preface

It’s not easy for the majority of cryptocurrency traders. The US Securities and Exchange Commission sanctions, carpet-drawing scams, and FUD-driven sell-offs are enough to scare away any individual who holds digital assets on centralized exchanges. Yes, the spread of FTX is still fresh in our memory. By 2023, as threats and concerns continue to rise, storing cryptocurrencies in self-hosted cold wallets makes the most sense. As a risk averse, you can further opt for air gap wallets — cold wallets with advanced security features.

This article takes a deep dive into the field of air-gap crypto wallets, explains how it works, and the associated benefits and challenges.

Private keys: the driving force of crypto wallets

Source: beInCrypto

Crypto wallets don’t actually store your crypto assets. Instead, it stores your private keys, while the actual crypto assets reside on the blockchain. Using these private keys, you can sign transactions. These may involve withdrawing cryptocurrencies, transferring assets from one wallet to another, or paying for services using any particular chain.

What is an air gap wallet?

An air gap wallet is actually a cold wallet. You can think of them as air gap hardware wallets. But air gap wallets are completely disconnected from the internet or wireless world. As a result, they are similar to the least interactive physical devices that store private keys. Some air gap wallets can’t connect to Bluetooth, Wi-Fi, NFC (Near Field Communication), or any other wireless medium. Some fully air-gapped models don’t even support USB connections.

Take Ledger’s Nano X. Although it’s a great hardware wallet, it’s vulnerable to threats due to its Bluetooth support. Despite Ledger’s focus on top-notch security, concerns related to Bluetooth interception and pairing breaches may still exist. This is where an air gap wallet that works independently comes into play.

A fully air gap wallet with zero wireless connectivity. Because of their offline and isolated environment, they are safe from malware, phishing threats, and hackers. Note that the term “air gap” refers to the distance or gap between these wallets and any wireless network, more like isolation from vulnerabilities.

Additionally, “air gap” is a computer security term that refers to the complete isolation of a device or network from other networks or devices. Gaps, or rather isolation, are “air-filled.” If it doesn’t have any ports and doesn’t support any kind of wireless communication, even an air gap computer can do that. The air gap hardware wallet follows the same concept.

Are air gap wallets safe?

Compared to hot wallets like MetaMask or Trust Wallet, air gap wallets offer a higher level of security. Compared to other cold wallets, products with specific security features also stand out. This is especially true for devices that can connect to the internet or any wireless network.

While a wallet’s disconnected state is a major factor in security, the real reason is hidden somewhere. These wallets never connect to wireless networks, so signing transactions with them is much more complicated.

The following tweet shows why wireless networks can keep you in a quagmire.

How does an air gap wallet work?

For any crypto wallet, if you need to process a transaction, you must sign and broadcast the signed transaction — an air gap wallet does it differently.

Ready to trade

When you create a transaction on any internet-connected device, such as a computer or smartphone, the device-specific components of the Airgap wallet create a “Watch-Only” entity. This way, you can generate a new address and enter all transaction details, but you can’t sign the transaction. Using a hot wallet or a cold wallet with a Wi-Fi, NFC/NFC, or Bluetooth connection, you can forward this notification and sign it. This is not possible for an air gap wallet.

Instead, you need to transfer transaction details to an air gap wallet as a wallet-readable file.

Don’t understand how to transfer transactions to a wallet? Take a look at the following examples:

Imagine you’re using a Coldcard wallet — one of the more popular air gap wallets. As mentioned above, the first step is to create a deal. For this, let’s say you use the Bitcoin wallet Electrum. This wallet is connected to the internet. At this point, you can enter the recipient’s address and the value of the BTC you want to send. This is the time to create a deal.

Sign the deal

On Electrum’s interface, you can choose to save transactions created within your Bitcoin wallet. Once saved, the format you get is a partially signed Bitcoin transaction (PBST). You can transfer these partially signed Bitcoin transactions to a microSD card. Then, connect this card to an air gap wallet.

Did you know that Partially Signed Bitcoin Transactions, or PBST, is a wallet-specific format that was first introduced by Bitcoin Improvement Proposal (BIP) 174. Although PBST was created in a binary format, it represents the format for wallet-to-wallet transfers in Base64 or binary-to-text format.

This method of transferring a semi-finished transaction from a computer-specific wallet to an isolated wallet like Coldcard is called an “export transaction.”

You can now open this exported transaction on your air gap wallet. If you’re exclusively using Coldcard as your wallet, you’ll see a “Ready to sign” option. This will open a PBST or partially signed Bitcoin transaction, which can be signed using your private key. Once signed, the wallet saves the prepared transaction on microSD as a new PBST file that can be read by online devices.

Broadcast deals

After that, you’ll need to pop up the microSD card, connect it to your online computer, get the new PBST deal, and load it into your online wallet. That way, you can broadcast signed deals.

