▢ armoredcoin
Home | Blog | Contact

armoredcoin: A Provably Secure Bitcoin-to-Human Machine Interface

The internet wants to get their grubby fingers on your Bitcoin. What is your battle plan?
Relying on 'experts,' 'hope,' 'trust,' exchanges, smartphones, or 'hardware wallets' like a chump?

Please be aware: your coins do, in fact, belong to the collective/public and your money is already compromised. You'd best Armor the fuck up - STAT.

!!!Armoredcoin Capture-the-Flag Challenge!!!
We have an open $100,000 bounty award for any 'zero-day' exploit proof demonstrating a method that compromises/exfiltrates airgapped private keys from a properly configured AC wallet.

Our team brought the CTF challenge to Defcon 26 in Las Vegas this year to work with some of the world's best pentesters. We met some smart, funny guys but no legitimate exploits were proposed or identified.

The protocol has a few simple objectives: trust no one & no thing, provide users verifiable, exclusive, absolute control & ownership of their Bitcoin, protect private keys, enforce redundant validations for outbound transactions. Armoredcoin abides by the 'Seven Laws of Sane Personal Computing' - Obedience, Forgiveness, Retention, Preservation, Survivability, Revelation, and Servitude - making for the kind of reliable, benevolent robots you can trust to babysit your children and your money.

Armoredcoin is a set of instructions & device requiements based on the airgap gold standard described by the man himself. Mr. Popescu further delineates boundries separating actual security from security theater / pseudoscience here - Bitcoin is most certainly no country for old men.

Team Armoredcoin is proud to introduce the brave, new AC1 Control Kit 'Woodchipper' - the world's first fully auditable production Bitcoin control system available to the public.

Visit Armoredcoin Storefront for Comms & Ordnance

Now you can truly own and control YOUR money without having to trust some guys you don't know and a bunch of other guys they don't even know.

The "men" [buffoons] promoting mainstream Bitcoin wallet/storage/exchange platforms are all known fatlogic practitioners, delusional pseudoscientists, and feckless, witless schmucks who believe "it won't happen to them" and are (at best) blissfully ignorant, if not willfully malicious, promoting the worst possible schemes for handling combustible, hazardous materials the likes of Bitcoin.

Armoredcoin applies the airgap gold standard to Bitcoin wallet creation, storage, and transaction signing/spending in order to virtually eliminate the possibility of theft or hacking.

Trust No 1

LOL They sunk yur Bitcoin wallet

Bitcoin users are playing Battleship against the entire world of internet badboys. The rub being that the other side actually has the ability to peek at your board, so sinking your battleships is a trivial matter to them. While your defense/attack options are quite nontrivial, far too soft, and way too slow to even give you a chance at staying afloat.

Most people dive into the world of Bitcoin without taking a moment to smell the roses & appreciate the finer things and usually fail to comprehend the MOST important, basic security concepts - leaving their coins vulnerable in the worst possible ways.

Unlike apps, websites, and all devices that must stay online to function, Bitcoin can actually be stored & controlled using totally secure OFFLINE tools in order to virtually eliminate the possibility of theft, loss, hacking, or dependence on people you don't know (and other people they don't know).

Bitcoin, in fact, allows individuals to keep and spend it without having to trust anyone but one's self.

Here's a good rule of thumb: If your Bitcoin/private keys are stored on a computing device or wallet connected to the internet OR with the ability to connect to WiFi (or any other radio/bluetooth, infrared, NFC, etc.) OR has EVER connected to any other computing device with the ability to connect to the internet, then you are doing it wrong and your Bitcoin + private keys, in fact, belong to the collective/public. It's advisable that you promptly send your Bitcoin to a legitimate wallet or at least an exchange/service provider better equipped to secure your coins.

So, how does modern man regain confidence in his hard-earned Bitcoin? What with all the kids running around smoking drugs, doing computer crime, blasting their rap music and God knows what!

The answer: a simple system to perform 'offline transaction signing,' two computers (one being properly airgapped), a few pieces of free software, and a pair of webcams.

Armoredcoin specifies verifiably *unhackable workflows enabling non-technical users to safely store, manage, and validate their Bitcoin without having to trust third parties or incorporate 'hope' into any part of their security equation.

