SeedSigner is the new cool kid on the block when it comes to DIY Bitcoin Hardware Wallets.

It’s a very interesting device that certainly does things differently compared to the other HWWs on the market.

Highlights:

• Cheap to make ~$50.
• QR communication between the device and the computer
• Non-persistent
• BYOE(Bring Your Own Entropy)
• General purpose hardware 

The project was “born” on the 14th of December 2020, but it started getting the most deserved attention recently.

Let’s start from zero and work our way to using the device so we can see what’s all the fuss about.

Preparation

The part list

• Raspberry Pi Zero(no Wifi)
• SD card
• Waveshare 1.3″ LCD
• AuviPal 5MP camera with OV5647 Sensor
• MakerHawk ribbon cable
• GPIO Hammer Header Male
• 4 x F-F M2.5 spacers 10mm; 
• 4x M2.5 pan head screws 6mm; 
• 4 x M2.5 pan head screws 12mm 
• 3D-printed case (I got mine from https://twitter.com/surfacePlasmon)^[1]Feel free to hit him up for any of your 3D-printing needs
• 1 joystick
• 3 x plastic buttons

Everything in the picture set me back around $100.
Worth mentioning that I did not try to get the cheapest options but the fastest, and some of the components were overpriced, I also went for the expensive case that was $35, the cheaper one goes for $10.
You should be able to get it down to $50.

After you get all the components we will need to download the operating system and burn it to the SDcard.

Image burning 

SeedSigner uses a modified version of Debian for Raspberry Pi.
Debian is a Linux distribution that only uses FOSS(Free and Open Source Software).

We can get the latest release from here: https://github.com/SeedSigner/seedsigner/releases
After we get the archived .img file we need to verify it.
The file is signed by the maintainer of the project,  and we will use his credential to verify the integrity of the file.
For this, we will be using GPG, which is a program that allows us to import the authors public keys and verify signatures.
This is present on all Linux operating systems and Mac(which is also Linux).
If not you can get it from here https://gpgtools.org/
Now we need SeedSigners GPG public key.

He has the key listed in multiple places.
Why, you ask?
Well, we are trying to make sure an attacker did not replace the file we want to burn on the SDcard with a malicious one, but if an attacker would be successful in compromising the place from where we get the files, of course, he would also change the public key with he’s one so we cant tell the file is fake.

That’s why you should ALWAYS check the key in multiple places.
You can find the key:

• On Twitter: https://twitter.com/SeedSigner
• On Telegram: ​​https://t.me/c/1469623205/6308 
• GitHub: https://github.com/SeedSigner/seedsigner/blob/main/seedsigner_pubkey.gpg 

So we will open a terminal and type in

curl -sS https://raw.githubusercontent.com/SeedSigner/seedsigner/main/seedsigner_pubkey.gpg | gpg --import

Now that we have the key imported into our keychain, let’s get the files from.
https://github.com/SeedSigner/seedsigner/releases

We will get 2 files:

• Seedsigner_0_4_4.img.zip – the archived image
• Seedsigner_0_4_4.img.zip.txt.gpg – the signature produced by the author.

The next command we will run will confirm the integrity of the file

gpg --verify seedsigner_0_4_4.img.zip.txt.gpg

We are looking for “Good signature”.
This is a confirmation that everything is ok.

Now that we know the .img is real, we can write it to the SDcard.
I am using balenaEtcher.
It’s a software that allows you to burn the .img file to the SDcard
Pretty straightforward forward you can use drag and drop.

Also, download this template from here and print it out. https://github.com/SeedSigner/seedsigner/blob/main/docs/24_word_seed.pdf
It will be useful later.

Now comes the fun part.

Assembly

Insert the solder-less Hammer Header in the GPIO pins. 
Apply pressure until they are in.

Even though this adds a bit to the cost of the device, it could still be worth it if you don’t already have a soldering iron and solder, and if you don’t plan to solder anything else in the future.

