim, they were not even aware of the companies utilizing Specter until they were approached for assistance. A large part of the revenue keeping the project afloat is actually from such companies paying the Specter team for custom firmware for the Specter DIY and other development services, allowing them to work full time on maintaining their entire software suite.

It’s interesting to think that the same toolset developed to offer individual users the path to self-sovereignty and security are also being used by actual companies towards the same ends. It’s common to think of each group as totally separate markets with completely different needs, but as demonstrated here with Specter, the overlap is much larger than one might think at first glance.

A Bitcoiner’s Command Center

The team at Specter has accomplished something truly spectacular with the project. Everything from hardware devices that securely manage private keys and signing operations to software to validate your transactions has been built out by the team in a seamless, interoperable way. It really is a Swiss Army knife of tools for the self-sovereign Bitcoiner, whether you are an individual user or a professional company managing other peoples’ funds, to handle everything you need to interact with the Bitcoin network. The project is invaluable and the team should be commended for the excellent work they have done in creating this suite of open-source software and hardware for everyone in this space to take advantage of.

This is a guest post by Shinobi. Opinions expressed are entirely their own and do not necessarily reflect those of BTC Inc or Bitcoin Magazine.

Read More

The core principle and design goal of Bitcoin was to be “a purely peer-to-peer version of electronic cash.” While this statement from the whitepaper is traditionally viewed as being related solely to the processing of payments independent of a financial institution, there are other aspects of Bitcoin that are incredibly important to maintain in order to keep it a peer-to-peer system that empowers its users to maintain control over their own finances. Self-validation is one of the most important things for a Bitcoiner to do in order to maintain their own sovereignty over their money. Privacy is another thing that is also incredibly important in relation to self-sovereignty. Obviously in addition to these two aspects, managing your own keys is key (get it?) to having full control over your own bitcoin.

Specter is a family of open source projects that have been working to make all of these important qualities accessible and easy to use for Bitcoiners since 2018. Moritz Wietersheim from Specter was kind enough to give some time to answer questions regarding the past, present state and future plans of the Specter team in expanding their software and hardware devices to continue simplifying the process of using Bitcoin in the most sovereign way possible.

The project began in 2018 in Lisbon during a steak dinner after the Building on Bitcoin conference. Wietersheim met Stepan Snigirev during the conference, where Snigirev had won the hackathon event with a prototype of a hardware wallet with integrated Lightning Network support. During the course of the dinner, Wietersheim and Snigirev decided to start working together on what would become the Specter DIY (Do-It-Yourself) hardware wallet. This became the core piece for an entire ecosystem of different tools for interacting with Bitcoin.

Specter DIY

The Specter DIY Wallet was designed at a time when the hardware wallet space was much less mature. A comprehensive breakdown of many of the vulnerabilities discovered during that time period can be found at Saleem Rashid’s website as well as the Wallet.Fail presentation at the Chaos Communication Congress. At the time it was an almost monthly occurrence for pretty nasty vulnerabilities to be found in different hardware devices. Although the space has matured quite a lot since that time period, I think it is important to note the environment at the time to give context to the thinking behind Specter DIY.

The Specter DIY is built around the STM32 microcontroller, the same MCU (microcontroller unit) used by hardware wallets such as the Coldcard, Trezor, Bitbox, etc. It’s mounted on a Discovery developer board which has both an SD card slot and USB for communication with software wallets. It also has optional support for a QR code scanner. The original notion of a “stateless” signing device — one that does not persistently store the mnemonic seed or private keys on the device — was pioneered by the Specter DIY. This design decision was made because of the MCU’s lack of physical security when storing sensitive data (the STM32 has been physically compromised to extract secrets many times in the past).

By not persistently storing your private keys on the device, you limit the attack surface any malicious actor can exploit if they are able to gain physical access to the device. Without the seed, the most an attacker can hope to do is access your device, compromise it to persist or transmit your keys instead of wiping them and then replace it and hope you do not notice it has been tampered with before the next time you load your keys on the device. This is by no means perfect, but in the world of security nothing is, and this is a huge improvement compared to simply persistently storing your keys on the STM32 where they can be accessed by anyone with the time to compromise the chip. You can deactivate this mode and store the private key data in the MCU, but unless you can physically secure your device with a very high degree of certainty, this should be something you consider carefully before doing. As well, without a secure element it would be advisable to use a passphrase with such a setup.