*Considerations for miner pool 'trust,' consensus, sybil attacks, Chicom, certain advanced / asymmetric threats, and other amusing socio - cultural issues fall outside the scope of this protocol. Stay vigilant!

All Bitcoin wallets and exchanges claim to provide secure, unhackable protection, and all of them have a long history of being exposed for the snake oilers they really are - time and time and time and time and time and time and time and time and time and time and time and time and time and time and time and time and time again.

Trust No Thing

Myth: You control and are the only person with access to your Bitcoin/private keys on a ‘hardware’ cold or mobile wallet.

In order for those services & tools to perform as described, users are forced to not only blindly trust the vendor along with the computer/device's operating system and all other installed applications to provide timely and secure patches/updates and to not 'accidentally' OR intentionally leak your coins/keys - but you ALSO have to trust the server and hosting + API providers those companies use AND all the various data switch middle-brokers, internet service providers, and router manufacturers we all assume will transmit the correct information, unadulterated.

These options leave you spreading your trust pool VERY thin and provide no more real security than whatever the worst conceivable options might be.

Unfortunately (but not surprisingly), all the popular Bitcoin apps, services, and 'cold wallet' devices on the market are, in fact, purely exercises in security-theater/performance-art that exploit user gullibility and sacrifice genuine security for the sake of convenience and best intentions a.k.a. 'hope'.

Thanks to Bitcoin, we no longer have to 'hope' or trust some other persons you don't know (and other people they don't even know) with your money. Let's move beyond all that nonsense so we can go about our merry lives.

There are countless fatlogic practitioners all over the web promoting Bitcoin security as they imagine it. They are almost all, in fact, either terribly misguided or outright malicious actors. There is only one standard and you'd do well to learn it if you care about your money.

Bitcoin 101: Secure cold wallets and offline transaction signing - or - How I learned to stop worrying and love the Woodchipper

Point of Order - There is no such thing as a 'secure' device From NoSuchlAbs:
"Any Turing machine (such as any desktop or laptop computer, tablet, smartphone or other digital device of any type, kind, make or vintage, including without limitation any machinery used by any government for any purpose, be it nuclear tests, space flight, military applications not to mention Tamagotchis and old Nintendo boxes) is, by definition (and without exception possible in theory or ever encountered in practice), a square keyhole. It can be opened equally well by all those who possess the mighty secret of the shape of its key : a square."

Given that every device is, in effect, 'unsecurable,' how does the astute Bitcoin owner HODL or spend his coins that require machine controls and internet connectivity?

Fortunately, there is a tried and true mechanism inherent to Bitcoin called Public Key Cryptography (PKC). This allows a person to prove they control 'particular information' without revealing their 'secret keys' to anyone. It's the same basic principle email & messenger apps use to send and retrieve messages without revealing your password to your recipients but still effectively 'proving' the sender is (probably) you. Although, popular implementations of PKC used in email and websites are generally vulnerable due to administrative choices having nothing to do with PKC itself.

So, how do we use PKC to safely control and store Bitcoin? The answer is airgap FTW.

Armoredcoin details the steps and requirements for applying time-tested, reliable offline PKC signing & the airgap gold standard to Bitcoin wallet generation and transaction management. This is the ONLY way for organic lifeforms (particularly Homo sapiens) to safely interact with Bitcoin. Any such claims to the contrary have demonstrated to be suspect or invalid.

The protocol describes layers upon layers of protection and failsafe actions enabling Bitcoin owners to confidently store and send their coins - even in the event any combination of infected or malicious software, wallets, browsers, harddrives, wifi connections, etc. are present.


Acknowledgements, circumstantial non-evidence, and other anecdotal, extemporaneous loose ends

It should be noted that TRB, Electrum, Bitcoin 'Core,' and all popular wallet applications have a high degree of failure built-in. Armoredcoin works on the assumption that all equipment, operating systems, and even the wallets themselves are entirely compromised or in failmode.

Many of the 'problems' associated with Bitcoin wallets/clients/services are not as much technical as they are 'promisetronic' and more broadly, chumpatronic.

Armoredcoin aims to effectively neutralize the many deficiencies of its constituent parts. The protocol is wallet 'agnostic' and specifies non-computing processes, equipment modifications, encoding/decoding, and 'auditable' proof-generating methods required to securely validate, store, and transmit Bitcoin data like 'raw transactions' and private/public keys.