Also, fuck you soldering iron.

Insert the wide side of the ribbon cable(the one shaped like a trapezoid) into the AuviPal 5MP camera. 
Make sure the shiny contacts face the green circuit board.

Now take the narrower part of the ribbon cable and attach it to the Raspberry Pi Zero.
The same thing, shinny contacts need to face the green circuit board.

Now take the bottom part of the case and fit the camera in the camera holder.
Use a bit of pressure until you hear a click.

This is how it should look from behind.

Insert the SD card in the Pi.
Gently place the Pi over the camera.
Orient the Pi so that the ports fit in the port groves.

Place the 10mm F-F M2.5 spacer over the holes in the front.

Insert and tighten the 12mm M2.5 pan head screws from behind.

Repeat for all 4 holes.

Insert the Waveshare 1.3“ IPS LCD display into the GPIO pins.
The process should be very easy and straightforward as there is the same number of holes in the display as there are pins.

Using the 4 remaining 6mm M2.5 pan head screws secure the display by screwing in the 10mm F-F M2.5 spacers.

Place the Joystick and the 3 plastic buttons in the right holes.

Snap the bottom and upper part together.

And now the Assembly is done.

Usage

Power on

Before anything else, we need to plug it into a power source.

The whole idea behind SeedSigner is that it’s an air-gapped device, meaning that it’s isolated from any internet connection, this is where most of the security comes from.

The Raspberry Pi Zero has 2 ports, and the most left one ONLY allows power, so it’s perfectly safe to plug this into the USB of your computer if it’s easier.

Don’t worry if you don’t see anything on the screen, the device takes about 45 seconds to boot up.

Seed generation

We have 2 options available to generate a BIP39 seed: 

• Dice 
• Picture 

Both of these methods are great sources of entropy as they don’t depend on specialized hardware.

Most devices we use have special hardware that is used as sources of entropy, but most of them can’t really be audited, and this creates a big attack vector.
And even if someone does not try to mess with them there could be bugs.

This BYOE(Bring Your Own Entropy) approach is great as it completely eliminates these worries.
Good entropy(from a cryptographical POV) means that no one else can reproduce what you did, and the picture or a successive set 99 rolls of dice are really good for this.

We will be using the picture mode as it’s quite easy to do and takes less amount of time.
In the menu go to Seed Tools->Generate seed with Image
Point the camera at something and press the joystick.
If happy with the picture click accept.

Seed backup

Now take the template and write down the BIP39 words.
Pencil is preferred as it withstands the test of time better.

(scroll right with the joystick to advance)

After scrolling past the seed words you will see a QR code on the screen. 

The QR encodes the words in a more compact way and is easy to read for computers.
Even though not tangible for humans, it’s a great way to transfer information between devices and it has error correction.
You transfer the EXACT amount of information you want, which allows us to keep the device airgapped and avoid any malware being transmitted during communication.

By pressing on the joystick you will be taken into zoom mode.
Here you can use the joystick to navigate, the X&Y coordinates help you identify where you are on the QRcode.
Notice that this is the same as the QR present on the template.

You will start from position A1, that’s the upper-most left corner, and work your way around the QR.

I suggest using a pencil as graphite is resistant to ultraviolet radiation, moisture, and other chemicals making it great for long-term storage solutions.

Here is a speed-up video of me transcribing the BIP39 seed that’s encoded in a QR code to the template we downloaded earlier.

When done click Save Seed.

As the SS is completely non-persistent, meaning it does NOT store any information on the device, you will need to import your seed every time you want to make a transaction.
You can store the seed temporarily, but it will be wiped once the device reboots.

Getting the xPub

Next, we need to import the xPub on our computer.
This will give us access to all the addresses to receive funds in the future and check the stash without connecting the device.
We can generate any addresses we want in the future so we can receive funds, while the seed remains safe on the paper.

