Loki is an Open Source, Browser Based, Trustless, Bitcoin Transaction Broadcaster. (Based on coinb.in javascript browser based wallet code)
Live Version - https://lokionlineledger.com
Donate BTC (Inspire Development): 1oLBNEZzdFrJd58aqPgevrz5QKeW1ZDmP
In order to be trustless, your Bitcoin private key must NEVER come in contact with a device that can reach the internet.
- Web Wallet or Exchange? No way -- The most convenient of options, but most won't share with you the private key they use to store your money. And even if you could trust the company or individual behind the wallet they regularly get hacked, and sorry, that money is coming back.
- Mobile Wallet on my cell phone? Please -- Assuming the wallet you are using even gives you access to your private key -- Unless you've gone over the code line by line and have automatic updates turned off, there can be sleeper code that could wake and send your private key (and all the money behind it) to any developer or rogue party. And even if you wrote the code yourself, an internet connected device can be hacked.
- Hardware Wallet? Better -- Assuming that you trust the hardware wallet manufacturer not to send your keys to themselves, you still plug it into your computer that uses the internet and there are all sorts of ways to compromise that connection.
The only way to be "Trustless" is for your private keys to be generated and stored on a system that can't connect (and won't ever again connect) to the internet. In the past, this meant generating private keys on an offline system, and then storing them as paper wallets by printing or writing down the code and putting it into a safe for storage. While this method works okay for storing the money, when you need to make a transaction, then you must now scan your private key into some online system (creating an opportunity to have your keys stolen), and make the transfer into a newly generated private wallet because your old key is "compromised"
Frosty is a "Cold Wallet" for iPhone. Designed to be put on an old or unused iPhone that you can put into permanent Airplane Mode.
- Frosty uses the camera on your phone to scan in a private key that you generated or already have
- Frosty can also generate Bitcoin private keys on it's own
- Frosty stores the private keys encrypted on the already encrypted iPhone hardware (so if you lose physical control of the device the key cannot be compromised)
- Because the phone never connects to the internet (not even when doing utilizing your public key for transactions) you don't have to trust the code (though the code is open source anyway) -- Truly trustless
In order to send money you must create a transaction (which requires internet access to generate a transaction) and Broadcast that transaction (Also requiring internet access). Here's where Loki comes in. You can make a trustless transaction in a few steps.
- Scan your private key into Frosty the Wallet using phone camera (on a non-connected iPhone)
- Choose "Show Public Key" in Frosty and the Public key will display on your iPhone
- Scan the public key as the "From" address using laptop camera, or by manually typing key (safer) into Loki
- Scan or enter the public key for the "To" address into Loki
- Enter how much you want to send, and generate an "Unsigned" transaction. Loki will display this as a QR Code
- Choose "Sign Transaction" in Frosty Cold Wallet and scan in the QR Code for the transaction that was generated by Loki
- Frosty will now sign your transaction using your private key, and show a QR Code for the signed transaction on the iPhone screen
- Scan in your signed transaction to Loki and broadcast to bitcoin network
Savvy security folks might have noticed that since it's kind of hard for a human to read a QR code, Frosty could be sending your private key hidden in the signed transaction code and Loki could pick it up. Good on you. That vulnerability only works if both Loki and Frosty are colluding :) Which is why I encourage you to check out the source and launch your own version of Loki (either locally on your own laptop or using the Heroku button below).
