Blind protocol for crypto wallet generation
In some cases it may be necessary to create private keys to securely store funds for others, for instance, when seizing cryptocurrency for the judicial authority or when acting as a crypto custodian. When creating the private key with the common tools, even when using all the precautions (i.e. using a live working environment like AnuBitux, disabling all the network connections, using a good source o fentropy, etc.), the operator, even if only for a few seconds, is gaining access to a private key related to funds which are not going to belong to him. To avoid it, multisignature wallets ciuld be created, but this solution is not directly and easily available for all the currencies and may also be pretty difficult to use for most of the users.
As more complex is the solution we use to store cryptocurrencies, as more it is easy to lose access to them.
To solve this, we developed something called "Blind protocol for crypto wallet generation". This protocol provides two tools, BlindGen and BlindDecode.
The BlindGen tool allows two user to create half part of the private key, without ever gaining access to the whole private key and then provides a printable paper wallet only containing the public address. The BlindDecode tool allows the users to obtain the whole private key. It is intended to be used only when in need to spend the funds received on the genearted address.
OpSec first
Before using the tool, it may be a good idea to use the "Offline" shortcut from the AnuBitux desktop, in order to disable all the possible connection to external devices and avoid leaking any kind of information. It is also mandatory to use AnuBitux in live mode and not in a virtual machine and to operate in a safe environment.
How to use the tool
The tool is provided with a very easy to use graphical interface. When starting it, the first user has to insert some random text, which could be a single word, a sentence, a number, some random characters, etc.
Then it is only necessary to click on the "Generate first half key" button to obtain a printable pdf file with the first half part of the private key and the related QR code.
Now the first user has to print the pdf or store it in some safe place and click on the "End" button. When clicking on it, the pdf viewer is automatically closed and the pdf file is permanetly deleted.
Then the second user has to perform the same operations.
It is very important to store the provided parts of the keys during the process since the tool does not work in a deterministic way. The text provided by the user is not the only source of entropy. This tool uses multiple sources of entropy so that human randomness and computer randomness can work together and avoid that the obtained private key could be raplicated by some threat actor.
Now, when the second part of the private key has been put in a safe place, also the second user can click on the "End" button. Then one of the users or also some third user has to select for which currency it is necessary to obtain a public address.
Let's hypothesize we are in need of a Bitcoin address, so we can chose Bitcoin from the menu and click on the "Generate public addresses" button.
It is also possible to click multiple times on the "Generate public addresses" button obtaining addresses for different currencies. Only the last one is stored in the Documents folder but, if the previous generated address hasn't been stored, it is possible to choose the same currency again and obtain it multiple times before the tool is closed.
Now it is possible to send funds to the obtained addresses but it is very important to be sure to have both parts of the private key. Unless so there is no way to recover it and funds are going to be lost!
How to obtain the private key
To obtain the whole private key, it is necessary to use the BlindDecode tool.
This action is supposed to be done only when it is necessary to move the funds.
The tool is not mandatory since the two parts of the private key simply are the bits of the private key in hex format and they could also be converted manually or with other custom tools.
When the tool is started, it shows a garphical interface where it is possible to paste the two parts of the private key and select the desired coin. To avoid to write them manually it is also possible to read the QR codes with QtQR or any similar tool.
Now, clicking on the "Show private key" it is possible to obtain a pdf file with the WIF private key in and the related QR code.
There are also some suggestions about how the private keys could be used.