How Passport protects your Bitcoin

Take a minute and ask yourself two simple questions: who or what are you trying to protect your Bitcoin from? How far are you willing to go to protect it?

These two questions are the root of a concept called “threat modeling”, and should be the basis for deciding what steps you take to secure your Bitcoin. Answering these two questions properly requires an understanding of what threats are out there to your Bitcoin and how they can be prevented.

In today’s blog post we’re going to walk through the most common threats to a Bitcoiner’s sats and break down how Passport helps to keep your savings safe.

Loss of funds

The threat: While this isn’t an intentional attack by a bad actor, it’s by far the most common way that people lose their Bitcoin. If proper backups aren’t kept, frequently tested, and broadly distributed, loss of funds is an ever present risk.

Losing your Bitcoin can certainly happen due to unforeseen events like house fires and floods, but it most often comes as a result of over-complicated setups and unplanned inheritance. It’s easy to want to always be on the cutting edge of security and wallet setups in the Bitcoin space, but it often pays to follow the old “KISS” (”keep it simple, stupid!”) adage when it comes to storing your Bitcoin!

Be sure that you thoroughly test the recovery process of whatever setup you do decide, and ensure that those you want to pass your Bitcoin on to can follow the recovery process without any additional help or input from you. It pays (in sats!) to be thorough and diligent when it comes to storing your Bitcoin.

An example: Lost Passwords Lock Millionaires Out of Their Bitcoin Fortunes | NY Times

How Passport protects you: Passport takes two major approaches to helping you preserve access to your Bitcoin: (1) providing users the necessary tools to write down their seed phrase and/or backup PIN code safely, and (2) providing encrypted microSD backups as the default option. Our goal with Passport backups is to prevent losing Passport from being a life altering event, instead equipping you to easily and safely restore funds anytime.

Encrypted backups in particular provide a uniquely powerful backup method, as you can easily distribute encrypted backup files broadly, be it your favorite cloud service, your password manager, or many different microSD cards or USB flash drives. As the backup file itself is encrypted, even if an attacker stumbles upon it they won’t be able to tell what it is, much less access the seed phrase within it without the associated backup PIN code. Then simply make multiple, geographically distributed copies of your backup PIN code (never together with your encrypted backup file!) and you’ll always have the ability to recover funds.

For the more traditional Bitcoiner, you can choose any number of backup methods for the seed phrase itself, including steel backups to ensure that fire and weather can’t harm your backups.

Learn more: Why we love encrypted microSD backups

Social engineering

The attack: The idea of social engineering is as old as time, but has become even more rampant in the digital age. When it comes to Bitcoin, often the largest risk to a user’s funds is someone online tricking them to install malicious firmware or enter their seed phrase directly into malicious software.

How Passport protects you: Passport prevents the installation of any firmware that is not signed by Foundation’s developer keys, ensuring that even if you get a malicious firmware file from an impostor site or fake support agent, there is no way for you to install the firmware onto your Passport.

When it comes to scams centered on tricking users to enter their seed phrase, while there is no technical way to prevent this (a user always needs to be able to access their seed phrase for backup purposes), Passport forces a user to go through several prompts warning them not to share or reveal their seed phrase to anyone else.

Malware on your computer or phone

The attack: Malicious software wallets are a constant, ongoing battle in the Bitcoin space and have claimed many sats from good Bitcoiners over the years. The common attack is to use advertisements on Google Search or use similar names on platforms like the Google Play Store to trick users into installing malicious versions of popular wallets.

An example: Electrum Bitcoin wallets under siege | Malwarebytes

How Passport protects you: One of the biggest benefits to a hardware wallet that utilizes an air-gapped design like Passport is that it is practically impossible for malware to steal funds in any way if the user is observant. Passport’s air-gapped design means that no matter what software wallet you’re using, you always have to scan in the transaction and verify the transaction details on Passport’s large, color screen before signing.

Even if the wallet attempts to provide Passport with a fake change address, a common and stealthy attack, Passport will check the change address and warn if it does not belong to your wallet. As the malware on your computer has no way to access Passport via USB or Bluetooth, it cannot infect Passport and make Passport display false transaction details, either. This is an immensely powerful defense and one that protects you against many different threats!

The next time you send a transaction, take a bit of extra time and be sure that you’re verifying the address and amount properly to protect your sats. In addition, make sure to bookmark the legitimate sites for your favorite Bitcoin wallets, never trust a random DM on Telegram, and verify software that you download whenever possible.

“Evil maid” attacks

The attack: An “evil maid” attack is a category of attacks encompassing any time an attacker gains physical access to a device that’s off. This can happen when you’re at home (i.e. someone you trust), when you’re traveling (i.e. an actual maid at a hotel), or when the device is in transit (i.e. checked baggage while flying). A whole new world of risk opens up as soon as an attacker has physical access to your Bitcoin wallet as they can perform a host of attacks.

