Difference between revisions of "Paper wallet"

Line 14: Line 14:
  
 
Paper wallets have just one bitcoin address, leading to [[address reuse]].
 
Paper wallets have just one bitcoin address, leading to [[address reuse]].
 
=== Encouragment of centralized and outsourced validation ===
 
 
Despite the name, paper wallets are not actually wallets. They only store the private keys and addresses, and cannot tell users if they have actually received bitcoins and in what quantity.
 
 
The single bitcoin addresses require the user to have random-access lookups of any address on the blockchain, this requirement pushes users to use centralized third-party blockchain explorer websites. This results in privacy and validation issues, the websites can spy on users and lie to them.
 
 
A more private solution is to import the private key into bitcoin-qt and rescan. Nobody watching the bitcoin-qt full node from outside will be able to tell which address it's interested in because all the scanning happens locally on disk. Unfortunately rescanning is not scalable and so is very slow; therefore most users are pushed towards using public blockchain explorers or Electrum servers. These centralized services can spy on the user and learn exactly how many bitcoins they have and where they spend them. An address database created from all bitcoin addresses is nearly 20 GB in size at of October 2018 and takes a long time to build up, so very few people will have this kind of thing available locally for the few occasions when they redeem paper wallets. Almost all wallet software today especially smartphone wallets relies on centralized lookups when redeeming paper wallets.
 
 
[[Deterministic wallet]]s and [[seed phrase]]s partly avoid this problem by having a sequence of bitcoin addresses which can be sequentially scanned. Wallets using that tech don't inherently need any extra databases and are compatible with pruning.
 
 
See Also: [[Full_node#Why_should_you_use_a_full_node_wallet]]
 
  
 
=== Raw private keys are dangerous ===
 
=== Raw private keys are dangerous ===

Revision as of 06:14, 15 January 2020

A paper wallet is the name given to a method of storing bitcoin which involves printing a single private key and bitcoin address onto paper and depositing funds into a P2PKH script using the address. Funds can be accessed by accessing the physical paper and entering the private key into a wallet. This is usually achieved by scanning a QR code of the private key in Wallet import format.

Paper wallets are seen as a secure method of long term storage of funds however there are downsides to using this method.

Downsides/Risks

Printing

Paper wallets require using a printer to transfer them to paper. Most printers have internal storage where the image of the wallet could be saved allowing an attacker with access to the printer to see the private key and steal the stored bitcoins. Shared printers such as in schools, offices or internet cafes are also usually centrally logged. If the printer is accessed over WiFi then any radio wave listener could also obtain the private keys and steal the money.

Seed phrases avoid this problem by having the user transfer the sensitive information to paper without a printer but via their own handwriting.

Address reuse

Paper wallets have just one bitcoin address, leading to address reuse.

Raw private keys are dangerous

Dealing with raw private keys is very unintuative and has lead to loss of funds on a number of occasions.<ref>https://bitcoin.stackexchange.com/questions/29948/why-doc-says-importing-private-keys-is-so-dangerous</ref><ref>https://bitcoin.stackexchange.com/questions/18619/why-so-many-warnings-about-importing-private-keys</ref>. Paper wallets encourage these dangers by only having one private key and exposing it to the user.

One example is the mistake of destroy a paper wallet after it's imported into a deterministic wallet, thinking that it has become a part of the deterministic wallet and it's safe to destroy because the master seed of the deterministic wallet has been backed up. In reality the private key is not part of the deterministic wallet. If the paper wallet (the paper) is destroyed and the app is uninstalled, the BTC is gone even if the deterministic wallet is recovered from its master seed. The unintuative behavour of raw private keys leads to this.

Using only fully-featured wallet software is a much better because it only presents with intuative interfaces (like a GUI button to Send) which abstracts all the dangerous details away from the user.

Change addresses are not handled which leads to screwups

Users have been known to import the private key into software wallet and then spend part of the funds. They mistakenly believe the remaining funds are still on the paper wallet when in reality they are in a change address.<ref>https://www.reddit.com/r/Bitcoin/comments/1c9xr7/psa_using_paper_wallets_understanding_change/</ref>

Encouragement of raw transactions

Raw Transactions are dangerous, unintuitive and have many times resulted in loss of funds.

A notable example of such a costly mistake is the address 1Acbo3viCYy1TSZB7m2W1nPPNF4rcAPMC9 which seems to have been a paper wallet. The owner appears to have been regularly buying bitcoin between April 2014 and January 2017, before apparently making a mistake with raw transactions and sending 50 bitcoins as miner fees.<ref>See transaction d38bd67153d774a7dab80a055cb52571aa85f6cac8f35f936c4349ca308e6380</ref> (worth about $50000 at the contemporary exchange rate).

Also note the terrible privacy due to Address reuse that allows us to get such a complete picture of what happened.

Low error correction

The private keys is typically printed in rather small font. Sometimes the characters could be mistakenly read for another letter, such as a B versus an 8 or 1 versus l. If even a single character is wrong or mistakenly typed then the entire private key will be invalid. Private keys in WIF format have a checksum but there are no tools for regular users to correct mistakes.

QR codes were not designed for secure storage of cryptographic material. QR codes have been damaged and made unscannable by water<ref>https://www.reddit.com/r/Bitcoin/comments/1sc02w/make_sure_to_secure_your_paperwallet_against/</ref><ref>https://www.reddit.com/r/Bitcoin/comments/2ni2fq/reminder_keep_your_paper_wallets_dry_if_you_use/</ref>, crumpling and even folding the paper.

As seed phrases uses natural language words, they have far more error correction. Words written in bad handwriting can often still be read. If one or two letters are missing the word can often still be read. The word list from which seed phrase words are drawn from is carefully chosen so that the first four letters of a word is enough to uniquely identify it.

Inconsistent private key format

The spending of paper wallets relies on wallet software understanding the private key format. There has been at least one situation where an update to private key formats resulted in a user's funds becoming stuck <ref>https://www.reddit.com/r/Bitcoin/comments/8v2lxa/did_i_lose_my_btc_by_sending_to_a_segwit_bc1/</ref>.

Seed phrases avoid this problem because they are created by the same wallet software which understands how to spend from them.

Encouragement of obsolete brainwallet style

Almost all paper wallet websites today also have an interface to the obsolete sha256 brainwallets. These are very insecure and should never be used, yet paper wallet websites do not come with adequate warnings.

See also: Brainwallet#Obsolete_Brainwallet_Style

Javascript software

Most paper wallets are created in a website using Javascript cryptography, which is considered unsafe for anything related to bitcoin.

Browser wallets are bad

Almost all paper wallets are made by websites, which therefore involves most of the problems associated with Browser-based wallet.<ref>https://www.reddit.com/r/Bitcoin/comments/771c4z/bitaddressorg_beware_of_possible_scam/</ref><ref>https://np.reddit.com/r/Bitcoin/comments/a7xaej/paperwallet_being_hacked/</ref>

Redeeming bitcoins and withdrawing funds

File:FirstBitcoinBills.jpg
Casascius holding early paper wallets

The best way to redeem the bitcoins from a private key is to use the "sweep" feature of certain wallet software. This sends the entire balance of the paper wallet to a deterministic wallet. Alternatively the private key could be imported and the entire balance sent to an address in the wallet.

There are various wallets for doing this:

Bitcoin ATMs and paper wallets

Many bitcoin ATMs use a paper-wallet-like system for delivering bitcoins if the customer doesn't have a bitcoin wallet. The ATMs can print out a private key/address pair onto paper which contain the customer's bitcoins. Ideally the customer would sweep the bitcoins into their own wallet as soon as they can.

See Also

References

<references />