We will set up the wallet for single-signature use.

In the menu go to Settings->Script Policy->Single Sig Native Segwit
Return to the main menu.
Seed Tools -> xPub from Seed
Use the saved Seed.
Check if the words match with the backup
And pick SparrowWallet
You will be presented with a QR code on the SeedSigner, this is the xPub, that we will import on the computer.

Importing the xPub

We will be using Sparrow wallet.

By the way, my favorite Bitcoin app has been Electrum since the 1st day I got into Bitcoin.
It’s the swiss army knife light Bitcoin wallet that allows me to use my own server.

Well, Sparrow is a better version of that that also looks and feels very cool.
You can get it from here https://sparrowwallet.com/

In SparrowWallet, on your computer, create a new Airgapped Hardware Wallet.
Click the Scan button next to the SeedSigner icon and present the QR from the SeedSsigner to your camera.
When the QR is recognized the details will be filled in.
Set a password, and we can receive some coins.

Don’t worry if something does not make sense, you can get back to it later.

Receive Bitcoins

Next, we are going to receive some Bitcoins.

We can get a new address by clicking Get Next Address. Or select 1 from the Addresses tab.
The imported xPub allows the computer to calculate all the addresses that belong to the specific BIP39 seed.
In the video, I am sending 0.0001 BTC from the Trendon Shavers(imagine this is another person) wallet to the SeedSigner wallet.
This is a hot wallet setup on the computer.

Notice that in order to get a new address we did not need access to the SeedSigner.

Spending Bitcoin

Now we will be using the device for what it was created for, QR signing.

Btw, SeedSigner, the person behind the Twitter handle and the main maintainer of the projects prefers the terminology Optical Airgap Signing^[2]Pretentious bastard.

Now we will be sending the coins back to the same address we received it from.

In Sparrow wallet, we paste in the destination address and the amount, and the fee as we would do in any “normal” bitcoin wallet, and then we create the transaction.

The way Bitcoin works is that the construction of the transaction and the signing are separate steps. Usually, wallets abstract this away as they prioritize UX.

If we try to broadcast the transaction without signing it, the nodes will not find a valid signature and will not allow the coins to be spent, so we need to produce a signature.

We want to get the unsigned transaction onto the SeedSigner so it can sign it, and we will of course use QR codes again.
There is something different about these QR codes; they are animated.
Why?
Well because they need to send more information.
Imagine you have someone using sign language to communicate with someone else, if they want to say a long sentence they need multiple signs, one after the other.

In order to produce a signature, we need to use the private keys, which we have backed up on the paper in the form of a QR that represents the BIP39 words.
First, we will import the seed in the SeedSigner using the QR code we have on paper.
While doing so we double-check to make sure the words match.
After this, we will be asked to scan the PSBT QR. PSBT stands for Partially Signed Bitcoin Transaction, which is what the animated QR represents.

Now we point the SeedSigner at the computer screen.
As soon as this is done we are asked to confirm the details of the transaction.
After the confirmation, the SeedSigner signed the transaction^[3]Serving its existential purpose so now we have to pass the signed transaction back to the computer to broadcast it.

Of course, we will use an animated QR code again, but this time, we will be scanning with the camera of the computer from the SeedSigner.
After that is done we click broadcast and we see the transaction showing up on the block explorer.

Don’t worry if this is a bit confusing, I will promise you once you do it yourself once it’s less intimidating.

Review

General-purpose hardware 

The biggest selling point IMO is that the SeedSigner uses general-purpose hardware.

general-purpose > HWW

— Alex Waltz (@raw_avocado) October 9, 2021

Hardware wallets are a great invention, and for almost anyone, they increase the security of their Bitcoin stash by 100x compared to using your phone or the computer.
This is done by eliminating components that are not strictly needed for Bitcoin signing operations(software and hardware) and by segregating the device(some more than others) from the internet and other devices.