The most common evil maid attack is to swap your Bitcoin wallet with a malicious wallet that records your PIN code and then recover the malicious device and use the captured PIN code to steal funds from your wallet.

How Passport protects you: Passport provides two main mechanisms to help protect yourself against a malicious device swap attack. Security words are easily enabled in Passport’s settings and make Passport show you two unique security words that can not be seen or replicated without knowledge of your PIN. You can learn more on how to use this feature in our documentation here.

The second defense is to check the boot count under Firmware in settings and compare with what you’d expect. While it’s a simple and less fool-proof check, it does add an additional layer of difficulty for any device swap.

Learn more: Security Code & Security Words

Physical theft

The attack: This one is quite straight forward, and involves an attacker simply stealing your Bitcoin wallet. Stealing your hardware wallet gives the attacker more time to attempt physical attacks or a PIN brute-force attack, though the fact that your wallet is missing can give you a chance to move funds if you have proper backups available.

An example: Kraken Identifies Critical Flaw in Trezor Hardware Wallets | Kraken

How Passport protects you: Passport has been built from the ground up to provide an extremely strong defense in the case of a stolen device. Passport’s security architecture leverages a secure element to best protect against physical attacks, making successful physical attacks that steal funds infeasible.

Passport’s secure element provides a strong hardware-based PIN code rate limiting, allowing only 21 attempts to enter the correct PIN before the device is intentionally bricked and no seed is able to be recovered from the device. The secure element also prevents an attacker with strong electronics expertise from being able to extract the seed from the processor or memory, as the secure element would also have to be compromised to retrieve a working private key.

Learn more: Maximum PIN Attempts

Supply chain attacks

The attack: Last but not least, we have supply chain attacks where an attacker intercepts the device before you receive it. The attacker could tamper with the hardware of the device and re-assemble it with some form of backdoor or transmission of the private key built in.

An example: Case study: fake hardware cryptowallet | Kaspersky

How Passport protects you: With Passport we’ve engineered a novel supply chain verification system that leverages the secure element on Passport. Every Passport device has a secret key locked away in the secure element that is used when you setup your Passport to perform a challenge-response check with our servers that will only be valid on devices we have provisioned directly at the factory that have not been tampered with.

If the secure element is tampered with in any way, or if a malicious device was swapped out for a legitimate one it would be unable to pass supply chain verification.

Learn more: Passport Supply Chain Validation

Conclusion

While seeing many of the potential threats to your Bitcoin can feel overwhelming, note that the vast majority of these threats are mitigated by simply using Passport as intended. Secure self-custody doesn’t have to be complex and daunting, though we do have to be vigilant and responsible when taking back control of our money via Bitcoin.

Announcing our Early Access Rewards program

One of the powerful use-cases that Bitcoin unlocked with it’s peer-to-peer nature is the ability to incentivize and reward contributions without any middlemen or hoops to jump through. This movement has come to be known as “value4value,” and has provided an immensely powerful new tool for content creators, Nostr users, and now community members. Today we’re excited to unveil a new program implementing the value4value philosophy into our existing beta testing process — Early Access Rewards.

tl;dr — Be the first to report any reproducible issue for Passport or Envoy beta releases and get a 10k Satoshi bounty in Bitcoin per issue reported!

Early Access Rewards Highlights

The premise of the Early Access Rewards program is quite simple: contribute meaningful bug reports for Envoy or Passport releases while they’re in open beta, and get rewarded for each individual contribution. No middleman, no lengthy ToS, no Foundation login or account necessary.

How to participate:

Test the beta releases for Passport firmware or Envoy app.
Report issues on Github.
All issues (the first time they are reported) are eligible for the 10k Satoshi reward.
Foundation team members will validate the issues for eligibility.
Rewards sent directly to your provided Bitcoin address or Lightning invoice.

Join Early Access Rewards today

Want to earn sats for your important contributions to our open-source projects? Simply join our beta testers Telegram room below and keep an eye out for beta release announcements. Once a release is announced, you can submit any issues you find via Github and earn 10k sats per validated issue.

@foundationbeta Telegram Room

Once you discover an issue with the beta release, submit it via Github using the following links with the “Bug Report” option. Note that this does require a Github account:

Passport firmware issues: Github – Passport
Envoy app issues: Github – Envoy

Join the community, help us improve, and get rewarded in Bitcoin for your valuable contributions! 🎉

The future of Early Access Rewards

We’re excited to see how well this program works to incentivize important feedback and contributions from our fantastic community, but we also have plans to expand the program in the future. We’re currently considering creating a hardware Early Access program to get our newest products in the hands of invaluable community members first, and top contributors to this Early Access Rewards program will be first in line.