It’s worth noting that using a microSD card to store and export transactions is just one way to interact with an air gap crypto wallet. Also, the exact process and steps depend on the type of online wallet and air gap wallet you use.

Basic transmission using QR codes for air gap wallets

As mentioned before, using a microSD card to export new transactions to an air gap wallet isn’t the only way to interact. You can even use the QR code scanner on your Airgap wallet to scan transactions from your computer and sign them with a key.

Source: Airgap — Airgap Wallets and QR Codes

This will generate a new QR code representing the signed data. Now, you’ll use your online device to scan and decrypt the QR code, extract the signed transaction, and finally broadcast it.

Did you know that scanning mobile data with a QR code uses an optical mechanism that allows you to capture images and extract data using the device itself. No internet connection of any kind is involved unless this QR code is used to open an online link.

Why use an air gap wallet?

Given the unpredictability and irreversibility of the market for crypto-related transactions, air gap wallets play a critical role in the web3 ecosystem and promoting the security of crypto wallets.

Since an air gap device still looks a lot like a cold storage option, it provides a lot of protection against threats. Here are a few reasons why you should use this wallet:

1. Security, able to prevent online threats
2. A better place to store your private keys
3. It is a secure option for long-term storage of cryptocurrencies.

With an air gap wallet, you only control your private keys. You are always in control of your private keys, and your cryptocurrency holdings are always in your custody.

The following post lists some of the benefits of air gap hardware wallets:

As the impact of the FTX storm spreads, to prevent another exchange from going out of business, web3 users are once again reminded of the most important motto in cryptocurrency (tweet):

“No key means no coin, coin key all in one”. (“Not your keys, not your coins”.)

——Andreas M. Antonopoulos, author of bestsellers _Master Bitcoin and The Internet of Money_

This famous quote has become important again.

Set up an air gap crypto wallet

The wallet software contains specialized cryptographic algorithms that manage everything. Here’s how to set up an air gap wallet:

• The first step involves 12 words or 24 word mnemonics. This is also known as a recovery phrase, and the software for your air gap wallet creates and generates this set of secret words. Mnemonics are the root that ultimately helps generate private keys. You can even use this mnemonic to recover your keys if you lose access to your device.
• The mnemonic is now the key generation message input for your wallet. The algorithm that uses mnemonics as transmission is usually HMAC-SHA512. The algorithm then generates a large random number, which becomes your private key.
• After generating a private key (also known as an air gap key), the wallet software uses an “elliptic curve multiplication” mechanism to export the public key. Note that, strictly speaking, elliptic curve multiplication is a one-way mechanism and cannot be used to generate private keys from public keys.
• At this point, your public key has become your wallet address during the encoding and hashing process. You can share this wallet address with anyone.
• At the same time, your private key remains securely hidden in an air gap wallet and can only be used to sign transactions on your device.

Writing down mnemonic phrases in a safe place beforehand is a good way to store your keys. This may help you recover your wallet if needed. Note that you should never store mnemonics of any kind online, even if using encryption.

Air gap crypto wallets and their types

An air gap crypto wallet is a basic device with no fancy connectivity features. Therefore, they can be categorized as follows:

hardware wallet

Specifically, every air gap wallet is a hardware wallet, but not every hardware wallet is an air gap wallet. These types of wallets include Coldcard wallets or wallets like the Ellipal Titan that are completely air gapped and don’t have fancy features such as Bluetooth support.

If you want to use the strongest form of encryption in an air gap wallet, NGRAVE ZERO is another wallet worth considering. It’s completely airtight, provides EAL7 certification, and supports biometric authentication.

paper wallet

If you’re on a budget, there’s nothing better than using a paper wallet as your air gap wallet. With this type of wallet, you can print your private key and public key as an encoded QR code logo. All you need to do is scan the QR code on the paper with your online device to sign the transaction. One good strategy is to use only one paper wallet once, because if your online device is attacked, erasing funds from keys stored in paper wallets may contain the same funds.

bitcoin wallet

Some crypto wallets are air-gapped and limited to BTC transactions. While the concept of an air gap remains consistent, the spread is limited to BTC, which adds credibility. Foundation Devices’ Passport is an air-gap bitcoin wallet that works in partnership with the companion online app Envoy. The model also has open source firmware, making the device a reliable Ledger replacement. Ledger, a leading hardware wallet maker, was recently criticized by the crypto community for its controversial cloud backup update.

Blockstream’s Jade is another typical air-gap Bitcoin wallet known for its price tags and seamless QR code specific communication.

Source: Gadgetify — Keystone air gap wallet with scan camera

Multi-signature wallet

A multi-signature wallet is also an air gap wallet. This device is still isolated, but can generate mnemonics to help manage other devices. The new 1inch air gap wallet is one such device. It looks like a bank card with sixth-generation Gorilla Glass, an e-ink display, a tiny camera, and other playful features. You can use one wallet to create and manage other wallets.

