the Counter Wrench-Attack Protocol (CWAP)
originally published 7 Jan 2018
Irony
It’s ironic that, as a whole, our community relishes the importance of decentralization for our network’s security, yet as individuals, we centralize upon ourselves all of the personal danger of a Wrench-Attack by holding ALL our own seed-words.
It’s even more ironic considering that it’s only now, with Bitcoin, that we can eliminate this most dangerous of attack vectors.
Recently
With price-increases and physical-attacks becoming more common, many people are concerned with the security of their BTC, and more specifically, their private-keys. Unfortunately, recommending hardware wallets, firearms, and “duress” pass-phrases seem to be the only solutions offered.
However, we need not expose ourselves as a single-point-of-failure.
I am proud to present — one of Bitcoin’s first seed-splitting protocols.
Aims
The aims of the protocol are:
- first, to preemptively discourage attacks from happening
- second, to quickly resolve them
- third, to prolong the time-length of the attack — thus preserving your health; and
- lastly, to minimize your BTC losses
How To
This humble guide will propose a simple, non-technical solution to counter a Wrench Attack.
I consider a “Wrench Attack” to be a simple, physical attack. The average BTC Hodler might encounter this. Public figures and high-net-worth individuals should defend against more sophisticated attacks.
Opsec
As often mentioned, it’s best to be discreet about your bitcoin hodlings. Additionally, one can misinform others regarding.
Defense
for people who are obviously into Bitcoin or for those who don’t want to hide — discourage potential attackers by displaying your use of advanced storage methods, like CWAP or Casa. Attackers will then assume that you are NOT in direct control of your BTC.
Take all precautions to physically defend yourself.
Mediation
During such horrific attacks, you CAN NOT deceive or keep secrets. Under duress, whether by torture, intoxication or coercion, you must assume that you won’t be able to think logically.
Eventually, you will confess all your secrets.
* pass-phrases DO NOT defend against — “Wrench-Attacks” !
Have “mugger money” readily available, in fiat and BTC, to quickly satisfy the attacker. This is Not a time to be stingy, so prepare a generous gift.
Consider giving your friends full access to “bounty bitcoin” to use in emergencies. If you need medical or legal help, they can pay for it with that BTC.
Memorize “bug-out” bitcoin !
main Protocol
This protocol reduces the incentives to physically attack the Hodler, — because, now — your BTC can NOT be easily accessed → thus, NOT simply stolen…
You will NOT have access to half (12) of your 24 seed-words, so you will not be able to send your BTC. Only with your friend’s verification of your safety, will you be able to restore the wallet & use your BTC.
simple “theft” can not occur!… only “coercion” after successfully getting paid a ransom // or blackmail…
and only sophisticated attackers dare face all the drama and consequences of kidnapping, ransoming & confronting the police…
CWAP is similar to a multi-sig wallet, but…
current “m of n” configured multi-sig wallets allow “m” parties to collude and steal one’s BTC AND there is no privacy. CWAP avoids these flaws…
CWAP is similar to and a simpler version of Shamir’s secret-sharing (discussed below)
this protocol ONLY works when starting with 24 seed-words !
if you cut 12 words into 6 & 6, a hacker could easily crack your 6 words with brute-force computing. I’ve read that 8–9 words may take months/years to crack, but let’s be extra careful…
ALWAYS start with 24 words !
ALWAYS keep 12 words OFF-LINE !
4 steps — use the hardware & software of your choice — steps #1 — #3, #8 and #10
6 steps — simple management of seed-words — steps #4 — #9
#1 Generate
- generate a new wallet (with a pass-phrase)
- write down the back-up 24 mnemonic seed-words…
do this as securely as possible !…
DO NOT —
- take a screen-shot
- take a picture
- say the words aloud // microphones can record your voice
- type into a keyboard // keyLoggers can record your key-strokes
- put in view of cameras
#2 Test
- fund the pass-phrase protected test wallet with a few satoshis
- wipe your hardware
- restore the wallet with the 24 words & pass-phrase
— if you can restore to the test wallet & access those BTC, then you are ready!
#3 Fund
- fund wallets
use pass-phrases to designate heir’s wallets for your Inheritance plan
** WARNING- When you involve others in securing your seed-words, they become targets and should be aware of the danger. Incentivize them by developing a Bitcoin Inheritance Protocol.***
#4 Split
- split your 24 seed-words into two parts or “shares” :
— the “First 12” seed-words // Share 1
— the “Last 12” seed-words // Share 2
#5 Store ( last 12 → off-line)
- securely store the “last 12” seed-words OFF-LINE
You will control ONLY the “last 12” (and pass-phrases), so make sure that they are super secure. Memorize them and store a few copies in safe locations OFF-LINE.