We have multiple new products in the works, and we can’t wait to watch each of you help us to build and improve as we bring freedom tech to more and more people around the globe. As one of the top contributors to our Early Access Rewards program, you’ll get the chance to test our new products for free as a thank you for your contributions in exchange for feedback and bug reports.

The (not so) fine print

If you have more specific questions on how the program will work, you can read the detailed rules below. Have a question? Don’t hesitate to ask in the Telegram room or email us at hello@foundationdevices.com.

Eligibility for Rewards: a. The first reporter of any reproducible issue for Passport or Envoy beta releases is eligible for a 10k Satoshi bounty, paid in Bitcoin. b. Issues must be reported only once, and once made public, they are no longer eligible for additional 10k Satoshi bounties.
Reporting Process: a. All issues should be reported on Github in the appropriate repository:
- Passport firmware issues: Github – Passport
- Envoy app issues: Github – Envoy
Reproducible Issues: a. Issues must be reproducible, meaning that Foundation team members can accurately recreate and validate the issue in the Envoy app or Passport firmware.
Judgement and Reward: a. Foundation reserves the right to make the final judgment on whether issues are eligible for the 10k Satoshi reward. b. Once an issue is verified and confirmed as eligible, the reward will be sent to the reporter’s provided Bitcoin address or Lightning invoice.
Rewards Distribution: a. The rewards will be distributed in Bitcoin (BTC). b. The amount of the reward will be 10,000 Satoshi for each eligible issue. c. All rewards will be paid out at the end of the beta period.
Confidentiality: a. While issues will be made public upon reporting, beta testers should avoid sharing sensitive or personal information in public discussions about the issues.
Compliance: a. All beta testers must comply with the rules and guidelines set by Foundation Devices during the beta testing period. b. Any violation of the rules may result in disqualification from the beta testing program and forfeiture of rewards.
Changes to the Rules: a. Foundation Devices reserves the right to modify the rules or terminate the beta testing program at any time without prior notice.
Disclaimer: a. Beta testers participate in the program at their own risk, and Foundation Devices shall not be liable for any damages or losses incurred during beta testing.

Why reproducibility matters

The ability to reproduce and verify firmware for Passport has always existed, but in recent weeks we’ve ramped up our efforts to make it easier for anyone to be sure that the code running on their Passport exactly matches what is on Github. That culminated last month in the release of a new step-by-step guide to reproducing Passport firmware, making it easier than ever for you to verify firmware yourself, along with updates to the validation of our firmware’s reproducibility on Wallet Scrutiny.

While those resources are more of the “how” for reproducing firmware, we wanted a place to walk through the “what” and the “why” as well.

What are “reproducible builds?”

While there are many open-source projects out there today, the ability for you to validate that the binary (the actual piece that you install or run) is actually a bit-for-bit match with the code on Github is quite rare. The main reason for this is that ensuring binaries for a given project are reproducible requires a massive amount of work up front for the developers and maintainers, as well as additional documentation, maintenance, and customer support. Here at Foundation we view the trust minimization that reproducible builds bring as vital, so we’ve put in the hours to enable easy reproducible builds for everyone.

Reproducible builds allow you, the user, to build the binaries for Passport directly from the source code in a repeatable, “reproducible” way and validate the results match exactly what we ourselves publish. The way these builds actually function under the hood can differ widely from project to project, but always rely on building the binaries in exactly the same way no matter the users operating system, computer, etc. The rough process for Passport’s firmware looks like this:

Thanks to the magic of cryptography, we can compare the binaries we build with those Foundation releases by computing a hash of the binary, something that will change completely if even one bit of data is different in our binaries versus Foundation’s. This makes it trivial to compare and verify binaries, the ultimate goal of reproducible builds.

You can get a quick walk-through of what to expect in this short video of the entire process, start to finish:

Why does this matter?

The ability to not only see, read, and verify the open-source code published for Passport, but also to take it one step further and ensure that the firmware you run exactly matches that code provides the highest level of trust minimization possible. When you can be sure that the code actively running on Passport matches exactly what you would expect, it reduces the potential threat of Foundation releasing malicious firmware as there is no way for us to include code in the firmware that isn’t publicly visible and scrutinized on Github.

We don’t want you to have to trust us at all, and reproducible builds are the full embodiment of the phrase “don’t trust, verify.”

Try reproducible builds today

If this piqued your interest, you can dive in and reproduce Passport firmware yourself today! Following the guide below will take you through every step of the process:

Reproducibility Guide | Github

While the guide is focused on Linux, the commands and steps will be very similar on operating systems like Windows and MacOS, and we’ve linked out to the relevant guides for dependencies on those respective operating systems.

If you do try out reproducible builds, we’d love it if you’d share your results publicly! Post the output of the process to Twitter or your favorite social media platform, tag us @FOUNDATIONdvcs, and we’d love to share your post out ourselves.