Learn about the threats associated with air gap wallets

Are air gap wallets the perfect cryptographic security solution? What are the threats it faces? Next, let’s take a look at how an air gap wallet works in different models and scenarios.

Scenario 1: Online Threats

An air gap wallet is an adequate solution to online threats. Airgap wallets are isolated from the network, which keeps your private keys safe and disconnected from the world. However, it is still important to download and install firmware updates to ensure that the wallet maintains its full potential. You can download this content to your computer, move the update to the micro-SD card, and then install it directly on your device.

Scenario 2: Personal Threats

Imagine someone stealing your air gap wallet. This is a credible personal threat. At this point, you may need a device that allows you to set an additional security line as a PIN or password. A device for multi-signature verification is also one method.

Scenario 3: Supply Chain Threats

Imagine someone tampering with your wallet before it reaches you. The best solution to this problem is to buy a wallet with a secure element chip, which provides extra protection and is almost tamper-proof.

Scenario 4: Unexpected issues

What happens if you forget your mnemonic words and can’t recover your stored cryptocurrencies? You can choose multi-signature wallets to counter this threat. This wallet will allow you to recover your cryptocurrency if you have access to other validators.

Scenario 5: Problems with online apps or microSD cards

What if someone hacks into an online app (the app you use to trigger a deal and generate the same deal in the first place)? Or what happens if the microSD card you’re using has been injected with malware to infect an air gap wallet? This could even use an SD card or infected QR code to supply malicious code to the wallet. Another risk is QR code replacement, but for this to happen, the hacker needs access to your computer.

In this case, there are two possible solutions to consider:

You can buy a wallet with a secure chip to prevent all threats; you can also buy a device with a secure display to ensure you can view and verify the details of each transaction, such as the address you sent and the amount of cryptocurrency you sent. Additionally, it is recommended to run a malware check on your device frequently to check for threats.

What is a keyless wallet?

Like any other hardware wallet, an air gap wallet relies entirely on its private key. Alternatively, if you’re using a multi-signature wallet, you can use a few keys. There have been situations where advanced encryption technology and keyless wallets are used to solve this problem. They’ve even used secure multi-party computing (SMPC) technology to make cryptocurrency access more complicated, but the person in charge of the wallet can use it smoothly.

The concept is simple: the private key itself is broken down and stored in multiple locations—smartphones, secure servers, or backup devices. When signing a transaction, each part must be combined to complete verification and function as a complete private key. This approach reduces the risk of accidental losses.

Comparison between air gap wallets and keyless wallets

If you’re considering choosing a keyless wallet over an air gap wallet, the comparison chart below is worth taking a look.

Source: BeInCrypto — Air Gap Wallet vs. Keyless Wallet Comparison Chart

You should carefully evaluate your preferences and choose the right wallet for you.

Comparison between air gap wallets and hot wallets

Still not sure how an air gap wallet is different from a regular hot wallet? Here’s another table to help you begin to understand the differences between them:

Source: BeInCrypto — Comparing Air Gap Wallets to Hot Wallets

The challenges faced by air gap wallets and the evaluation of their experiences

Air gap wallets are useful, but they also have a lot of issues. Here are some of the more pressing challenges:

1. The learning curve is complex, so there are usability issues
2. Remains vulnerable to threats associated with theft, accidental loss, etc.
3. The recovery process relies entirely on mnemonics
4. Prone to human error, such as incorrect transaction signing
5. Signing and broadcasting deals are time-consuming as they follow different curves
6. Without security chips, they are vulnerable to supply chain attacks
7. A microSD card or infected QR code can be used to provide malicious code to the wallet

What does the future hold for air gap wallets?

The manufacturers are focused on improving usability issues through clearer instructions and a highly intuitive interface, which will promptly address the challenges associated with air gap wallets. Waterproofing and fire-resistant components may be key areas to protect them from physical threats. Multi-signature wallets like 1inch are already working to make keys easy to recover.

Other implementation measures, such as air-gap smartphone wallets and the implementation of measures to deal with supply chain threats, will also appear in due course.

Are air gap crypto wallets completely reliable?

Air gap wallets have changed the way we think about self-hosting. Since they are completely unconnected to the internet or any form of wireless communication, online threats pose no threat. However, to ensure that the entire process of signing and broadcasting transactions is completely reliable, there are still many areas where improvements need to be made.

However, as new entities such as Foundation’s Passport and 1inch’s hardware wallet enter the field, the focus remains on enhancing security and improving the user experience.

Statement:

1. This article has been reprinted from [Beincrypto], and the copyright belongs to the original author [BeInCrypto ]. If you have any objections to the reprint, please contact the Gate Learn team, and the team will deal with it as soon as possible according to the relevant procedures.
2. Disclaimer: The views and opinions expressed in this article only represent the author’s personal opinions and do not constitute any investment advice.
3. Articles in other languages are translated by the Gate Learn team, and translated articles may not be copied, distributed, or copied without mentioning Gate.io.