A recent search for an iOS-based bitcoin wallet led me to the discovery of breadwallet, developed by Aaron Voisine.
Whereas most mobile bitcoin wallets are simply front-ends to web services, breadwallet is a proper, standalone wallet, that directly connects to the Bitcoin network. And benefitting from Aaron’s appreciation for good design, it’s certainly the easiest to use mobile wallet that I’ve tried.
One wallet to rule them all?
Before chatting with Aaron, my understanding of the best practice for bitcoin handling was the following:
- For day-to-day transactions, one should keep a small balance on a “hot” wallet, in a convenient location like on a mobile device.
- For security, however, one should store larger balances somewhere less prone to theft or loss, such as your computer, online providers like Coinbase or Xapo, or even on a physical “paper wallet”.
Conceptually, this is no different than the practice of storing the bulk of your savings with a financial institution (like a bank or brokerage), and then carrying a small amount of cash in a physical wallet.
(And remember, you’re not actually “storing” bitcoin in the wallet, since your bitcoin actually “exist” is in the global bitcoin network. Rather, wallet software controls access to and use of your bitcoin private keys—which in turn control access to your bitcoins—and manages addresses associated with transactions.)
But speaking with Aaron, I came to learn that his intention for breadwallet is that it would be the home for all your bitcoin, as in his view, there is no safer place to store your bitcoin. Why is that?
- With AES hardware encryption, TouchID, app sandboxing, keychain and code signatures, iOS devices currently represent the most secure computing platform.
- Since breadwallet implements a technology known as “deterministic wallets”, you’re protected against loss or physical theft, as your wallet can be fully restored from a complex passphrase.
- Built to strong security standards, breadwallet software is open-source for the world to inspect.
- The alternative, paper wallets—traditionally considered the safest of all ways to store bitcoin—expose their owners to the risk of loss of funds if they do not fully understand their proper use, particular as relates to what’s known as “change addresses”.
Highly secure software, running on a highly secure device, and exposing a simple and straightforward user interface certainly add up to a compelling argument in favor of breadwallet being the one wallet to rule them all.
But what about the risk of physical force?
There’s still one risk, however, that would prevent me from storing anything other than a small balance of bitcoin in breadwallet, and that is the threat of physical force—i.e. the same threat that discourages us from carrying around large quantities of cash.
Consider these scenarios:
- Having observed you paying for something in a store, an armed assailant later approaches, forcing you to reveal your bitcoin balance, and transfer that balance to them.
- Crossing a national border, you’re forced to reveal the balance stored in the app.
The solution—plausible deniability
One solution to the above concern would be for breadwallet to introduce plausible deniability. To understand how this would work, consider its implementation in a similar app, Espionage.
Espionage is an application for Mac OS X, that allows you to manage and unlock sets of encrypted disk images. To unlock and access a set of one or more encrypted disk images, the app asks you for a password:
The beauty of plausible deniability in Espionage, is that only the owner knows how many sets of disk images—each of which is unlocked by a separate password—he or she has setup and configured in the app. And so if you were forced to unlock the app, you could simply enter a password for an innocuous set of images, and it would be impossible to know whether or not there were others.
(An alert observer would notice that a certain amount information could be inferred by the number of encrypted disk images found on the disk. Espionage addresses this concern by, upon installation, creating a random number of empty disk images that are unassociated with any user-managed set.)
Similarly, plausible deniability could be added to breadwallet by allowing the app to manage multiple wallets, each of which is unlocked by the user with a unique PIN code (entered after having authenticated into the app with TouchID). In this way, a user forced to unlock the app could enter the PIN code to a low-balance wallet, and it’d be impossible to know whether others exist.
In my opinion, only this addition to breadwallet would give me the comfort to store anything more than a trivial amount of bitcoin in the app. On the other hand, adding plausible deniability to the app in the way I’ve described above could potentially introduce a significant conceptual hurdle for the non-technical person, presenting a UI challenge for Aaron, as the product’s designer.
(Although the above discussion is presented in the context of breadwallet, it conceptually applies to any wallet software.)