Make 12 Words the Standard

As we expand our audience to more Bitcoin beginners, we’re constantly on the lookout for ways that we can simplify and improve the user experience for those using Envoy and Passport. We’ve focused on efforts that help to abstract away the difficulties that come with the concept of seed words for new users through implementing Magic Backups in Envoy and encrypted microSD backups for Passport, but for our users to retain full sovereignty the option of using basic seed words has and always will be a core feature of our products.

One of the longest held beliefs in the Bitcoin space is that using a longer seed phrase (i.e. 24 words instead of 12) is a way to future-proof the security of your funds. Because of this belief, most hardware and software wallets default to using 24 word seeds, something that adds additional friction to users as they need to store a very large secret and verify it properly. Unfortunately, this belief is based upon a narrow view of private key security, and forces unnecessary burden on users with little to no real-world benefits.

In this blog post we’ll walk through how private key security works in Bitcoin, how seed phrases are only one piece of that security, and why we think we should make 12 word seed phrases the standard moving forward.

Don’t have time for the full post? The tl;dr is that the lowest hanging fruit for an attacker is always reverse engineering a private key from a Bitcoin address known to contain funds, even when using “only” a 12 word seed phrase. However, this is a complex and nuanced topic, so keep reading below to get a better understanding of why this is true!

What is a private key?

In Bitcoin, a private key is created through simply choosing a random number between 1 just under 2²⁵⁶ (that’s over 115 quattuorvigintillion for those of you keeping score). This number must be chosen in a truly random and unrepeatable way, so we rely on things called “random number generators” or “true random number generators” in computers and hardware wallets to ensure that the source of entropy (read: randomness) is good enough to produce truly random results. To get a better idea of what the chances of randomly guessing the same number as someone else are, here is a great and brief video on the topic:

The reason this number must be between 1 just under 2²⁵⁶ is that Bitcoin uses a 256-bit elliptic curve called secp256k1, so the most secure random number for your private key will be in that range. When you choose a number, this is translated to points on this elliptic curve (a type of graph, in essence), giving you a fully functional public key from that one number. This operation is something that is very quick to generate a private key, but practically impossible to reverse engineer a private key from a given public key (i.e. a Bitcoin address).

When you generate a private key in Bitcoin it looks something like this:

1E99423A4ED27608A15A2616A2B0E9E52CED330AC530EDCC32C8FFC6A526AEDD

Note how hard it would be to properly write down or memorize a private key in this format. Enter BIP 39, a proposal that allowed us to use a list of words to securely and deterministically (read: repeatably) generate a private key from that list of words.

Private keys made human

Seed phrases as we know and love them were introduced way back in 2013, and quickly gained adoption as they greatly simplified the process of setting up or restoring wallets in Bitcoin. As a set of words in the same order will always generate the same private keys, we can simply save these words and be sure that we can always recover funds properly. Seed words must be a minimum of 12 words in length, but can be as long as 24 words if desired.

When you generate a seed phrase, it will look something like this:

fit hen toward recycle detail raise glare gate diagram room vendor lesson

As Bitcoiners have a penchant for maxing out security and always keep a long-term view when approaching their money, most jumped directly into using the maximum length seed phrase of 24 words from the get-go, as it theoretically provided more entropy (which people viewed as more security) than smaller seed phrases. But how secure really is a seed phrase, and how does it compare to the security of a private key itself? How can an attacker actually attempt to steal funds from a given Bitcoin wallet?

Attacking your private keys

To better understand how secure private keys and seed phrases are, we first need to look at what an attacker can do to try and steal Bitcoin from your wallet through cryptography alone. There are two basic attacks that can happen against your private keys in Bitcoin:

An attacker can attempt to guess the words and order of your seed phrase in its entirety
An attacker can attempt to reverse engineer a private key from a given public key (Bitcoin address)

The first attack is often called a “brute-force attack,” as it involves an attacker trying over and over again to guess the correct secret – in this case a seed phrase. When using a 12 word seed phrase there are 2048¹² possible word combinations, of which some are able to be immediately discarded due to a failing checksum, meaning the number of valid seed phrases is actually 2¹²⁸ (or 340,282,366,920,938,463,463,374,607,431,768,211,456). Yes, you read that right. In order for an attacker to correctly guess your 12 word seed phrase would require billions of years using modern supercomputers. In essence, there is no real-world possibility of an attacker correctly guessing your 12 word seed phrase.

The second attack is also known as solving the Elliptic Curve Discrete Logarithm Problem (ECDLP). While it is trivial to generate a private key and derive public keys from it, there is no efficient way to recover a private key from a given public key. The asymmetry of this aspect of elliptic curve cryptography is at the core of securing Bitcoin (along with many other tools for freedom, including HTTPS security for websites, the Tor network, Signal messenger, and more). As Bitcoin reveals all public keys and amounts publicly, an attacker could choose a given public key with a large amount of Bitcoin (i.e. Satoshi’s known addresses) and attempt to solve the ECDLP for that public key.