But in order to deliver such a device and enforce these restrictions, this means you have to create a device that’s designed for this specific purpose, meaning that this makes it an easy target for an attacker.
I mean pretty obvious that a Bitcoin device will be used for Bitcoin stuff.
These 3rd party attacks can range in different ways.

Your device can be intercepted and an attacker can plant things on it that could transmit information on the device or screw with the seed generation or even mess with the transaction creation process so that you send the coins to their address instead of your own.

There have been multiple attempts to solve this problem but I don’t think any of them is a real solution.
For example, a lot of hardware wallets seal the bags in which they save the device, this is TRIVIAL to open and reseal, if anything they offer a false sense of security.
(I do want to mention that the only real solution in this direction is offered by https://www.entropyseal.com/ but the product is currently just a prototype).

The hardware used for these devices can also be targeted in the factoring process or before implementing any variants of the above-mentioned attacks.
The truth is that even auditing the device is not as easy as you may think, even though wallets like the ColdCard try to mitigate these problems(transparent case, green light to give ok on the firmware)

Now, these may seem a bit tinfoil-hate things, but they are real concerns, and as Bitcoin rises in price the chance and incentive for them to happen scales proportionally with the price.

Aaaanyway, all of these worries are eliminated when you buy hardware that can be used for anything.
The chance of someone knowing that you will use a Raspberry Pi Zero, that it’s used for 10,000 other things, as a Bitcoin Hardware Wallet is almost 0.

I think people in the space have got to a point where they think that HWWs are a silver bullet and don’t realize that all that security you get comes with trade-offs.

Bring Your Own Entropy – BYOE

Your private key is entropy.
Entropy means randomness, disorder, and the reason why this is important propriety for the private keys is that if someone wants to guess it, the only solution is to go through all the possibilities of private keys that there are.
And trust me there are a LOT, ’bout 2²⁵⁶ ~ as many atoms there are in the visible universe.
This is what we call needle-in-haystack-technology.

The topic of entropy is very vast and deserves an article of its own(maybe a video of its own ;)) , but usually, we have some specific hardware dedicated to this purpose.
Most of this hardware is not auditable, and even though on paper some of them are open, you can really check under the hood and see what you got there.

The SeedSigner again eliminates this worry completely by ONLY allowing you to use your own entropy.
The dice rolls option is also supported by the ColdCard and is a great way, but a bit time-consuming.
The picture option also is great, as it’s almost impossible to get the same picture 2 times.
Even though it might look like 2 pictures are the same to you, they are not. 
Even the smallest variations in light and angle will bring another picture.
On top of that, all the cameras also detect small radiations that are TRULY random and thus add to the total entropy of the picture.

Using an Operating System

Most of the hardware wallets use microcontrollers, which means that they are very small computers that have most of their components under 1 single chip.
As you can imagine these computers are very dumb and weak, but this lowers the attack surface.
Also, most of the HWW runs the programs that do the Bitcoin operations straight on the bare metal.

As I mentioned the device takes 45 seconds to boot up, this is because it needs to boot up a full operating system the same as your laptop.
The SeedSigner uses the RaspberyPi version of Debian, which even though is a stripped-down version of Debian, still has a LOT of things inside it, which means attack surfaces.
Worth mentioning that the whole philosophy behind Debian is to use ONLY Free and Open Source Software.

The device is of course completely air-gapped, so these attacks are kinda nullified.

But still adds to big boot time.
There are conversations regarding easy improvements of the boot time, and someone is even working on a custom Kernel, so keep an eye out for this.

The Bitcoin stuff added on top of the OS is very minimal and is written in Python, and uses well-reviewed libraries, and is very minimal code, which makes it pretty easy to look through and see how the sausages are made, this coming from someone that’s not a developer.

Navigation

Navigation on the device is a bit clunky and I would love to see the use of the right buttons as that feels the natural way to use the device.

Also, I would like to jump back and forward between menus using the joystick.
This is a very easy fix and it will be present in future updates.