The software side of the project is built using the embit library. It is a MicroPython/Python 3 library for interacting with Bitcoin data that was built specifically for use with the Specter DIY (it’s also used by SeedSigner and krux, both of which are stateless signing device projects; an LNBits watch-only extension; the Specter Desktop software wallet). The library supports BIP39/BIP32 (mnemonic seed generation and derivation paths for keys), PSBT support for versions one and two, custom SIGHASH flag support (signing different parts of the transaction instead of the whole thing), and output descriptors and miniscript (datastrings to store what’s needed for wallets to find UTXOs it controls and a high level language to make creating Bitcoin scripts easier). It also has experimental support for Shamir Secret Sharing, the Liquid Network, and Taproot (still in progress). For cryptographic functions it uses the libsecp256k1 library maintained by Bitcoin Core. The library is very well rounded with features necessary to meet the basic needs of wallets today, as well as features laying the groundwork for future improvements in existing functionality and the incorporation of expanded features not yet widely deployed in most wallets. Overall it’s a very solid foundation to build from and was all initially put together for the Specter DIY.

In addition to the basic Specter DIY, an extended version called Specter Shield is a major increase in physical security. This is a custom extension board for the main STM32 Discovery board that the base model is built around. The files necessary to have one produced by a PCB board manufacturer are available on their Github repository (linked above). The Shield board has a QR code scanner, a battery and a smart card reader slot. This last feature is really what makes this extension board important. With the extension board and a smart card equipped with a secure element, the wallet can function with the same security model as something like a Coldcard. The key material can be stored on the secure element in a smart card and loaded onto the device during use, but only persistently stored on the smart card. Communication between the MCU and the secure element on the card are encrypted, so the information passed between them is not accessible to the microcontroller handling the smart card interface.

The flow of the wallet (with or without the Shield extension) when persisting keys is the same as most other hardware wallets. The MCU generates a unique secret which is stored in flash memory, and in combination with a user-provided pin encrypts the actual private keys (again regardless of whether storing them on the smart card secure element or the STM32) so that an attacker would have to access both your pin and the secret on the MCU to decrypt your bitcoin keys. This puts both dominant models of bitcoin hardware devices — stateless signers and key storage devices — in the hands of people in a DIY fashion. If you prefer to not rely on a secure element and purely depend on an open source MCU, the Specter DIY can be constructed in that fashion. If you prefer the additive security of a secure element in addition to an open MCU, that can be accomplished with the use of the Shield extension board. To top it all off, it also accepts user input entropy from coin tosses to not depend on the hardware random number generator. Disruptions of supply chains internationally have made it somewhat difficult to get your hands on the necessary hardware, but if you can, the project is worthwhile.

Wietersheim and Snigirev truly accomplished quite a feat in putting together the Specter DIY. It is by no means the first DIY hardware wallet out there, but it’s the first that modularly supports in layman’s terms anything between the security model of something like a Trezor to something like a Coldcard based on what the user constructing it wants. There was just one issue outstanding: wallet software to use it with.

Specter Desktop

When looking at companion apps for the hardware wallet, everything out there seemed to fall short of what Weitersheim and Snigirev were looking for. They did like the functionality of Bitcoin Core, but despite the stability brought to the table by developers, Bitcoin Core has a very minimalistic and in some ways non-intuitive user interface. It does however have a nice interface for PSBTs (Partially Signed Bitcoin Transactions) and the HWI (Hardware Wallet Integration) interface, so Stepan hacked together the first version of Specter as a minimal user interface improvement for interacting with Bitcoin Core.