Bitcoin uses the secp256k1 elliptic curve, a 256-bit curve that is well understood and vetted in the cryptography space. An attacker would need to leverage the best known attack, Pollard’s rho algorithm, which takes a number of operations equal to about half the curve size. This means that an attacker attempting to solve the ECDLP for a given Bitcoin address would need to perform 2¹²⁸ operations (or 340,282,366,920,938,463,463,374,607,431,768,211,456) in order to guess the private key correctly. Performing that many operations on modern computers would take in the billions of years. In essence, there is no real-world possibility of an attacker solving the ECDLP for a given public key.

To put those numbers in perspective, solving the ECDLP for your public key or guessing your seed phrase randomly is less likely than picking the same atom out of the universe. The security provided by the unimaginably large numbers we’re discussing here securing your Bitcoin keys is hard to fathom, but comparing it to more tangible numbers like these can help. This security means that attacking a 12 word Bitcoin seed or solving the ECDLP for a given Bitcoin address are both considered infeasible with modern computers.

12 words is the sweet spot

So how does this all add up to a 12 word seed phrase being the ideal length? A 12 word seed phrase contains 128 bits of entropy, allowing it to be used to generate private keys with the full 128 bits of security provided by secp256k1. We broke down the rough estimates for solving the ECDLP or guessing a given 12 word seed phrase previously, but this means that a 12 word seed phrase is the minimum length to not hamper the security of the underlying private keys. If we shortened the seed to, say, 10 words, we would be reducing the security of the private keys and making both the underlying private keys more insecure and providing an easier brute-force attack against the seed words.

If you were to use a 24 word seed phrase, even though it would provide additional entropy when generating private keys, the underlying private key would still be broken in 2^128 operations — exactly the same as a 12 word seed. This means that longer seed phrases will not add additional security to the underlying private keys themselves, and only increase the difficulty of brute-forcing a given seed phrase (something that is already statistically impossible for a 12 word seed phrase).

12 words is enough.
— Adam Back (@adam3us) March 13, 2023

While we can increase the protection against brute-force attacks of a seed phrase by increasing the number of words, the core security of your funds in Bitcoin remain the security of the underlying private key itself — even when using a longer seed phrase. The lowest hanging fruit for an attacker is always to attack the cryptographic security of a Bitcoin address they know contains Bitcoin, rather than attempt to guess a seed phrase with funds.

Bringing things back to reality

In summary, the security of a 12 word seed phrase is roughly equivalent to that of the underlying security of a private key in Bitcoin, and any additional theoretical security gained through using a larger seed phrase has no impact on real-world attacks. 12 words provide the required amount of entropy to generate a secure private key and more than enough security against a brute-force attack at the same time.

It’s important to note that far and away the largest cause of lost Bitcoin is not theft, but rather a user failing to properly secure their seed phrase. Any reduction in the barrier of entry to proper backup, storage, and recovery of a seed phrase will lead to a real reduction in the amount of Bitcoin lost forever. In addition, the other major ways to lose funds are to have them stolen by an attacker finding a seed phrase or socially engineering a user into giving up their seed phrase. Both of these attacks do not gain any protection or resilience through using a longer seed phrase.

If no additional security is gained in the real world by doubling the length of the secret we need people to store from 12 words to 24, doubling the amount of words to enter when restoring, and doubling the amount of words to verify on initial setup, we can further lower the barrier of entry to Bitcoin by leveraging the immense security provided by “only” a 12 word seed phrase for all new users.

We do still think it’s important to abstract away the foreign concept of seed words whenever possible, but we will always want our users to be able to easily move to other wallets, be protected if we disappear one day, and have full sovereignty when it comes to their private keys. As a result we will always build in strong and seamless support for seed words in our products, and starting soon we will default to 12 words when creating a new wallet in Passport.

Let’s make 12 words the standard.

Dive deeper

If this intro to private key security piqued your interest, we’ve collected our favorite resources on the topic below for you to learn more about how the cryptography and security behind Bitcoin’s immensely powerful design:

A special thank you to Luke Parker, a brilliant developer and cryptographer in the space who helped to review and give detailed feedback in the process of writing this post.

This Month in Sovereignty: May 2023

While we already had a lot slated for the month of May, the combination of big releases, the Bitcoin conference in Miami, and the drama around Ledger’s new “Recover” service made for an explosive few weeks! We’ll get you all caught up with the latest at Foundation and in the space in this month’s newsletter 😎

Dive into the latest updates below, and be sure to subscribe if you want to stay informed on all things sovereignty moving forward!

