postmeback / arctica Goto Github PK

WARNING: WE ARE CURRENTLY IN ALPHA TESTING, DO NOT USE ARCTICA FOR THE STORAGE OF SIGNIFICANT FUNDS
this software overwrites external storage media and CDs without much warning, I advise you only run arctica on a dedicated machine, remove any extraneous external storage media, and only insert new/blank USB sticks or SD cards and CDs when prompted.

Minimum Specs: You only need access to two relatively cheap computers. These computers will be dedicated to the purpose of running arctica. The primary laptop runs the bitcoin full node and should remain unused for other activities. The second laptop can be any device, but ideally is a dedicated signing device not used for other purposes. If you don't own a second laptop you can buy one from a big box store and return it after use if required or use your primary computer as a signer. Once Arctica is set up, it will work on any computer by simply inserting an Arctica HWW and rebooting the machine. On some motherboards it might require you to enter the BIOS.

I recommend replacing the laptop you intend to use as a full node's internal storage drive with atleast a 1 TB SSD drive to improve the initial sync speed significantly and provide plenty of node storage space for the immediate future. A bit of RAM helps, the most performance intensive part will be your node's initial sync, but I'm not certain yet the absolute minimum you could get away with. Just about anything can be used as a signer, I've run arctica on an old T400 Thinkpad. You could potentially sync the full node on such a machine with plenty of patience.

The primary full node computer's internal storage should be flashed with a clean installation of the latest Ubuntu release prior to installing Arctica.

Arctica is essentially a few seperate things...

1. Open Source Hardware wallets which the user builds software for in in real time while arctica runs.
2. An accompanying software desktop application that runs on top of bitcoin core and allows the user to easily navigate a preconfigured 2 of 7 and 5 of 7 timelocked multisignature bitcoin wallet (Bitcoin Vaults that solve for inheritance and security)
3. An Automated Full node builder anytime the user boots from HW 1 or HW 0 and runs arctica, the software will attempt to sync the bitcoin blockchain using the computer's available internal memory storage.

Arctica is a Free and Open Source wrapper script that installs bitcoin core and then walks the user through setup of a highly secure & private cold storage solution. The software is designed to make Bitcoin more difficult to lose, steal, or extort than any other asset. This protocol contains both a high security and a medium security area and is designed for storage of amounts in excess of $100,000.