That being said, the 'protocol' in its current iteration could definitely be considered more promisetronic than protocolic and is not 'entirely' auditable on account of the aforementioned constituent parts (namely comms & ordnance). Although, if followed properly, the validation and sequestration procedures can ensure Bitcoin sovereignty and custodial/transactional integrity - even against the most capable and determined adversaries.

'Auditable,' in this context, refers to validatable, human/machine-readable inputs, outputs, raw transactions, etc.

And here is the straight dope on wallets from Cascadian Hacker.

Vigilant Bitcoiners should consider using legit entropy sources:
Like the TRNG offered by the good folks at NoSuchlAbs.

Also, a cheaper, low tech method here from Pete.

Two big problems with making your problems someone else's - From Trilema
"Whenever "someone else" "solves" the hard problems "for you", two things happen and they're both horrible. The first thing that happens is that you import their solution, and thereby become vulnerable : they will continue to provide the solution for as long as it makes (economic, or otherwise) sense for them to continue to provide the solution ; whereas you will depend on their solution for as long as it makes sense for you to continue to depend on their solution."

"The second thing that happens is that you will go do other things -- things you wouldn't have done if you had a correct image of the actual necessities for your continued life. It's not just that you depend on fragility ; it's that you then misallocate the resources at your disposal to other demands, exactly like the old woman brushing her hair while the house burns down. She perceives that even as she slowly fries, the inferno is nevertheless not actually her problem, being handled by others. Instead her coiffure is a much better use of her resources."

"PS. No, we haven't even discussed just how bad those solutions actually are. All the foregoing discusses the matter in principle, irrespective of the quality of the solutions, and therefore applies in principle, no matter how good the solutions. "

"But then you have to also consider that the incentive for solving a problem is very different from the incentive for providing a solution : the first is directed at the actual problem ; the second is directed at the solution buyer. How many times have you bought solutions that specialized in looking like the solution, rather than solving the problem ?"

Further Reading on third-party trust from Nick Szabo.

Scientific Method vs Magic: The Gathering From Trilema
"The core of the scientific activity is the scientific method, which is exactly as the name implies a method and absolutely nothing more. What scientists engage in, without exception known in the centuries of practice so far ellapsed nor possible in the endless voids of abstraction in the future to be unfurled is a methodical behaviour. Nothing more. Nothing less. A dog who always drools when he hears a whistle and never drools when he doesn't hear the whistle is just as much of a scientist as the best human example anyone could ever think of, today or forever. There is nothing else, and nothing more to scientific activity than the application of the scientific method"

"The scientific method consists of playing liar with reality. The largest and longest running society game known to mankind is this peculiar situation where reality silently pretends to be coherent and we keep trying to catch it slip up. Sometimes we do catch it ; but then it usually turns out we hadn't actually understood something, and it hadn't really slipped. There are some still open questions on this score, but enthusiasm on the topic is drastically moderated (even among the people sufficiently gifted with intellectual power that they can follow the actual point in discussion) by a terrible track record over many centuries to date."

"This is why science is a rewarding activity, for they sufficiently human to engage in it. This is also why science as an activity (as opposed to science-as-a-pretense-to-get-laid, or as a religion, or as an excuse to write on the unemployment applicationiv and keep the dole running) does not need "being incentivized" nor needs justify itself in terms of utility or entertainment or anything else. It's there because it is fun, and for the people for whom it is fun. Everyone else -- sandwiches, kitchen."

"To sum up : a scientist is someone who applies the scientific method ; "science" is not a thing ; you are cordially invited to do something useful or shut the fuck up."

Mind the Woodchipper!! From Trilema

Team Armoredcoin is proud to release the brave, new AC1 Control Kit 'Woodchipper' - the first auditable production Bitcoin control system available to the public.

Visit Armoredcoin Storefront for Comms & Ordnance


So what is the definitive 'answer'??

From Trilema - "Some inferior intellects seek closure out of their conversations, but this is nonsense. There is no closure, there's just the endless stream of life. Consisting of claims and challenges, proceeding indefinitely straight to hell. In this context, "make up your own mind" is not some sort of empty injunction, but quite a literal requirement. If you are to have a mind at all, you're stuck making it yourself...
http://Good luck."

Keep Calm, Trust #1, and Stay Armored.

The protocol