This month at Foundation

With the rush to safety in open-source software and hardware in the wake of Ledger’s debacle, we’ve seen an unprecedented month of sales for Passport! As a result we sold out of all of our current stock, but were already ramping up production and have begun shipping pending orders. We’re expecting to have Passport back in stock for new orders in the next 2 weeks, and will keep you all up to date along the way.

Now onto the updates we have for you all this month!

Updates

We announced a groundbreaking release of Envoy, our mobile companion app for Passport, just in time for Bitcoin Miami. This new update transforms Envoy into a standalone Bitcoin mobile wallet with powerful account management and privacy features.

Announcing Envoy Wallet: Bitcoin Simplified
“Notably, Envoy Magic Backups take the pain and worry out of setting up and backing up a mobile wallet, allowing you to get up and running in 60 seconds and restore your wallet anytime, on any device, in just two taps. It’s time you experienced Bitcoin, simplified.”
- Learn how Magic Backups work in less than 40 seconds!

“We expect Envoy Magic Backups will lead to a massive increase in self custody, with easier onboarding than you’d find at any Bitcoin exchange or custodian.”
Download Envoy today

In the first week of May we debuted a massive new update to Passport to our fantastic community in Passport’s new firmware, v2.1.1:

Passport version 2.1.1 is now live!
“In version 2.1, we’ve leveraged all of the background work in recent versions to build out some amazing new features for you, including backporting v2.1 firmware to Founder’s Edition, sending to Taproot addresses, a Key Manager Extension for BIP-85 and Nostr key support and export, and BIP-85 SeedQR exports. Features, features everywhere.”
This version of Passport firmware brings a wealth of new features, all securely backed up via encrypted microSD backups. Bringing the ability to manage all of your hot and cold wallets, all of your Nostr keys, and all of your friends and families wallets (if you choose to act as an “Uncle Jim”) under a single encrypted backup or seed phrase is a powerful thing. Peace of mind + powerful features.
You can read more about our new Key Manager extension that enables all of these incredible features here.

Blog posts

Due to our approach with Envoy as a mobile wallet being so different from other wallets out there, we took the time to walk through every detail of Envoy as a mobile wallet, including the new Magic Backups feature that enables <60s onboarding and 3-tap recovery:

Announcing Envoy Wallet: Bitcoin Simplified
“Envoy introduces a new seed-less onboarding experience called Magic Backups. While Envoy users can of course manually handle seed words if desired, we aimed to engineer a solution that enables 60-second onboarding and automatic encrypted backups of Envoy’s private key and application data (such as settings and labels), with a full restore taking just three taps.”

With the release of our latest Passport firmware we debuted two major new features in BIP 85 (or “deterministic child seeds”) and Nostr key support. Because of the changes these bring and the possibilities they open up, we highlighted them in a special blog post:

All your wallets, one backup
“The introduction of a new “Key Manager” extension enables two powerful new tools in child seeds and Nostr keys, both of which are derived directly from your Bitcoin seed on Passport and automatically backed up to microSD. All of your wallets under one backup.”

Journey to Sovereignty

In May, we got the chance to sit down with Czino and Steph from Peach Bitcoin and learn what they’ve been building, why P2P Bitcoin exchanges are vital, and much more. We also used the latest episode to unpack all of the happenings at Foundation.

EP #10 – Make Bitcoin P2P again w/ Peach Bitcoin
- If you’ve been hearing the hype around Peach Bitcoin or simply starting to look into acquiring Bitcoin via a P2P exchange, today’s episode is for you! We’ll be diving into why Peach exists, how it’s different from the other P2P exchanges out there, and answering all your questions.
EP #11 – Open source is winning
- It’s been a crazy last few weeks here at Foundation, so we wanted to focus this episode on chatting about all that we’ve launched, how the Ledger Recover fiasco has played out, and what we’re working on next.
- We cover Passport’s new Key Manager extension, Envoy as a standalone mobile wallet, its new Magic Backups 60s onboarding and 3-tap recovery, and more on this episode of Journey to Sovereignty.

You can follow the podcast on your favorite platforms, including Apple Podcasts, Spotify, Google Podcasts, and Fountain, a Bitcoin-powered podcast platform where you can support content creators directly with your sats.

If you listen and boost Journey to Sovereignty on Fountain, we forward 100% of the sats you send us to other free and open-source projects we love in the Bitcoin space:

What we’re following

If you’ve been following Foundation for any length of time, you’ll surely know that we’re huge fans of decentralized and peer-to-peer Bitcoin exchanges as an immensely valuable tool. This month our Head of Customer Experience, BitcoinQnA, put together a guide on using Robosats on his site, bitcoiner.guide:

Robosats: A simple and private Lightning based P2P exchange

In the wake of the Ledger “Recover” fiasco, we’ve compiled some of the best resources on the topic so far to get you up to speed:

This month in digital sovereignty

We were thrilled to see that the Federal court system in the US finally codified protections for those coming into the US when it comes to warrantless phone searches:

Federal Judge Makes History in Holding That Border Searches of Cell Phones Require a Warrant

A fantastic organization focused on incentivizing and organizing the funding of open-source projects, OpenSats, announced that they received a $10m grant to drive open-source contributions to Bitcoin, Nostr, and more.

