Glacier: A Protocol for the Rich and Paranoid
How can you securely store bitcoin? The Glacier Protocol is a step by step guide how you can generate a paper wallet that eliminates every known attack.
For everybody who invests a significant amount of money in bitcoin, the proper storage of the coins is a crucial and terrifying topic. Nearly nobody is prepared to store the keys for bitcoin securely on its own system. At least not as secure as amounts over $100,000 require. Who if not a security engineer has the knowledge to know how to do this securely? Who if not a paranoid can imagine all the possible attacks on the vault?
James Hogan and Jacob Lyles invented the Glacier Protocol to help anybody to securely store large sums of bitcoin without attending classes of computer security at a university.
The Glacier Protocol is not written for everybody. If you do not have a significant amount of funds, if you want to access them frequently and do not want to invest one day of work and several hundred dollars in hardware, then you are not the audience for it. The Glacier Protocol is only made for you, if you want to store a huge chunk of money, something like $100,000 or more, with a substantial degree of security for a very long time, and if you want to eliminate any attack, a genuinely paranoid mind can imagine.
Are you afraid that the newly bought computer saves your key? That you neighbor spies on you with a glass? That a hacker has trojaned your smartphone’s camera? That your computer shows you wrong, insecure keys instead of the right ones? Yes? Then the Glacier Protocol is made for you, and you will enjoy it as a masterpiece in the art of security.
The Blocks of the Protocol
First of all, let us talk about the fundamental principles. The only goal the protocol aims to achieve is to generate stone secure private keys for addresses, bring them on paper, eliminate every spur of the key for once and for all. In essence, it makes sure that there is no spy and no hacker who watches you while doing this so that you can transfer funds to the address corresponding with this key.
A second key principle is MultiSig (multi-signature); this means that the funds on an address can only be redeemed if the transaction is signed by several keys. Using the recommended “two of four” script – that two of four keys have to sign – has several advantages. You have a backup if you lose one or two keys, and a thief cannot access your funds if they steal one key.
Second, the hardware. Security has its price, and with the Glacier Protocol, you need to invest several hundred dollars in hardware. You need a “Setup System which has contact to the internet,” and you need a so-called “Quarantine System,” which is an unboxed Laptop that never gets in contact with the Internet. Not before, and not after it creates the key.
But that is not all. Since there are attacks which subvert the process of the generation of sensitive data to make it less secure, the Glacier Protocol requires the use of parallel hardware stacks. Every operation must be done on two system from different manufacturers. So you have to buy it twice.
Third, the protocol. Glacier recommends spending around one day of time to work carefully through the protocol, step by step. Every operation is at risk that something goes wrong if you don’t pedantically follow the protocol. So if you want to use Glacier, you must use the protocol, which can be downloaded on the website.
Step by Step to your Bitcoin Vault
Here we only give a preview, so that you know, what you can expect of it. A detailed guide in the pdf explains every step, including lines of code to type in the console.
Step One: Check if the pdf with the Protocol is authentic. Look at the PGP fingerprint on the website of Glacier, compare it with the entry on key base and validate it with GPG. Only this guarantees that no attacker has changed the protocol, which would make the whole process fundamentally flawed.
Step Two: Prepare the hardware. Remove the WiFi-card of the Quarantine systems physically. Run Anti-Virus Programs on the Boot Systems, download a bootable version of Ubuntu, check the PGP key of Ubuntu, install it on both the Quarantine systems, check the integrity of the systems.
Step Three: Kill any possibility of so-called Side-Channel Attacks, which refers to the physical surveillance of activity on your computer. Make sure you are alone. Close the doors and windows. Use a noise-resistant room. Shut down your Smartphone and any other device with cameras and microphones. To even make sure that there is no spy attack through the power socket, load your Quarantine-laptops and run them solely on battery.
Step Four: Create the private keys. Download the Glacier Software, check PGP, copy it on the Quarantine Laptops, check PGP on both systems again. Then generate entropy with the help of die. Throw them 62 times, one by one. Type it in a file, use the Glacier Software to generate private keys and addresses. Check, if the keys are identical on both systems.
Step Five: Transfer the private keys on paper. Do not take a picture or use a QR-Code. Write them down, by hand. Be careful; private keys are case sensitive. Write as clearly as you can. Use a permanent marker. Write only one key on a page. Make sure no camera watches you. After you have done it, check twice if the key is written correctly. Then delete it and the entropy.
Step Six: Make a picture of the addresses with a smartphone. Transfer the addresses on the computers connected to the internet using the USB sticks. Compare it with the picture on the smartphone. Check it twice or more to make sure that it is the correct address.
Step Seven: Transfer the bitcoin you may have bought on an exchange to the address. The address you saved is your vault. Forever.
Step Eight: Save the keys on distributed storages and do everything you think is helpful. If you trust some people, give them parts of them. If you have a testament, write the places of the keys in it.
If you have done all this, strictly complying with the Glacier Protocol, you will have a very, very safe bitcoin vault. The protocol also explains in detail how you can access your funds, but this is another story.