Keyth is already working on a new UI for the menu which is currently being tested.

Update: It ain't pretty (the live preview scanning UI nor the internal code) but it IS scanning my seed QR!

How about that new @SeedSigner Home screen UI though?! 😍😍 pic.twitter.com/vRXOzg5w5E

— Keith Mukai (@KeithMukai) October 16, 2021

QR seeds

Even though this is a security product UX is still crucial, if the solution is too inconvenient it will not be used by anyone, or even put people off while trying it.

The transcribing of the QR code took me literally one full hour.
Truth be told it would have gone faster if I used a sharpie, but as I mentioned that’s not the best for long-term storage.
Some people use a sharpie and then vacuum seal the paper, but that’s just another level of inconvenience and requires additional stuff, so no thanks.

I’ve also been told that the process can be nailed with a sharpie down to 5 minutes after practice. But if you need to practice to get this going, then this is a bad process for the start.

I honestly feel that this is a solution for a problem that should not exist in the 1st place.
The Raspberry Pi Zero does not have any storage device, so there is no place to store the device except on the SDcard which is used to run the OS.

I do know they are also working on improving this and allowing for SDcard backups, so stay tuned. 👀

Keith is the one that came up with this idea to encode the BIP39 seeds as a QR code, and you have to admit this is a pretty clever and creative idea.
And considering where the project currently is, definitely makes things better than the alternative of importing it using the virtual keyboard.
But compared to the other HWW it’s not 10 times better, which is how I judge things when I see a new product on the market.

A plain text electronic backup is better than a plaintext paper backup, as even if you have the seed in plain text on the SDcard, you still need the additional step to insert the SDcard into a computer in order to read it, nevermind the fact that you can encrypt it.

Residue QR on the screen 

This is not something to worry about, but it’s something I noticed, and I thought I’d mention it, as the device is advertised as stateless.

If you plug out the power supply while the QR is visible on the screen when powering it up again, during the 45-second boot you can see the residue of the QR.
Worth noting this is not the proper way to turn off the device, as it has a full OS running on it. That’s why there is a Shutdown option from the menu.

But if I naturally did this I can imagine other people will also.

This of course only “leaks” your xPub, so it can be a privacy concern if anything, and again someone needs to have your device, so not a major issue.

When I brought this up in the Telegram group, it turned out it was a known issue, and there is a fix for it, a screen saver.

Keith strikes again.

Saturday @SeedSigner screensaver serenity. So soothing.

(early demo, not actually functioning as a screensaver yet) pic.twitter.com/7eH0boYJDD

— Keith Mukai (@KeithMukai) September 11, 2021

Conclusions

Even though I had some criticisms of the SeedSigner I still think it’s a GREAT device and offers a good and new set of trade-offs.

The device is recommended to be used as 1 or more signature of a multi-sig quorum and the whole point is to use different devices from different vendors with different trade-offs and risk models, and the SeedSigner brings this variety.

Looking at how the project evolved I see a good trajectory and keep in mind this is a very YOUNG project.

The fact that the project combines general-purpose hardware and BYOE(Bring Your Own Entropy) makes this device very attractive to me and screams trust minimization and no targeted 3rd party attacks.

All the interactions I had with people working on the project were great.
And by that, I don’t mean nice(which they also were), as that does not really matter, I mean that every concern and question I had was always answered in a straightforward and honest manner.
That matters a LOT for me.

The device is perfect for someone that’s a beginner and wants to learn how Bitcoin works under the hood.
The project is VERY easy to put together, and because all the steps in a transaction are broken up you get to do them separately manually, you get to look under the hood.

Anyway let me know what you thought about my review and if you have any trouble while making your own you can shoot me a DM on Twitter https://twitter.com/raw_avocado but I suggest also checking out the Telegram group https://t.me/joinchat/GHNuc_nhNQjLPWsS