OpenSats Receives Additional Funding of $10m from #startsmall
“We are delighted to announce that OpenSats has received a generous donation of $10 million from Jack Dorsey’s philanthropic initiative, #startsmall, which will be used to support the development of free and open-source software and projects focusing on bitcoin, nostr, and related technologies.”

In the same vein, the Human Rights Foundation donated $450,000 in grants from its Bitcoin Development Fund towards Bitcoin development in May, focusing on “improving Bitcoin scaling, privacy, decentralization, supporting global education, censorship-resistant communication, and building communities worldwide. Areas of focus include Africa and Asia”:

HRF Bitcoin Development Fund Grants $455,000 to 12 Projects Worldwide
“In 2020, the Human Rights Foundation launched a fund to support software developers who are making the Bitcoin network more private, decentralized, and resilient so that it can better serve as a financial tool for human rights activists, civil society organizations, and journalists around the world.”

This month’s step towards personal privacy and security

Properly securing accounts can lead to much better privacy by reducing the amount of data leaks and hacks you experience as a result of stolen or leaked credentials. Password managers make it extremely simple to manage usernames and passwords across all of the sites and apps you use, without needing to re-use passwords (or username or email!) in order to remember them. This has drastic implications on security, and is a huge step forward in your journey.

Migrating to a password manager is also a great chance to think twice about which accounts you actually need, and close those that you don’t need in the process.

Bitwarden
- Bitwarden has become the gold standard for open-source password managers, as it has rich features, a generous free plan, and excellent clients on all platforms along with fantastic browser extensions.

What we’re working on

Our focus this month is around iterating on Envoy as a mobile wallet, building out full Taproot support for Passport, and supporting the Oslo Freedom Forum by donating 15 Passports to activists attending the event.

We’re excited to continue helping bring freedom via Bitcoin to people across the globe, and supporting such a critical event is a key way we can help to do that. Keep an eye out for more on the freedom front, as we’re working on big things behind the scenes!

To keep up with what we’re building, you can follow us on Twitter, on Nostr, or subscribe to our newsletter on our website so you can stay in the loop.

Announcing Envoy Wallet: Bitcoin Simplified

We’re thrilled to announce a groundbreaking release of Envoy, our mobile companion app for Passport. This new update transforms Envoy into a standalone Bitcoin mobile wallet with powerful account management and privacy features.

Envoy makes financial sovereignty more accessible than ever before and radically lowers the barriers to Bitcoin self custody.

Notably, Envoy Magic Backups take the pain and worry out of setting up and backing up a mobile wallet, allowing you to get up and running in 60 seconds and restore your wallet anytime, on any device, in just three taps. It’s time you experienced Bitcoin, simplified.

Read below to learn more, or dive right in and download Envoy now!

THE BEST OF BOTH WORLDS

With mobile wallet support in Envoy, the combination of Envoy + Passport empowers you to store your wealth in an ultra secure, intuitive hardware wallet while also spending Bitcoin on the go in just a few taps. Move funds back and forth between Envoy and Passport, make airgapped transactions, and access your spending and saving balances from anywhere – all in a single app!

Not a Passport owner? This update introduces full Bitcoin wallet functionality on your iOS or Android phone. Use Envoy to store and spend your Bitcoin with strong security, privacy via Tor, and a streamlined setup experience.

We are excited to bring our best-in-class design, intuitive and approachable user experience, and peace of mind to smartphone users across the globe – no Passport required.

WHAT IS A “MOBILE WALLET?”

In Bitcoin, the term “mobile wallet” refers to any wallet that keeps your keys on an internet-connected smartphone for easier spending and receiving of funds. While you should not keep your life savings in a mobile wallet, it provides easier access to a small amount of Bitcoin for spending, withdrawing from an exchange, and onboarding new users.

Envoy has traditionally been a “watch-only wallet” that connects to Passport, allowing you to view your balance and create transactions, but providing limited functionality when you are away from your hardware wallet. Now you can enjoy Envoy as a full-featured Bitcoin wallet on the go.

EXPERIENCE MAGIC BACKUPS

Envoy introduces a new seed-less onboarding experience called Magic Backups. While Envoy users can of course manually handle seed words if desired, we aimed to engineer a solution that enables 60-second onboarding and automatic encrypted backups of Envoy’s private key and application data (such as settings and labels), with a full restore taking just three taps.