• Arctica is a key management system built in Rust on top of Bitcoin Core Backend. The Front End Repo is built with Vue.js and runs as a standalone desktop application through tauri which emulates web view without requiring the use of a browser.
• Arctica requires users do what is needed for safe and secure bitcoin storage even when this requires more time and effort - the first task in the Arctica instructions is to setup trustworthy & dedicated Bitcoin laptops.
• Before beginning, users will need to gather:
-1 or 2 dedicated laptops (it is helpful if they have CD drives but if not you can purchase USB tethered CD drives cheaply online)
-7 SD cards or USB sticks (minimum of 8Gb)
-8 CDs
-7 DVDs or M-DISC,
-7 envelopes.
• When setting up the laptops, one should have enough internal SATA storage space to hold the entire bitcoin blockchain, currently 1Tb or higher (I'd encourage you to just go for 2TB) this will be the Primary Computer that runs an online bitcoin full node. The second will just be used as a dedicated signing device. Both laptops should be erased and flashed with ubuntu. The user can optionally install bitcoin core on their primary machine and sync the bitcoin blockchain ahead of time if desired.
• The SD cards/USB sticks will be configured into open source hardware wallets (HW) with the help of the arctica software. The HW devices can be booted from any computer, with the except of HW 1 and HW 0 which should only be booted from your dedicated full node (primary). You are welcome to use as many or as few secondary machines for booting other wallets as you like. CDs & DVDs/M-DISC are used to help with initial installation and encrypted backups of each wallet. The user is not required to write down any physical key or wallet backup information for the system to be secure & recoverable.
• Private keys are stored in 7 encrypted Hardware Wallets, when required, keys are loaded into RAM while booted to an internal Linux Live System and running the Arctica Desktop Application. This allows arctica to function as a flexible & self contained key management system which can be run on a wide variety of hardware.
• Artica uses both an ecrypted 5 of 7 & 2 of 7 decaying multisig for bitcoin storage. This allows up to 6 keys to be lost without losing bitcoin and requires 5 locations to be compromised by an attacker to lose privacy or funds. This prioritizes recovery redundancy and privacy.
• Miniscript multisig is used so that you can recover all funds using only 5 signers (high security) or 2 signers (medium security), both of which eventually decay down to 1 of 7 after a predetermined time frame (4 years and eight months).
• Generic computing hardware is used. Hardware sold specifically for bitcoin storage requires trusting all parties from manufacturing to shipping. Omitting potential for modified Btcoin specific hardware to steal bitcoin.
• Minimal software beyond bitcoin core. Bitcoin core is far and away the most trustworthy bitcoin software. Unfortunately it does not yet provide a user friendly interface for establishing a multisig address or display and accept private keys in a human writable format. We have intentionally sought to limit dependencies on external software libraries in our design process. Ideally, an Arctica user could recover their funds without our software and only use bitcoin core (with a working knowledge of the Bitcoin-CLI)
• Open source and easily audited. One of the reasons bitcoin core is trustworthy is that it is the most scrutinized software. This makes it the least likely to contain a critical security flaw that has not been identified and fixed. Arctica will never be as trustworthy, but by minimizing the amount of code and primarily using Rust and console commands the effort required to verify that Arctica is performing as expected is minimized.
• Usable for non-technical users. By following simple instructions users with moderate computer literacy can use Arctica. This is important because trusting someone to help you establish your cold storage solution introduces considerable risk. We want Arctica to be the gold standard for newcomers to bitcoin to establish a secure self custody profile.
• Private keys & descriptors are stored in a non-descript and encrypted manner.
• Private. Unlike many popular hardware and software wallets that transmit your IP address (home address) and bitcoin balance to third party servers, Arctica uses a local bitcoin core full node. This means nothing is shared beyond what is required to create a bitcoin transaction. Arctica will also use Tor (planned for v2).
• Counterfeit prevention. The only way to be certain that your balance represents genuine bitcoin is to use a bitcoin full node - in fact that is the primary purpose of a bitcoin full node - to verify that the bitcoin balance is correct and full of only genuine bitcoins. Any solution that does not involve a full node requires you trust someone else to tell you if you have real bitcoin.
• Once you have booted into an arctica hardware wallet you should navigate to the home directory and double click on the arctica software executable
• The prompts are designed to be completed by non technologists with minimal effort.
• Software instructions for recovering and spending the bitcoin are included with on every Hardware Wallet to reduce the likelihood of loss and improve UX.

Arctica provides the best balance of security, ease of use and privacy when storing significant sums of bitcoin, it has the following disadvantages that might not be expected:

• Time. To complete setup you will need to invest several hours spread over the course of a couple days. This time includes active participation in setting up devices by following on screen prompts, syncing the blockchain, and establishing a series of security protocols.
• Soft Shelf Life. Because Arctica is designed to have a decaying high & medium security storage area, you will find that Arctica's security assurances intentionally degrade over time. This decision has been taken to find a balance between high security assurance and inheritance in the event of a users untimely demise. A user is advised to repeat Arctica setup shortly before or during the 4 year threshold decay.
• Privacy. While using bitcoin core over Tor does provide significant privacy advantages over many cold storage solutions, using multisig is not very common. This means that someone could look at the blockchain and infer that the owner of the coins is probably using our software for cold storage. This will eventually be fixed through changes to bitcoin and it is worth the security and recovery benefit to use multisig and the type of multisig you are using is only exposed to the network when you spend from Arctica (not when you deposit funds).

A comprehensive technial design document can be found here

User Experience Design Documents

NOTE: Arctica is currently in Alpha and is not currently recommended for the storage of funds. This is a spiritual successor to Yeti Cold, which is my recommended Bitcoin storage protocol until Arctica releases a Beta client