The ultimate wallet: running a full node?
A wallet attached to your own full node has a lot going for it. And many risks.
There are over 9,000 Bitcoin non-mining full nodes at the time of writing. Damn, do I have to start qualifying now? That applies to the “original flavor” blockchain, not the “new 8MB block” flavor blockchain. Some of these non-mining full nodes are run by people wanting to contribute to the health and well-being of the Bitcoin network. MOST of these non-mining full nodes are motivated by the advantages of having your wallet directly attached to your own full node. Is this the ticket to the ultimate Bitcoin wallet?
There are certainly some advantages vis-à-vis anonymity and security, because you literally own and control everything between transactions created by your wallet and the Bitcoin peer-to-peer network. And you’ll have the greatest faith in the integrity of the blockchain, because your full node built its blockchain starting from the January 2009 Genesis Block.
There is a common misconception that a brand new full node “downloads a copy of the blockchain.” The truth is vastly more interesting, and hell, if you’re going to go to the trouble of running your own full node you might as well appreciate what you’ll have on your hands.
The Bitcoin blockchain is roughly 130GB, not including the ~40GB of index files generated by your full node. Whatever software you selected for your full node (Bitcoin Core, for example) includes only Block #0, the aforementioned Genesis Block. The rest of the blockchain will come from existing full nodes via the peer-to-peer network. A discovery mechanism facilitates identification of full nodes on the peer-to-peer network. Your new full node arbitrarily selects eight full nodes, then requests block #1 and all subsequent blocks, spreading the requests across the eight peers.
The first order of business for your brand-new full node is building a complete, up-to-date copy of the entire bitcoin blockchain. The operative term in the previous sentence is BUILDING. Not downloading, BUILDING.
Your brand-new full node BUILDS its own copy of the blockchain from scratch, treats the blocks it receives from peer nodes as raw data, and meticulously verifies every block and every transaction.
As heavily emphasized in The Bitcoin Tutorial:
A full node does not implicitly trust ANY data it receives via the peer-to-peer network. It literally replays the entire history of Bitcoin, starting from block #0 and proceeding block-by-block to the most recently mined block.
A new full node works through each block in ascending order, performing the exhaustive block audit in EXACTLY the same manner as if each historical block were the latest block mined. It works through each transaction in each block, performing the exhaustive transaction audit in EXACTLY the same manner as if each historical transaction were the latest transaction received.
Every new full node builds complete trust through ITS OWN exhaustive verification of the entire history of the bitcoin blockchain.
By all means monitor the network activity and CPU activity of your new full node as it builds its blockchain. You’ll see it make lightening-fast work of the first 250,000 blocks . Your broadband connection is the bottleneck in this span: at 100 Mbit/second it takes about half an hour. The blocks that make up this first half of the Bitcoin blockchain contain very few transactions, so there is very little auditing to be done.
Somewhere in the neighborhood of Block #300,000 you’ll see increasing CPU activity, which will become the bottleneck. Depending on how many CPU cores you throw at the process, your full node will finish off the second half of the blockchain in 12–24 hours.
Now would be a good time to point out that your full node “wants” to run 24x7. That isn’t a hard requirement. Taking it off the grid means that its blockchain will be out-of-date. Bringing it back on the grid will sync using the exact same process described above for a full node, called Initial Block Download (IBD). The longer it has been off the grid, the longer IBD will take, and you cannot do much of anything until IBD completes.
The Ultimate Wallet?
Running a wallet attached to your own full node has the attraction of working from the most trustworthy copy of the blockchain you can get. The “audits” mentioned above are cryptographic verification of EVERY SINGLE TRANSACTION in the history of Bitcoin. All completed on your full node, without implicitly trusting ANYTHING. That has real value, regardless of your level of paranoia.
Running a wallet attached to your own full node has the attraction of greater anonymity. For starters, there is no “account” to open, with those pesky KYC questions. Anonymity on the Internet is a tricky thing, however, and your IP address is particularly well advertised over the Bitcoin network. You certainly improve matters with Tor or a VPN, and that would make for its own series of blog posts. For this post, we’ll assume a “straight” Internet connection.
Conveniently overlooking the glaring exception of your IP address, your wallet is connected directly to the Bitcoin network via your full node. Your transactions are submitted to peer nodes, audited, and broadcast to every other full node around the world. This is Bitcoin’s “be your own bank” value proposition in its purest form.
You said something about risks?
Oh yes. First and foremost, you need to be completely comfortable having your IP address advertised to the world. Why? Because running a full node literally advertises your IP address to the world. (Yes, this applies to both static and dynamic IP addresses. In the latter case, the dynamic IP address you receive via DHCP is much stickier than you think.)
I do not bring this up as a matter of privacy, rather, I bring this up as a matter of practical cyber-security. Advertising your IP address to the world brings ALL KINDS of “interesting” Internet traffic to your network. You’ll see people in countries you cannot place on a map probing TCP and UDP ports you cannot identify. You WILL be creeped out by all the traffic showing up in your firewall logs. What’s that? What firewall logs? Well …
You need to protect your home network with a properly configured “next generation” firewall (IDS/IPS and all the other clever acronyms that fall under unified threat management). Many competent experts may argue with that demanding requirement, confident that a properly configured Wi-Fi router firewall is protection enough.
I STRONGLY suggest setting up your full node on a dedicated PC running Ubuntu. You can score a perfectly good FANLESS (!) quad-core PC with 4GB of RAM and a 256GB SSD for a few hundred bucks. Alternatively, shop around for a great deal on a “previous model year” laptop and drop Ubuntu on it. Connect this dedicated machine to said strong firewall on a PHYSICALLY SEPARATE network.
All of this quite likely strikes you as over-the-top. I prefer to be proven wrong and end up with extra cyber-security, rather than be proven right and end up with hacked devices on my home network. We’re talking about spending a fraction of a Bitcoin, for goodness sake, all in the name of SECURING YOUR BITCOIN. You gotta’ admit there is a closed-loop logic to it.
Wait! What about hardware wallets?
Good point. We “audibled” attached full node wallets into the list. So the NEXT post will wrap up the “Where can I keep my Bitcoin?” thread with a close look at hardware wallets.