Additionally, we wanted to ensure that Envoy does this without collecting any user data – no email address, no passwords, no IP address (when Tor is enabled) – no friction!

We expect Envoy Magic Backups will lead to a massive increase in self custody, with easier onboarding than you’d find at any Bitcoin exchange or custodian.

HERE’S HOW ENVOY MAGIC BACKUPS WORK

Envoy generates a seed and stores it on your phone’s secure element.
Since most users have iCloud Keychain or Android Auto Backup enabled, the seed is automatically synced to your other iOS or Android devices – fully end-to-end encrypted, without needing to give Envoy permission to access your iCloud or Google account. This encryption means that only you can access this data, not even Apple or Google.
- Learn more about iCloud Keychain.
  - “iCloud protects your information with end-to-end encryption, which provides the highest level of data security. Your data is protected with a key that’s made from information unique to your device, and combined with your device passcode, which only you know. No one else can access or read this data, either in transit or storage.”
- Learn more about Android Auto Backup.
  - “Android preserves app data by uploading it to the user’s Google Drive—where it’s protected by the user’s Google account credentials. The backup is end-to-end encrypted on devices running Android 9 or higher using the device’s pin, pattern, or password.”
Envoy then creates a backup file containing your app settings, account labels, and other non-sensitive app data, so that Envoy can be restored to its exact previous state. This folder is end-to-end encrypted with your seed so that Foundation can never see the contents. We call this the Envoy Backup.
The fully encrypted Envoy Backup is uploaded to Foundation’s servers, alongside a hash of the seed (a cryptographic representation of the seed that proves your knowledge of the seed, not the seed itself!) so that we can ensure no one else can attempt to download your backup without proving knowledge of your seed phrase.
There is no Foundation user account, no email, no password – all you need is access to your iCloud or Google account.

RESTORING FROM MAGIC BACKUPS

If you lose your phone or delete the Envoy app, restoring your wallet takes only a few seconds with Magic Backups.

Envoy checks the secure element on your phone and looks for the seed.
- If it discovers a seed on the secure element, Envoy hashes the seed and sends the hash to our server.
  - This merely proves your knowledge of the seed and does not reveal your seed to Foundation in any way!
- If it does not discover a seed, it accesses the encrypted backup from iCloud Keychain or Android Auto Backup and restores the seed to the secure element. Then Envoy hashes the seed and sends the hash to our server.
Envoy then downloads the encrypted Envoy Backup from our servers.
Envoy uses the seed to decrypt the Envoy Backup file locally (on your phone!) and restores all user settings, account labels, and other app data – so it’s like you never left.

OTHER NOTABLE CHANGES

We’ve also added the following features and improvements in this release:

Biometric/PIN authentication. Now you can protect your mobile wallet or Passport balances from prying eyes
Ability to swipe on accounts to hide balances while you’re on the go. For example, you can display your mobile wallet balance but hide your hardware wallet balance.

TRY ENVOY TODAY

We’ve released this new version of Envoy to all major platforms, so you can choose the method that suits you best below:

If you’re on iOS, you can install Envoy from the App Store using the following link:
- Envoy on the App Store
For those on Android, you can either find Envoy in the Play Store, install via F-Droid, or download the app directly from Github (Envoy is fully open source!):
- Play Store
- F-Droid
- GitHub
  - Download the APK titled “envoy-apk-1.1.3.apk” directly from the above link and install
  - As this APK is signed with our own keys instead of Google’s keys via the Play Store, if you’re using the Play Store version you’ll have to uninstall Envoy first before installing the public beta

HOW CAN I GIVE FEEDBACK OR GET SUPPORT?

As you use Envoy as a mobile wallet, we’d love to hear from you – every issue, bug, or favorite feature! There are three main places you can go to give us feedback or get help with Envoy:

We have a standalone Telegram channel for our community that you can join and give feedback or get support
- Foundation Community Telegram channel
You can email us
- hello@foundationdevices.com
You can direct message us on Twitter
- Direct message @FOUNDATIONdvcs

WHAT’S NEXT

The release of Envoy as a mobile wallet paves the way for a range of roadmap items we’ve been planning for some time, and we can’t wait to build on this strong foundation of simplified Bitcoin usage. Next you’ll be able to jump in the 🌀 with thousands of other Bitcoiners, become a 🤖, or ⚡ your way to a cup of coffee — all within Envoy!

We’re excited to release the next piece of your financial sovereignty toolkit to the masses and onboard a wave of Bitcoiners to self-custody, privacy, and financial sovereignty sat by sat.

Now back to building.

This Month in Sovereignty: April 2023

Our team has been busy throughout the month of April with major new releases of Envoy and Passport firmware along with preparations for a busy conference season, kicking off with Bitcoin Miami.

Dive into the latest updates below, and be sure to subscribe if you want to stay informed on all things sovereignty moving forward!