Think of Specter Desktop as a “wrapper” for Bitcoin Core. It includes a nice GUI with multisig support; hardware wallet integration PSBT communication over QR codes, SD card, or USB; verification of receive addresses over QR code and USB; RBF (Replace by fee) support; a labeling system to keep track of your UTXOs and where they came from; and coin control to select specific UTXOs when spending (as well as the ability to freeze specific UTXOs to safeguard yourself from mistakes when spending). They have even integrated an easy to use one click solution to install Bitcoin Core directly from inside Specter Desktop (although, independently installing Bitcoin Core and connecting Specter is something even Peter McCormack was able to accomplish on his own).

In addition to the feature flexibility, the fact that Specter requires spinning up your own full node as a backend is a major privacy benefit compared to many wallets available to users. Most wallets in this ecosystem utilize a third party backend to track their UTXOs, meaning that the operator of that backend is able to correlate all of your UTXOs to a single identity. As well, if not communicating with the backend over Tor or through a VPN service, the operator is able to correlate all of those coins to your IP address. This is a horrible privacy leak that is remedied by Specter’s insistence on a local Bitcoin Core instance to track your Bitcoin balance.

Specter also supports the Liquid Network, a federated Bitcoin sidechain, that also has one-click install support for a Liquid Elements full node within the Specter GUI. It supports Liquid wallets using the Blockstream Jade, Specter DIY, as well as hot wallets directly in Specter. Liquid offers a few interesting benefits with some tradeoffs compared to the main Bitcoin network itself. The sidechain is a federated system, meaning that utilizing the chain requires depositing your BTC into a multisig wallet controlled by the federation operating the sidechain, and then receiving L-BTC, a token issued on the sidechain backed by BTC custodied by the federation. For the tradeoff of trusting the federation, users have the ability to take advantage of Confidential Transactions, a basic zero-knowledge proof scheme that hides the amounts (and type of asset, in the case of Liquid’s implementation) being transacted on the blockchain. It utilizes a “range proof” which cryptographically proves money is not being printed out of thin air without revealing the amounts being transacted.

Liquid also supports the issuance of other assets. A useful example is stablecoins such as Tether (L-USDT), a dollar-denominated stablecoin that allows users to avoid the volatility of Bitcoin in a “self-custodial” way (the token still requires the issuer to honor redemption to acquire “real money” at the end of the day). Liquid asset issuance also allows the creation of other types of tokens such as equities that could be self-custodied and the scripting functionality of Liquid supports more features than Bitcoin itself, allowing more advanced smart contracts such as BTC-backed loans, all handled directly by a user through their own wallet. Specter has chosen to support Liquid to allow users to interact with Liquid in the same way as the main chain: with privacy and total self sovereignty.

Specter Enterprise

Projects such as the Bitcoin Beach wallet actually use Specter as a backend for managing their on-chain multisig funds. They are not the only company using Specter on the backend to manage company funds and, according to Wietersheim, they were not even aware of the companies utilizing Specter until they were approached for assistance. A large part of the revenue keeping the project afloat is actually from such companies paying the Specter team for custom firmware for the Specter DIY and other development services, allowing them to work full time on maintaining their entire software suite.

It’s interesting to think that the same toolset developed to offer individual users the path to self-sovereignty and security are also being used by actual companies towards the same ends. It’s common to think of each group as totally separate markets with completely different needs, but as demonstrated here with Specter, the overlap is much larger than one might think at first glance.

A Bitcoiner’s Command Center

The team at Specter has accomplished something truly spectacular with the project. Everything from hardware devices that securely manage private keys and signing operations to software to validate your transactions has been built out by the team in a seamless, interoperable way. It really is a Swiss Army knife of tools for the self-sovereign Bitcoiner, whether you are an individual user or a professional company managing other peoples’ funds, to handle everything you need to interact with the Bitcoin network. The project is invaluable and the team should be commended for the excellent work they have done in creating this suite of open-source software and hardware for everyone in this space to take advantage of.

This is a guest post by Shinobi. Opinions expressed are entirely their own and do not necessarily reflect those of BTC Inc or Bitcoin Magazine.

Feedzy

Leave a Reply

Your email address will not be published. Required fields are marked *