*** 12 seed-words must NEVER go on-line — so you don’t get hacked !
#6 Entrust ( first 12 → on-line)
- send the “first 12 words” to your ~5 friends/Signatories
you can even send them via a normal “plain text” message BUT — use ONLY software/apps that allow you to PERMANENTLY erase/delete the message on Your devise.
many apps ( whatsApp, for example) allow you to easily restore all erased messages…
- give each Signatory their unique “pass-phrase” for inheritance // if applicable
- verify each Signatory wrote the 12 words correctly
ask your Signatories to
- spell & use the words in sentences — via voice message or live video chat… since this can’t be easily forged, it ensures the integrity of the info
*** BE CAREFUL in this part of the protocol !
Insure that the “First 12” seed-words are transmitted accurately AND are erased completely from your device!
#7 Verify
- Is they storing them securely ???
verify this important step // every ~3–6 months — by retrieving the “First 12” and restoring your wallets
#8 Wipe
- wipe your hardware-device
- destroy all paper copies/messages of the “First 12”
because, obviously, — the whole point is that —
you CAN’T access all 24 seed-words !
#9 Retrieve
later, when you need move your BTC,
follow your Access Protocol, for example —
- video-chat
— if he thinks: you’re OK, → he tells you the 12 seed words
— if he thinks: you’re in trouble, → he calls the police
or he follows your emergency protocols…
Verification of your safety by a friend is the essential tactic to counter this attack!
#10 Restore
- securely restore your wallets with the 24 words & pass-phrases
Lastly,…
now, with your wallet restored,
- make your transactions
when your done,
- Wipe // repeat Step #8
- erase all messages/copies of the “First 12” seed-words
when you need your BTC again,
- Access & Restore // repeat Steps #9 & #10
<< Repeat >>
Security Issues
cryptographic security —
security expert, Christopher Allen, also recommends seed-splitting in SmartCustody’s white paper — using Shamir’s Secret Sharing (SSS)
but, to me, CWAP seems more (1) cryptographically secure — because, brute forcing 12 words is impossible, while 8 words is getting dangerously close to possible AND (2) strategically secure — because, CWAP’s signatories can not collude and steal one’s coins…
theft —
an Attacker can NOT simply hack you & steal your BTC — because 12 words are always off-line // equal to ~128 bit encryption
a sophisticated Attacker would need to, either —
- hack the 12 words online AND find you & physically take your off-line 12 words // a cyber AND physical attack; OR
- steal Both your 12 & the other 12 from one of your Signatories // two (2) geographically-separate physical attacks; OR
establish a regular “check-in” — so that your Signatories know if you & their name/location have been compromised…this gives them a warning & time to take evasive maneuvers AND limits the time-window for Attackers
- steal 12 AND ransom OR blackmail for the other 12 // beyond simple ‘theft’ — a sophisticated attack using theft AND coercion
lose —
user error could result in lose, IF
- you incorrectly split the 24 → 12 & 12 // step #4
- you lose your 12 words // step #5
- you & all of your Signatories inaccurately transmit the 12 words // step #6
- all your Signatories lose their copies of the 12 words // step #7
as you can see — CWAP is simple AND robust !…
man-in-the-middle —
with current technology, an attacker could NOT alter a live video-chat nor voice messages enough to fool you & all of your signatories — thus the 12 words can easily be given & retrieved on-line
avoid this attack vector entirely — by using hand-delivery & retrieval — but this requires Physical travel
travel collisions —
since your friends and loved ones are people that you probably often visit and spend time with, — one needs to plan and manage — so as to avoid bringing all seed-words together and creating a ‘single-point-of-failure’…
forced hypnosis —
i guess it’s possible because you are exposed to all 24 words… if you have a great memory or re-use the 12 words many times and become familiar with them, it it time to generate new seed-words…
restoring the wallet —
Don’t type seed-words & pass-phrases into your computer’s keyboard !… keyLoggers can record your key-strokes…
- type DIRECTLY into a secure hardware devise !
multi-device —
multi-sig software can use many different hardware devices — which addresses potential issues with bugs/hacks/supply-chains…
BUT, one can also use multiple devices with CWAP, albeit differently…
Simply, divide your coins by the number of devices that you want to use & do CWAP separately for each device
1 device — each Signatory holds 12 words
2 devices — each Signatory holds 24 words
3 devices — each Signatory holds 36 words
Potential Loses — with a critical hardware issue, you would lose Only those coins… whereas theoretically — a multi-sig set-up would prevent that lose…
Conclusion
Wrench Attacks are bloody and scary and we are all targets! And I’m sad to say that, as a community, we have not prepared… Here in meat-space, we still don’t have simple, widely-known solutions to safely hodl our private-keys.
We need to develop strategies, make resources, and spread this information so that every OG Hodler and every normie-noobie is as safe as possible. If we eliminate this single-point-of-failure, the safer and stronger we are, both individually, and as a community.
